[enhancement] ForwardAuth OAuth provider that support insecure tls certificates #1024
Comments
|
In the meantime, we should put a notice in the docs saying that using lets-encrypt for generating the certs would be the recommended way for a fresh install... @costrouc what do you think? |
|
I'm also using To work around that issue I add our CA to a custom built image. I also have to build from thomseddon/traefik-forward-auth#49 (comment) as otherwise you can't use it for anything with a path prefix :/ I don't think it's fit for production as-is; particularly being a security sensitive component - you want something well maintained. So, I'm considering alternative options to provide Azure AD auth for our traefik ingress. I'll check out |
Our infra is in a pretty locked down private network so using Lets Encrypt was a non-starter for us. |
|
@dhirschfeld thanks for joining in the conversation. Yes I agree and do see some issues using this project long term. We will be talking this issue in around 3 months or so. We will make sure to update this issue on what we find. |
Thanks! I'm doing some similar stuff to |
trallard
added
impact: high 🟥
|
I wonder if moving to OAuth2Proxy would resolve this? @viniciusdc perhaps you know? |
dcmcand
added
the
needs: investigation 🔍
Description
This issue was discovered in #1017. It is related to an issue with traefik forward auth thomseddon/traefik-forward-auth#122. This limits our forward auth to only working with trusted domains. We need to discuss and decide if we stick with traefik forward auth or move towards a more adopted forward auth e.g. https://github.com/oauth2-proxy/oauth2-proxy.
Value/benefit
Transparent authentication is more transparent.
The text was updated successfully, but these errors were encountered: