https://github.com/arulrajnet/traefik-oidc-example
This is a simple example demonstrating how to use Traefik with OIDC authentication using the traefik-oidc plugin.
https://github.com/arulrajnet/traefik-oidc-example
example traefik traefik-oidc traefik-plugin
Last synced: 3 months ago
JSON representation
This is a simple example demonstrating how to use Traefik with OIDC authentication using the traefik-oidc plugin.
- Host: GitHub
- URL: https://github.com/arulrajnet/traefik-oidc-example
- Owner: arulrajnet
- License: mit
- Created: 2025-07-13T04:37:22.000Z (7 months ago)
- Default Branch: main
- Last Pushed: 2025-07-13T04:43:51.000Z (7 months ago)
- Last Synced: 2025-07-13T06:33:23.511Z (7 months ago)
- Topics: example, traefik, traefik-oidc, traefik-plugin
- Homepage:
- Size: 32.2 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Traefik OIDC Example
This is a simple example demonstrating how to use Traefik with OIDC authentication using the `traefik-oidc` plugin.
## Features
- **Traefik Proxy**: Traefik with SSL self-signed certificates.
- **OIDC Authentication**: Using the `github.com/lukaszraczylo/traefikoidc` plugin
- **Whoami Service**: Simple upstream service protected by OIDC authentication
- **Environment Configuration**: All OIDC settings loaded from `.env` file
## Architecture
## Setup Instructions
### 1. Configure OIDC Provider
Edit the `.env` file and replace the placeholder values with your actual OIDC provider details:
```bash
# Example for Auth0
OIDC_PROVIDER_URL=https://your-tenant.auth0.com
OIDC_CLIENT_ID=your-auth0-client-id
OIDC_CLIENT_SECRET=your-auth0-client-secret
# Example for Keycloak
OIDC_PROVIDER_URL=https://your-keycloak.com/auth/realms/your-realm
OIDC_CLIENT_ID=your-keycloak-client-id
OIDC_CLIENT_SECRET=your-keycloak-client-secret
# Example for Google
OIDC_PROVIDER_URL=https://accounts.google.com
OIDC_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
OIDC_CLIENT_SECRET=your-google-client-secret
```
### 2. Configure Redirect URIs
In your OIDC provider settings, make sure to configure the following redirect URIs:
- `https://localhost/oauth2/callback`
- `https://localhost/oauth2/logout`
### 3. Generate Session Encryption Key
Generate a 32-character encryption key for session encryption:
```bash
openssl rand -hex 16
```
Update the `OIDC_SESSION_ENCRYPTION_KEY` in your `.env` file with this value.
### 4. Start the Services
```bash
docker-compose up -d
```
### 5. Access the Application
1. Open your browser and navigate to `https://localhost/`
2. You will be redirected to your OIDC provider for authentication
3. After successful login, you'll be redirected back and see the whoami service response
## Endpoints
- **Application**: `https://localhost/` (protected by OIDC)
- **OIDC Callback**: `https://localhost/oauth2/callback`
- **Logout**: `https://localhost/oauth2/logout`
## Plugin Configuration
The [OIDC plugin](https://github.com/lukaszraczylo/traefikoidc) supports various configuration options:
- `providerURL`: Your OIDC provider URL
- `clientID`: Your OIDC client ID
- `clientSecret`: Your OIDC client secret
- `callbackURL`: OAuth2 callback path
- `logoutURL`: OAuth2 logout path
- `postLogoutRedirectURI`: Where to redirect after logout
- `sessionEncryptionKey`: Key for encrypting session data
- `scopes`: OIDC scopes to request
- `forceHTTPS`: Force HTTPS for secure communication
## Cleanup
To stop and remove all containers:
```bash
docker-compose down -v
```
## Author
Arul
