outposts/proxy: fix securecookie: no codecs provided error with redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-09-09 10:23:46 +02:00
parent eb2540a3c8
commit 4c3a9e69f2
5 changed files with 20 additions and 8 deletions

View file

@ -4,6 +4,7 @@ import (
"fmt"
"net/url"
"os"
"strconv"
log "github.com/sirupsen/logrus"
@ -20,7 +21,8 @@ Required environment variables:
- AUTHENTIK_INSECURE: Skip SSL Certificate verification
Optionally, you can set these:
- AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST`
- AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST
- AUTHENTIK_PORT_OFFSET: Offset to add to the listening ports, i.e. value of 100 makes proxy listen on 9100`
func main() {
log.SetLevel(log.DebugLevel)
@ -36,6 +38,15 @@ func main() {
fmt.Println(helpMessage)
os.Exit(1)
}
portOffset := 0
portOffsetS := os.Getenv("AUTHENTIK_PORT_OFFSET")
if portOffsetS != "" {
v, err := strconv.Atoi(portOffsetS)
if err != nil {
fmt.Println(err.Error())
}
portOffset = v
}
akURLActual, err := url.Parse(akURL)
if err != nil {
@ -49,7 +60,7 @@ func main() {
ac := ak.NewAPIController(*akURLActual, akToken)
ac.Server = proxyv2.NewProxyServer(ac)
ac.Server = proxyv2.NewProxyServer(ac, portOffset)
err = ac.Start()
if err != nil {

View file

@ -99,7 +99,7 @@ func attemptProxyStart(ws *web.WebServer, u *url.URL) {
}
continue
}
srv := proxyv2.NewProxyServer(ac)
srv := proxyv2.NewProxyServer(ac, 0)
ws.ProxyServer = srv
ac.Server = srv
log.WithField("logger", "authentik").Debug("attempting to start outpost")

View file

@ -31,7 +31,6 @@ type WebConfig struct {
ListenTLS string `yaml:"listen_tls"`
LoadLocalFiles bool `yaml:"load_local_files" env:"AUTHENTIK_WEB_LOAD_LOCAL_FILES"`
DisableEmbeddedOutpost bool `yaml:"disable_embedded_outpost" env:"AUTHENTIK_WEB__DISABLE_EMBEDDED_OUTPOST"`
OutpostPortOffset int `yaml:"outpost_port_offset"`
}
type PathsConfig struct {

View file

@ -5,6 +5,7 @@ import (
"strconv"
"github.com/gorilla/sessions"
log "github.com/sirupsen/logrus"
"goauthentik.io/api"
"goauthentik.io/internal/config"
"gopkg.in/boj/redistore.v1"
@ -13,15 +14,17 @@ import (
func GetStore(p api.ProxyOutpostConfig) sessions.Store {
var store sessions.Store
if config.G.Redis.Host != "" {
rs, err := redistore.NewRediStoreWithDB(10, "tcp", fmt.Sprintf("%s:%d", config.G.Redis.Host, config.G.Redis.Port), config.G.Redis.Password, strconv.Itoa(config.G.Redis.OutpostSessionDB))
rs, err := redistore.NewRediStoreWithDB(10, "tcp", fmt.Sprintf("%s:%d", config.G.Redis.Host, config.G.Redis.Port), config.G.Redis.Password, strconv.Itoa(config.G.Redis.OutpostSessionDB), []byte(*p.CookieSecret))
if err != nil {
panic(err)
}
rs.Options.Domain = *p.CookieDomain
log.Info("using redis session backend")
store = rs
} else {
cs := sessions.NewCookieStore([]byte(*p.CookieSecret))
cs.Options.Domain = *p.CookieDomain
log.Info("using cookie session backend")
store = cs
}
return store

View file

@ -14,7 +14,6 @@ import (
"github.com/pires/go-proxyproto"
log "github.com/sirupsen/logrus"
"goauthentik.io/api"
"goauthentik.io/internal/config"
"goauthentik.io/internal/crypto"
"goauthentik.io/internal/outpost/ak"
"goauthentik.io/internal/outpost/proxyv2/application"
@ -36,7 +35,7 @@ type ProxyServer struct {
akAPI *ak.APIController
}
func NewProxyServer(ac *ak.APIController) *ProxyServer {
func NewProxyServer(ac *ak.APIController, portOffset int) *ProxyServer {
l := log.WithField("logger", "authentik.outpost.proxyv2")
defaultCert, err := crypto.GenerateSelfSignedCert()
if err != nil {
@ -55,7 +54,7 @@ func NewProxyServer(ac *ak.APIController) *ProxyServer {
globalMux.Use(web.NewLoggingHandler(l.WithField("logger", "authentik.outpost.proxyv2.http"), nil))
s := &ProxyServer{
Listen: "0.0.0.0:%d",
PortOffset: config.G.Web.OutpostPortOffset,
PortOffset: portOffset,
cryptoStore: ak.NewCryptoStore(ac.Client.CryptoApi),
apps: make(map[string]*application.Application),