outpost/embedded: use redis session backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
3eafa4711e
commit
e02207f38d
|
@ -20,6 +20,7 @@ redis:
|
|||
cache_db: 0
|
||||
message_queue_db: 1
|
||||
ws_db: 2
|
||||
outpost_session_db: 3
|
||||
cache_timeout: 300
|
||||
cache_timeout_flows: 300
|
||||
cache_timeout_policies: 300
|
||||
|
|
|
@ -7,6 +7,23 @@ type Config struct {
|
|||
Paths PathsConfig `yaml:"paths"`
|
||||
LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"`
|
||||
ErrorReporting ErrorReportingConfig `yaml:"error_reporting"`
|
||||
Redis RedisConfig `yaml:"redis"`
|
||||
}
|
||||
|
||||
type RedisConfig struct {
|
||||
Host string `yaml:"host" env:"AUTHENTIK_REDIS__HOST"`
|
||||
Port int `yaml:"port" env:"AUTHENTIK_REDIS__PORT"`
|
||||
Password string `yaml:"password" env:"AUTHENTIK_REDIS__PASSWORD"`
|
||||
TLS bool `yaml:"tls" env:"AUTHENTIK_REDIS__TLS"`
|
||||
TLSReqs string `yaml:"tls_reqs" env:"AUTHENTIK_REDIS__TLS_REQS"`
|
||||
CacheDB int `yaml:"cache_db" env:"AUTHENTIK_REDIS__CACHE_DB"`
|
||||
MessageQueueDB int `yaml:"message_queue_db" env:"AUTHENTIK_REDIS__MESSAGE_QUEUE_DB"`
|
||||
WSDB int `yaml:"ws_db" env:"AUTHENTIK_REDIS__WS_DB"`
|
||||
OutpostSessionDB int `yaml:"outpost_session_db" env:"AUTHENTIK_REDIS__OUTPOST_SESSION_DB"`
|
||||
CacheTimeout int `yaml:"cache_timeout" env:"AUTHENTIK_REDIS__CACHE_TIMEOUT"`
|
||||
CacheTimeoutFlows int `yaml:"cache_timeout_flows" env:"AUTHENTIK_REDIS__CACHE_TIMEOUT_FLOWS"`
|
||||
CacheTimeoutPolicies int `yaml:"cache_timeout_policies" env:"AUTHENTIK_REDIS__CACHE_TIMEOUT_POLICIES"`
|
||||
CacheTimeoutReputation int `yaml:"cache_timeout_reputation" env:"AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION"`
|
||||
}
|
||||
|
||||
type WebConfig struct {
|
||||
|
|
|
@ -1,9 +1,13 @@
|
|||
package proxy
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
|
||||
"goauthentik.io/internal/config"
|
||||
)
|
||||
|
||||
func getCommonOptions() *options.Options {
|
||||
|
@ -16,5 +20,20 @@ func getCommonOptions() *options.Options {
|
|||
commonOpts.Logging.SilencePing = true
|
||||
commonOpts.SetAuthorization = false
|
||||
commonOpts.Scope = "openid email profile ak_proxy"
|
||||
if config.G.Redis.Host != "" {
|
||||
protocol := "redis"
|
||||
if config.G.Redis.TLS {
|
||||
protocol = "rediss"
|
||||
}
|
||||
url := fmt.Sprintf("%s://@%s:%d/%d", protocol, config.G.Redis.Host, config.G.Redis.Port, config.G.Redis.OutpostSessionDB)
|
||||
log.WithField("url", url).Info("Using redis session backend")
|
||||
commonOpts.Session.Redis = options.RedisStoreOptions{
|
||||
ConnectionURL: url,
|
||||
Password: config.G.Redis.Password,
|
||||
}
|
||||
if config.G.Redis.TLSReqs != "" {
|
||||
commonOpts.Session.Redis.InsecureSkipTLSVerify = true
|
||||
}
|
||||
}
|
||||
return commonOpts
|
||||
}
|
||||
|
|
|
@ -29,6 +29,7 @@ All of these variables can be set to values, but you can also use a URI-like for
|
|||
- `AUTHENTIK_REDIS__CACHE_DB`: Database for caching, defaults to 0
|
||||
- `AUTHENTIK_REDIS__MESSAGE_QUEUE_DB`: Database for the message queue, defaults to 1
|
||||
- `AUTHENTIK_REDIS__WS_DB`: Database for websocket connections, defaults to 2
|
||||
- `AUTHENTIK_REDIS__OUTPOST_SESSION_DB`: Database for sessions for the embedded outpost, defaults to 3
|
||||
- `AUTHENTIK_REDIS__CACHE_TIMEOUT`: Timeout for cached data until it expires in seconds, defaults to 300
|
||||
- `AUTHENTIK_REDIS__CACHE_TIMEOUT_FLOWS`: Timeout for cached flow plans until they expire in seconds, defaults to 300
|
||||
- `AUTHENTIK_REDIS__CACHE_TIMEOUT_POLICIES`: Timeout for cached polices until they expire in seconds, defaults to 300
|
||||
|
|
Reference in a new issue