outpost/embedded: use redis session backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
3eafa4711e
commit
e02207f38d
|
@ -20,6 +20,7 @@ redis:
|
||||||
cache_db: 0
|
cache_db: 0
|
||||||
message_queue_db: 1
|
message_queue_db: 1
|
||||||
ws_db: 2
|
ws_db: 2
|
||||||
|
outpost_session_db: 3
|
||||||
cache_timeout: 300
|
cache_timeout: 300
|
||||||
cache_timeout_flows: 300
|
cache_timeout_flows: 300
|
||||||
cache_timeout_policies: 300
|
cache_timeout_policies: 300
|
||||||
|
|
|
@ -7,6 +7,23 @@ type Config struct {
|
||||||
Paths PathsConfig `yaml:"paths"`
|
Paths PathsConfig `yaml:"paths"`
|
||||||
LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"`
|
LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"`
|
||||||
ErrorReporting ErrorReportingConfig `yaml:"error_reporting"`
|
ErrorReporting ErrorReportingConfig `yaml:"error_reporting"`
|
||||||
|
Redis RedisConfig `yaml:"redis"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type RedisConfig struct {
|
||||||
|
Host string `yaml:"host" env:"AUTHENTIK_REDIS__HOST"`
|
||||||
|
Port int `yaml:"port" env:"AUTHENTIK_REDIS__PORT"`
|
||||||
|
Password string `yaml:"password" env:"AUTHENTIK_REDIS__PASSWORD"`
|
||||||
|
TLS bool `yaml:"tls" env:"AUTHENTIK_REDIS__TLS"`
|
||||||
|
TLSReqs string `yaml:"tls_reqs" env:"AUTHENTIK_REDIS__TLS_REQS"`
|
||||||
|
CacheDB int `yaml:"cache_db" env:"AUTHENTIK_REDIS__CACHE_DB"`
|
||||||
|
MessageQueueDB int `yaml:"message_queue_db" env:"AUTHENTIK_REDIS__MESSAGE_QUEUE_DB"`
|
||||||
|
WSDB int `yaml:"ws_db" env:"AUTHENTIK_REDIS__WS_DB"`
|
||||||
|
OutpostSessionDB int `yaml:"outpost_session_db" env:"AUTHENTIK_REDIS__OUTPOST_SESSION_DB"`
|
||||||
|
CacheTimeout int `yaml:"cache_timeout" env:"AUTHENTIK_REDIS__CACHE_TIMEOUT"`
|
||||||
|
CacheTimeoutFlows int `yaml:"cache_timeout_flows" env:"AUTHENTIK_REDIS__CACHE_TIMEOUT_FLOWS"`
|
||||||
|
CacheTimeoutPolicies int `yaml:"cache_timeout_policies" env:"AUTHENTIK_REDIS__CACHE_TIMEOUT_POLICIES"`
|
||||||
|
CacheTimeoutReputation int `yaml:"cache_timeout_reputation" env:"AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type WebConfig struct {
|
type WebConfig struct {
|
||||||
|
|
|
@ -1,9 +1,13 @@
|
||||||
package proxy
|
package proxy
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
|
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
|
||||||
|
"goauthentik.io/internal/config"
|
||||||
)
|
)
|
||||||
|
|
||||||
func getCommonOptions() *options.Options {
|
func getCommonOptions() *options.Options {
|
||||||
|
@ -16,5 +20,20 @@ func getCommonOptions() *options.Options {
|
||||||
commonOpts.Logging.SilencePing = true
|
commonOpts.Logging.SilencePing = true
|
||||||
commonOpts.SetAuthorization = false
|
commonOpts.SetAuthorization = false
|
||||||
commonOpts.Scope = "openid email profile ak_proxy"
|
commonOpts.Scope = "openid email profile ak_proxy"
|
||||||
|
if config.G.Redis.Host != "" {
|
||||||
|
protocol := "redis"
|
||||||
|
if config.G.Redis.TLS {
|
||||||
|
protocol = "rediss"
|
||||||
|
}
|
||||||
|
url := fmt.Sprintf("%s://@%s:%d/%d", protocol, config.G.Redis.Host, config.G.Redis.Port, config.G.Redis.OutpostSessionDB)
|
||||||
|
log.WithField("url", url).Info("Using redis session backend")
|
||||||
|
commonOpts.Session.Redis = options.RedisStoreOptions{
|
||||||
|
ConnectionURL: url,
|
||||||
|
Password: config.G.Redis.Password,
|
||||||
|
}
|
||||||
|
if config.G.Redis.TLSReqs != "" {
|
||||||
|
commonOpts.Session.Redis.InsecureSkipTLSVerify = true
|
||||||
|
}
|
||||||
|
}
|
||||||
return commonOpts
|
return commonOpts
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,6 +29,7 @@ All of these variables can be set to values, but you can also use a URI-like for
|
||||||
- `AUTHENTIK_REDIS__CACHE_DB`: Database for caching, defaults to 0
|
- `AUTHENTIK_REDIS__CACHE_DB`: Database for caching, defaults to 0
|
||||||
- `AUTHENTIK_REDIS__MESSAGE_QUEUE_DB`: Database for the message queue, defaults to 1
|
- `AUTHENTIK_REDIS__MESSAGE_QUEUE_DB`: Database for the message queue, defaults to 1
|
||||||
- `AUTHENTIK_REDIS__WS_DB`: Database for websocket connections, defaults to 2
|
- `AUTHENTIK_REDIS__WS_DB`: Database for websocket connections, defaults to 2
|
||||||
|
- `AUTHENTIK_REDIS__OUTPOST_SESSION_DB`: Database for sessions for the embedded outpost, defaults to 3
|
||||||
- `AUTHENTIK_REDIS__CACHE_TIMEOUT`: Timeout for cached data until it expires in seconds, defaults to 300
|
- `AUTHENTIK_REDIS__CACHE_TIMEOUT`: Timeout for cached data until it expires in seconds, defaults to 300
|
||||||
- `AUTHENTIK_REDIS__CACHE_TIMEOUT_FLOWS`: Timeout for cached flow plans until they expire in seconds, defaults to 300
|
- `AUTHENTIK_REDIS__CACHE_TIMEOUT_FLOWS`: Timeout for cached flow plans until they expire in seconds, defaults to 300
|
||||||
- `AUTHENTIK_REDIS__CACHE_TIMEOUT_POLICIES`: Timeout for cached polices until they expire in seconds, defaults to 300
|
- `AUTHENTIK_REDIS__CACHE_TIMEOUT_POLICIES`: Timeout for cached polices until they expire in seconds, defaults to 300
|
||||||
|
|
Reference in a new issue