example docker compose

docker-compose-oauth2.yaml

@@ -0,0 +1,47 @@
+version: '3.9'
+
+services:
+  wgui:
+    container_name: wgui
+    image: wireguard-ui:latest
+    read_only: true
+    environment:
+      - DISABLE_LOGIN=true
+    logging:
+      driver: json-file
+      options:
+        max-size: 50m
+    volumes:
+      - ./db:/app/db
+      - ./wireguard:/etc/wireguard
+
+  oauth2-proxy:
+    container_name: wg-oauth2-proxy
+    image: quay.io/oauth2-proxy/oauth2-proxy:latest
+    read_only: true
+    command:
+      --provider="oidc"
+      --client-id="$CLIENT_ID"
+      --client-secret="$CLIENT_SECRET"
+      --login-url=https://$AUTH_SERVER/auth/realms/$REALM/protocol/openid-connect/auth
+      --redeem-url=https://$AUTH_SERVER/auth/realms/$REALM/protocol/openid-connect/token
+      --profile-url=https://$AUTH_SERVER/auth/realms/$REALM/protocol/openid-connect/userinfo
+      --validate-url=https://$AUTH_SERVER/auth/realms/$REALM/protocol/openid-connect/userinfo
+      --oidc-jwks-url=https://$AUTH_SERVER/auth/realms/$REALM/protocol/openid-connect/certs
+      --oidc-issuer-url=https://$AUTH_SERVER/auth/realms/$REALM
+      --http-address=0.0.0.0:5000
+      --cookie-secret="$COOKIE_SECRET"
+      --cookie-secure="false"
+      --email-domain=*
+      --upstream=http://wgui:5000/
+      --redirect-url=http://localhost:5000/oauth2/callback
+      --reverse-proxy="false"
+      --scope="openid email profile"
+      --pass-user-headers="true"
+      --pass-access-token="true"
+      --pass-authorization-header="true"
+      --set-authorization-header="true"
+      --set-xauthrequest="true"
+    hostname: oauth2-proxy
+    ports:
+      - 5000:5000/tcp