NGINX Proxy Manager OAUTH2-PROXY

services:
  oauth2-proxy:
    container_name: oauth2-proxy
    image: containerinfra/oauth2-proxy:7.9.0
    command: --config /oauth2-proxy.cfg
    hostname: oauth2-proxy
    volumes:
      - "./config/templates:/templates"
      - "./config/oauth2-proxy.cfg:/oauth2-proxy.cfg"
    restart: unless-stopped
    environment:
      - VIRTUAL_HOST=auth.pknw1.co.uk
      - VIRTUAL_PORT=4180
      - OAUTH2_PROXY_SESSION_STORE_TYPE=redis
      - OAUTH2_PROXY_REDIS_CONNECTION_URL=redis://redis:6379/0

    ports:
      - 172.22.20.1:4180:4180/tcp
    networks:
      - proxy
  httpbin:
    container_name: httpbin
    image: kennethreitz/httpbin
    networks:
      - proxy
      
networks:
  proxy:
    external: true

# oauth2-proxy/config/oauth2-proxy.cfg
http_address="0.0.0.0:4180"
cookie_secret="Cdi_xZhKsDD6rZ0rAK1_sqaOURIGLOKc1jambaMXsbo="
email_domains="*"
cookie_secure="true"
upstreams="http://httpbin"
cookie_domains=["pknw1.co.uk"] # Required so cookie can be read on all subdomains.
reverse_proxy=true
redirect_url="https://auth.pknw1.co.uk/oauth2/callback"
whitelist_domains=[".pknw1.co.uk","login.microsoft.com/cba96ffb-1e39-43b3-ac3a-6da3757ce415/oauth2/v2.0/logout"]
insecure_oidc_skip_issuer_verification=true
custom_templates_dir="/templates"

provider="entra-id"
oidc_issuer_url="https://login.microsoftonline.com/cba96ffb-1e39-43b3-ac3a-6da3757ce415/v2.0"
client_id="5a0d9d0d-121f-45cf-819c-c4cade29860e"
client_secret="8lT8Q~AqBXJqntNDZT5Lnn-elvZuq4.JXEF65aMd"
scope="openid email profile"
banner="test"