Tinyauth

2025-04-11 12:28:39 +01:00 · 2025-04-11 12:28:39 +01:00 · 66ff3a82b3
parent 56bf5f741c
commit 66ff3a82b3
3 changed files with 49 additions and 0 deletions
--- a/Tinyauth/.env
+++ b/Tinyauth/.env
@ -0,0 +1,9 @@
+# generate with openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32
+SECRET=5vvAGg1lfdsDO3lPtkj5CRv3RXEk44HN
+USERS=alice:$$2y$$05$$y/TnBJ.Zal5PM2Xu43NCRu0hP.STmZzb0vFiqr6LPRBc4cG0jwJr.,bob:$$2y$$05$$44DactVuy2Sqzd329hIehOp1T6JYhcnDF1r.I7TxSA8MQUwygkqV. # pw = password
+
+# Important to set this when using OAuth otherwise anyone with an account can use it to log in
+OAUTH_WHITELIST=your@email.com
+
+GITHUB_CLIENT_ID=XXXXXXXXXXXXXXX
+GITHUB_CLIENT_SECRET=XXXXXXXXXXXXXXXX
--- a/Tinyauth/docker-compose.yaml
+++ b/Tinyauth/docker-compose.yaml
@ -0,0 +1,37 @@
+services:
+  tinyauth:
+    image: ghcr.io/steveiliop56/tinyauth:v3
+    container_name: tinyauth
+    restart: unless-stopped
+    environment:
+      # generate with openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32
+      - SECRET=${SECRET}
+      - APP_URL=https://tinyauth.jimsgarage.co.uk
+      # generate with "echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g" - substitute the user with what you want, or use a file
+      # - USERS=${USERS}
+      - USERS_FILE=users_file # add a file with multiple users in the above format if necessary
+      - LOG_LEVEL=0
+      - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}
+      - GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}
+      - OAUTH_WHITELIST=${OAUTH_WHITELIST}
+    volumes:
+      - ./users:/tinyauth/users_file
+    networks:
+      - proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"
+      - "traefik.http.routers.tinyauth.entrypoints=http"
+      - "traefik.http.routers.tinyauth.rule=Host(`tinyauth.jimsgarage.co.uk`)"
+      - "traefik.http.middlewares.tinyauth-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.tinyauth.middlewares=tinyauth-https-redirect"
+      - "traefik.http.routers.tinyauth-secure.entrypoints=https"
+      - "traefik.http.routers.tinyauth-secure.rule=Host(`tinyauth.jimsgarage.co.uk`)"
+      - "traefik.http.routers.tinyauth-secure.tls=true"
+      - "traefik.http.routers.tinyauth-secure.tls.certresolver=cloudflare"
+      - "traefik.http.routers.tinyauth-secure.service=tinyauth"
+      - "traefik.http.services.tinyauth.loadbalancer.server.port=3000"
+      - "traefik.http.middlewares.tinyauth.forwardauth.address=http://tinyauth:3000/api/auth/traefik"
+networks:
+  proxy:
+    external: true
--- a/Tinyauth/users
+++ b/Tinyauth/users
@ -0,0 +1,3 @@
+alice:$2y$10$k0YEfRqPD4Cgu1Bu2BR5je4s6HSqhBRqr7wW4VfYIeYn5bVaUX5lq:XAP2AEQMCO2OHGU56AT5Y5PW3UA6CKXR
+bob:$2y$10$5OABhZc49FA0mVWo.a8tmeNd/FGf/d3..hcqwJL0w3lXJozIVIwtq
+ADD GITHUB OAUTH HERE