A nginx docker image for oauthing with google and proxing some service through it. This is extended from the very awesome CloudFlare project of the same topic: https://github.com/cloudflare/nginx-google-oauth
Required env vars from the CloudFlare base are:
- NGO_CLIENT_ID
- NGO_CLIENT_SECRET
- NGO_TOKEN_SECRET
One from us:
- NGINX_PROXY_PASS
The project also expects certificates to be mounted as:
/etc/nginx/certs/tls.crt/etc/nginx/certs/tls.key
Or you can have it generate self signed certificates on startup by setting
- NGO_GENERATE_CERT_CMD
example: openssl req -new -nodes -x509 -subj "/C=US/ST=New York/L=New York/O=IT/CN=*.domain.com" -days 365 -out /etc/nginx/certs/tls.crt -keyout /etc/nginx/certs/tls.key -extensions v3_ca This proxy redirects http to https.
- Copy
secrets.env.templatetosecrets.env(gitignored) and populate environment variables. Secrets can be found in AWS Parameter Store under/classic/adminnamespace, other values can be taken from the production CloudFormation stack gauth-proxy-prod - Build and run a Docker container
$ make package
$ docker run --rm -p 443:443 --env-file secrets.env -it <image_id>- Determine an IP address of the container by running
docker inspect <container_id> - Add an alias to local
/etc/hosts
<container_ip> admin.meetup.com
- Open
https://admin.meetup.com/adminin a browser, dismiss the warning about an invalid certficate. If Chrome does not display 'proceed' option, typethisisunsafeon your keyboard to proceed. - Sign in with your Meetup Google account. You should be redirected to the Meetup Admin website.