Oauth Secrets

[Maynardnaze]

secrets:
  - source: traefik-forward-auth
    target: /config

Can anyone explain this to me?
I tried getting secrets to work, setup identical to cloudflare api secrets. is it as simple as changing the environment variable to secret file name?

[uasdj25]

Yep. That one was on me in my pull request. Bottom line is that when the next pull happens on docker-compose-t2.yml happens it should alleviate the issues. I pasted my changes that I was making in the first pull, and it omitted some key details from my original compose file that I use. See below for explanation:

I didn't pay attention when I pasted the changes into my branch. It should have made more changes than just the secrets definition. As an aside, I have created a pull request with the additional changes which I will explain below. I also put this full explanation in the pull request.

It's important to note that this allows you to leverage secrets, but it will be the variables (email, google client id, etc) defined within the traefik-forward-auth file in the secrets directory. Here is a summary of the changes in the pull request:

The secrets for the Oauth container are stored in the SECRETS directory for your Docker instance. ($SECRETSDIR) (In a file called traefik-forward-auth) Therefore, there is no need to call those secrets within the compose file. So in the initial secrets definition section, we remove the oauth_secret, google_client_secret, google_client_id, and my_email. From here, we create a secret called traefik-forward-auth and define its file path within the secrets directory:
traefik-forward-auth:
file: $SECRETSDIR/traefik-forward-auth

We then remove the references of the environment variables within the container section of the compose file in the environment section. ($GOOGLE_CLIENT_ID, $GOOGLE_CLIENT_SECRET, $OAUTH_SECRET, $MY_EMAIL)

We need to make one addition to the environment section: CONFIG=/config

Since Google Oauth leverages an ini file, it requires accessing the /config directory for source files.

At this point, the only thing needed is the reference to the config path (where traefik-forward-auth is called), which has already been committed to the compose file:

secrets:

source: traefik-forward-auth
target: /config

[uasdj25]

Keep in mind that I don't use NZB360, so I don't pass the API keys into my apps from oauth. But as a reference, here is my oauth from my docker compose for reference:

#225 (comment)

The only thing apart from this is to remove unneeded enivornment variables listed in previous post, and to define the traefik-forward-auth secret at the top of the compose file:

traefik-forward-auth:
file: $SECRETSDIR/traefik-forward-auth

Hope that helps!

[Maynardnaze]

thank you for the detailed response!!! Thats exactly what I was looking for. Do you use a torrent client? and if so which one? ive been stuck on usenet but its nice having a backup

[uasdj25]

No, I don't use torrent, so I can't be of any help to you there.