https://www.ory.sh/ logo
Join Slack
Powered by
<@U02GP6PBD3Q> can you explain more about your dep...
# talk-oathkeeper
s
@User can you explain more about your deployment infrastructure please
h
Copy code
FROM oryd/oathkeeper:v0.38.12-beta.1

ADD config.yaml /config.yaml
ADD rules.json /rules.json
ADD jwks.json /jwks.json
Dockerfile
Copy code
serve:
  proxy:
    port: 4455 # run the proxy at port 4455
  api:
    port: 4456 # run the api at port 4456

access_rules:
  repositories:
    - file:///rules.json

errors:
  fallback:
    - json
  handlers:
    json:
      enabled: true
      config:
        verbose: true
    redirect:
      enabled: true
      config:
        to: <https://www.ory.sh/docs>

mutators:
  header:
    enabled: true
    config:
      headers:
        X-User: "{{ print .Subject }}"
        # You could add some other headers, for example with data from the
        # session.
        # X-Some-Arbitrary-Data: "{{ print .Extra.some.arbitrary.data }}"
  noop:
    enabled: true
  id_token:
    enabled: true
    config:
      issuer_url: <http://localhost:4455/>
      jwks_url: file:///jwks.json

authorizers:
  allow:
    enabled: true
  deny:
    enabled: true
  remote_json:
    # Set enabled to "true" to enable the authenticator, and "false" to disable the authenticator. Defaults to "false".
    enabled: true
    config:
      remote: <http://my-remote-authorizer/authorize>
      payload: |
        {
          "subject": "{{ print .Subject }}",
          "resource": "{{ printIndex .MatchContext.RegexpCaptureGroups 0 }}"
        }

authenticators:
  anonymous:
    enabled: true
    config:
      subject: guest
  noop:
    enabled: true
Copy code
[
  {
    "id": "nest-oauthkeeper",
    "version": "v0.36.0-beta.4",
    "upstream": {
      "url": "<http://host.docker.internal:2828>",
      "strip_path": "/api"
    },
    "match": {
      "url": "http://<127.0.0.1|localhost>:4455/api/oathkeeper",
      "methods": [
        "GET"
      ]
    },
    "authenticators": [
      {
        "handler": "noop"
      }
    ],
    "authorizer": {
      "handler": "remote_json",
      "config": {
        "remote": "<http://host.docker.internal:2828/oathkeeper/authorizer>",
        "payload": {
          "extra": "{{ print .Extra }}",
          "subject": "{{ print .Subject }}",
          "Header": "{{ print .Header }}",
          "matchContext": "{{ print .MatchContext }}"
        }
      },
      "forward_response_headers_to_upstream": []
    },
    "mutators": [
      {
        "handler": "noop"
      }
    ],
    "errors": [
      {
        "handler": "json"
      }
    ]
  }
]
5 Views
Open in Slack
PreviousNext
Powered by