This message was deleted.
# generalm
microscopic-answer-24504
01/17/2023, 7:25 PMThis message was deleted.
m
magnificent-energy-493
01/18/2023, 10:44 AM
Hey Dean, have a look at this conversation:
https://archive.ory.sh/t/2690885/edit-solved-anyone-got-experience-with-traefik-forward-auth-
r
rich-jackal-21089
01/18/2023, 3:30 PMI've seen mentions of Oathkeeper but I thought I can use Ory's authentication without having to selfhost it myself?
m
magnificent-energy-493
01/19/2023, 9:53 AM
Hm maybe I misunderstood, apologies.
You are using https://github.com/thomseddon/traefik-forward-auth and would like to use Ory as UI for it, did I get that right?
r
rich-jackal-21089
01/19/2023, 10:56 AMNo I've looked at that repo but I thought using https://doc.traefik.io/traefik/middlewares/http/forwardauth/ would be sufficient.
I thought I could simply use the URL in my Ory console for the managed account experience, but I'm not sure how to set this up.
m
magnificent-energy-493
01/20/2023, 9:39 AM
Hey Dean, apologies for not following up here.
I think I get what you want to do now.
Traefik should “forward” the auth to Ory so you can use Traefik as the “identity aware proxy” for your applications, and provide authN through Ory.
I will have a look if I can figure it out from the Traefik docs.
r
rich-jackal-21089
01/20/2023, 10:02 PMOkay thank you I was able to manage to forward it using the label but it just gets into an infinite redirect loop if i use ?return_to for my Ory endpoint
m
magnificent-energy-493
01/23/2023, 10:20 AM
Do you have a custom domain configured? The redirect should go to your CNAME.
r
rich-jackal-21089
01/23/2023, 10:23 AMYeah I have for the ?return_to my own domain I want it to redirect to after logging in
rich-jackal-21089
01/26/2023, 11:35 AMAm I missing something with headers maybe?
rich-jackal-21089
02/05/2023, 12:40 PMSurely by now I think I'm not the only one who has wanted to do something like this right? When I look around it usually always involves Oathkeeper in the setup, but surely there should be a solution without?
m
magnificent-energy-493
02/06/2023, 8:13 AM
Hey @rich-jackal-21089, sorry for not following up here.
I think it should work the same with Traefik / NGINX / other solution as it would with Oathkeeper.
I wanted to build a quick example, but have not gotten around to it. Will put this up as a reminder to self to work on it.
❤️ 1
r
rich-jackal-21089
02/18/2023, 10:43 PMAny luck on this @magnificent-energy-493?
m
magnificent-energy-493
02/21/2023, 9:04 AM
Hey Dean,
not yet…
I do want to create a guide around this, so I will follow up here soon 🙏
👀 1
r
rich-jackal-21089
05/09/2023, 9:55 AMDo you know if anyone else had tried this yet?
m
magnificent-energy-493
05/09/2023, 12:19 PM
Hm I am not sure, I know many how use Traefik + Oathkeeper.
I also never posted the guide I think 🤦 https://www.ory.sh/docs/oathkeeper/guides/traefik-proxy-integration
I have not tried it out without Oathkeeper yet, but IMO its very lightweight and an elegant solution.
Let me investigate a bit how it would work without.
If it is important for you use case with Ory Network also feel free to reach out to your account manager.
w
witty-midnight-20567
06/23/2023, 4:10 PMI think we mkight want something similar? https://github.com/ory/oathkeeper/discussions/1075
4 Views