that did it!
or is that a bad idea for some other reason
thanks for your help, and a great bit of software!
sorry to bother, I'm having this problem... every time I deploy npm on Docker I get a unhealthy status..
and seems that MariaDB keeps restarting
@CAHTA1 hi, what do you mean? are you talking about the Access List feature of NPM, or do you mean to manually configure access lists on the 'Advanced' tab of a proxy host? if the former, the format for the IP tab of the access lists is the same as the one for nginx, you can use 'all' or you can use a specific subnet, like this: https://imgur.com/OrzCIQl
Hi, is there any chance of being able to set up SSO via NPM. It is an awesome way for me to get into the power of NGINX but I haven't been able to replicate the Google authentication I had with my nightmarish Traefik setup. I looked at Authelia but couldn't figure out how to set it up with NPM.
there is currently a branch that implements that here https://github.com/jc21/nginx-proxy-manager/commits/openidc , it's still experimental and could use a little more testing
I knew you’d ask ;) @Subv has created some documenation here: https://github.com/jc21/nginx-proxy-manager/tree/openidc/docs/advanced-config
Interested to hear how you go with those instructions and what can be improved
@dialanothernumb where did you get stuck?
Since the well known discovery is different for each oidc service it could trip people up. I had to do some digging to find out what Auth0’s was, they didn’t make it obvious.
Google's, for example, is https://accounts.google.com/.well-known/openid-configuration
I am a little embarrassed to admit, I had forgotten to delete the browser cache of the main branch container. Thus the OpenID Connect toggle didn't show. Thats why the instructions confused me... Now it makes sense. I have set up one of my proxy hosts using the Google API. However I don't know how to set up the right authorized redirect. The settings on both the NPM dialog box and on the Google API site are clear, but I am not sure what to set up as a link. I have tried "https://myproxyhost.mydomain.com/_oauth" . I am not clear how redirecting works...
have you done anything special with nginx? I have esxi working well as a reverse proxy with your container, with the websockets support turned on
I'm trying to replicate this in a normal nginx install (can't use your container :( unfortunately)
many thanks
@jc21 I got authentication using Google API working with the openidc branch but there were a number of issues. One was that through every page of my proxy host site I had to re-authenticate. Another issue was that the first authentication would lead to downloading the redirection link as a file. I'll keep an eye and let other more competent people provide you with more useful feedback.
are you by chance using HTTP instead of HTTPS for your site? now that i think about it the openidc cookies only work in a secure context unless you're in localhost (iirc)
@Subv I'm using https throughout. Here are my settings for a proxy host for a Sonarr container. My redirect url is https://sonarr.mydomain.com/_openidc Prior to setting up openidc the proxy server works without a problem. I use the Google well known
discovery endpoint you listed above. I have my client ID and secret from my Google API console. I have restricted access to one main email address. When I enter my proxy address https://sonarr.mydomain.com I get a dialog box asking if I want to save the url as a file. very odd.