docs: rewrite README with structured overview and quick start guide
Replaces the minimal project description with a comprehensive README including a component overview table, quick start instructions, common Ansible operations, and links to detailed documentation. Aligns with Red Panda Approval™ standards.
This commit is contained in:
70
ansible/searxng/oauth2-proxy-searxng.cfg.j2
Normal file
70
ansible/searxng/oauth2-proxy-searxng.cfg.j2
Normal file
@@ -0,0 +1,70 @@
|
||||
# OAuth2-Proxy Configuration for SearXNG
|
||||
# Authenticates users via Casdoor OIDC before proxying to SearXNG
|
||||
# Red Panda Approved
|
||||
|
||||
# Provider Configuration (Casdoor OIDC)
|
||||
provider = "oidc"
|
||||
provider_display_name = "Casdoor"
|
||||
oidc_issuer_url = "{{ searxng_oauth2_oidc_issuer_url }}"
|
||||
client_id = "{{ searxng_oauth2_client_id }}"
|
||||
client_secret = "{{ searxng_oauth2_client_secret }}"
|
||||
|
||||
# Redirect URL after authentication
|
||||
redirect_url = "{{ searxng_oauth2_redirect_url }}"
|
||||
|
||||
# Upstream service (SearXNG on localhost)
|
||||
upstreams = [
|
||||
"http://127.0.0.1:{{ searxng_port }}"
|
||||
]
|
||||
|
||||
# Session/Cookie Configuration
|
||||
cookie_secret = "{{ searxng_oauth2_cookie_secret }}"
|
||||
cookie_name = "_oauth2_proxy_searxng"
|
||||
cookie_secure = true
|
||||
cookie_httponly = true
|
||||
cookie_samesite = "lax"
|
||||
cookie_domains = [
|
||||
".{{ searxng_domain }}"
|
||||
]
|
||||
|
||||
# Authentication settings
|
||||
email_domains = ["*"]
|
||||
oidc_email_claim = "email"
|
||||
oidc_groups_claim = "groups"
|
||||
|
||||
# Session settings
|
||||
session_store_type = "cookie"
|
||||
cookie_expire = "168h"
|
||||
cookie_refresh = "1h"
|
||||
|
||||
# Request settings - pass user info to SearXNG
|
||||
pass_access_token = false
|
||||
pass_authorization_header = false
|
||||
set_authorization_header = false
|
||||
set_xauthrequest = true
|
||||
|
||||
# Logging
|
||||
request_logging = true
|
||||
auth_logging = true
|
||||
standard_logging = true
|
||||
|
||||
# Network settings
|
||||
http_address = "0.0.0.0:{{ searxng_proxy_port }}"
|
||||
reverse_proxy = true
|
||||
real_client_ip_header = "X-Forwarded-For"
|
||||
|
||||
# Skip authentication for health check endpoints
|
||||
skip_auth_routes = [
|
||||
"^/healthz$",
|
||||
"^/ping$"
|
||||
]
|
||||
|
||||
# OIDC specific settings
|
||||
skip_provider_button = true
|
||||
oidc_extra_audiences = []
|
||||
insecure_oidc_allow_unverified_email = true
|
||||
cookie_csrf_per_request = true
|
||||
cookie_csrf_expire = "5m"
|
||||
|
||||
# SSL verification (internal Casdoor uses valid certs)
|
||||
ssl_insecure_skip_verify = false
|
||||
Reference in New Issue
Block a user