Want to add "Login with Google," "Sign in with Facebook," or other secure login options to your web applications? It's easier than you think! This video will show you how to use OAuth Proxy, a powerful tool that lets you protect your apps with modern authentication methods, without modifying your application code.
Here's what we'll cover:
🔒 How OAuth Proxy works: Learn how it acts as a security guard, authenticating users via external identity providers (Google, Facebook, GitHub, Entra ID, and more) using OAuth2 and OpenID Connect.
🚀 Benefits of OAuth Proxy: Discover how it enables Single Sign-On (SSO), simplifies security, and is perfect for internal tools and dashboards.
🛠️ Step-by-step setup: We'll walk through a practical example using Docker, securing a self-hosted AI platform (Open WebUI) with Google login.
⚙️ OAuth2 and OpenID Connect explained: Understand the core concepts of authentication and authorization, including authorization codes, access tokens, ID tokens, and JWTs.
🌐 Architecture overview: We'll break down the solution architecture, including Ollama, Open WebUI, NGINX, OAuth Proxy, Caddy, and Google as the Identity Provider.
🔑 Google Identity Provider configuration: Learn how to set up Google as your Identity Provider, including creating OAuth clients and configuring redirect URLs.
🛡️ OAuth Proxy configuration: We'll dive into configuring OAuth Proxy with your Google credentials, setting up cookie secrets, and restricting access.
⚙️ NGINX integration: See how NGINX works as a reverse proxy in conjunction with OAuth Proxy to protect your application.
🔒 Limiting access: Learn how to restrict access to specific users or email domains for enhanced security.
🌍 Making it public: We'll cover setting up Caddy as a reverse proxy to expose your application to the outside world with HTTPS and automated Let's Encrypt certificates.
➡️ Data flow: We'll trace the data flow of the OAuth2 authentication process to understand how all the components work together.
Key takeaways:
Secure your apps without code changes.
Implement Single Sign-On.
Use modern authentication methods.
Resources:
Configuration files:
github.com/filip-lebiecki/oauth2-proxy
OAuth2 Proxy:
github.com/oauth2-proxy/oauth2-proxy
Ollama:
github.com/ollama/ollama
Ollama library:
ollama.com/library
Open WEB UI:
github.com/open-webui/open-webui
Google Identity:
• Secure Web SSH: OAuth, Tunnels & Short-Liv...
Timestamps:
00:00 Intro
00:42 Demo
03:29 Solution architecture
04:50 OAUTH2 / OIDC
07:03 ID Token (JWT)
08:07 Ollama + Open Web-UI
11:09 Google IDP
13:39 OAuth Proxy
16:49 Nginx
19:53 Limiting audience
21:36 Internal vs External
22:53 TLS with Caddy
Hashtags:
#OAuthProxy #Authentication #Authorization #Security #WebDevelopment #Docker #NGINX #Caddy #GoogleCloud #SingleSignOn #SSO #DevOps #SelfHosting #OpenWebUI #Ollama #Tutorial #LinuxCloudHacks
LinuxCloudHacks
コメント