OAuth2-Proxy behind CaddyV2 with Azure AAD

Looking to secure an internal app with Azure AAD and get the benefits of MFA?

Presumptions;
– You already run Caddy as a reverse proxy into your network
– You have Azure AAD set up and understand App Registrations / Authentication flows
– You have a docker host internally (I’m using Unraid)

Install OAuth2-Proxy as per https://quay.io/repository/oauth2-proxy/oauth2-proxy

Set up an Azure App Registration as per https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/#azure-auth-provider (Follow instructions for V2 Azure Auth endpoint)
Copy down the Client ID, Secret & your tenant ID


oauth2_proxy.cfg

# OAuth2 Proxy configuration file
email_domains = ["*"]  # Change this to restrict to specific domains, if needed

# Provider Configuration
provider = "azure"
client_id = "xxx-xxx-xxx-xxx-xxx"
client_secret = "xxx"
azure_tenant = "xxx-xxx-xxx-xxx-xxx"
oidc_issuer_url = "https://login.microsoftonline.com/${azure_tenant_id}/v2.0" # Replace ${azure_tenant_id} with actual tenantID

# Cookie Settings
cookie_secret = "xxx"
cookie_secure = true
cookie_expire = "24h"
cookie_refresh = "1h"
cookie_name = "_oauth2_proxy"
reverse_proxy = true


# Upstream and Listen Configuration
upstreams = ["http://internal-app-ip:port/"]
http_address = "0.0.0.0:4180"

redirect_url = "https://${domain}/oauth2/callback" # replace ${domain} with your actual domain

# Other settings (optional)
skip_provider_button = true  # To skip provider selection page

Caddyfile

domain {
reverse_proxy http://oauth2-proxy-ip:4180
}

The redirect URL must match the one in AAD exactly, ensure both have /oauth2/callback on the end, and ensure caddy picks up that match first in the reverse_proxy config, as per the example.

Any folders you add, all must go through oauth2-proxy, and not direct to the app, this would route around the authentication! Test this a LOT in incognito mode from a separate network.

This will expose one app on one domain.

Cluster Headache Tracker

I suffer from Cluster Headaches, they are truly awful.

If you’ve found this page you most likely also suffer from CH and are looking into tracking or logging. First off – this code is not ready for prime time. I’m building as I go and could use a hand… I’m also not a developer 馃ぃ

To use the app you’ll need Docker running in your home network, either Docker Desktop on your PC or straight up docker on a NAS or Server / VM.

To simplify things i’ve created a docker-compose.yml file – it lives here. Copy & Paste the contents of that file into notepad on your computer and save it as docker-compose.yml in a new directory on your computer. I suggest c:\clusters for simplicity. In that folder, create another folder called conf.

Download Docker Desktop from here – install it and run it. (Docker is free for personal use)

When Docker is running open up Terminal or a command line of your choice and navigate to the c:\clusters folder you just created. (cd c:\clusters). Ensure the docker-compose.yml file and the empty conf file are in place – then run;

docker-compose up -d

When the magic has completed you should be able to go to http://localhost:8080 and be greeted with the set up screen.

This first part of setup is about where the database is, just click Create Config.
If you have a mongodb instance already running, you can add those details here.

You must fill out the rest of the info including patient info, medication, abortives and symptoms. Finally you can add a pain scale that relates to you.

Once configured you can now log headaches! What a headache…

More info / detail to come.

Book Descriptor

Problem:

I help run several WooCommerce online shops for indie bookshops in the UK, due to a ridiculous set of circumstances description information is often missing from initial imports of stock and has to be sourced & imported separately. And to-boot, it’s all based on CSV sheets that refuse to use modern encoding.

Solution:

https://github.com/OliPassey/BookDescriptor

I wrote some python that downloads a list of products from the WooCommerce API, imports a source of description information from a local CSV sheet and does matching – where it finds a match it sends a description via the API.

To make the system user friendly I built a simple GUI with log output, so a non-technical user can run it daily and understand it’s output should errors occur.

To use the code, clone the repo, create API credentials for Woo and pass them into config.json, then run gui.py & hit start.

You can use variables in the gui.py to set how many produts are downloaded and assessed for updates – in the first few runs you will likely want this set quite high, but then reduce it to only cover recent imports. I started with all records on the site and reduced down to last 200 products. Your mileage may vary.

If you have to manage multiple sites, create multiple config.json files and then just change the name on line 20. On line 48 you can set how many products to download, keep products per page a maximum of 100 as i think that is the limit of the API.

Therapy Sessions Archive

Therapy Sessions is a Drum n Bass rave running since the early 2000’s, treating various countries across the map to the filthiest DnB on offer. The original nights in Herbal, London were regularly broadcast live (early 2000’s dialup internet permitting) and many people archived them locally.

Every few years a post goes up on DOA or elsewhere asking for mp3’s but these sites usually don’t last long or the files expire from free-ish hosting sites. I’ve decided to put up a permanent archive for all to enjoy.

Site is here: http://therapyarchive.inadvisable.uk/

The site is built with PHP and is auto-generated upon each load, it extracts ID3 information from audio files and matches set lists & fliers if available.

The code is here: https://github.com/OliPassey/therapyarchive

If you have more recordings, fliers or set lists please get in contact.

If you would like a set taken down (cause you own copyrights) get in contact and i’ll be happy to oblige.

Equally, Robyn – I presume you’re cool with this 馃檪
Much love & respect to you for bringing the filth.

December 21

Christmas 21

A series of Christmas cards to friends.