1.1.0 • Published 8 years ago

wordpress-oauth2-proxy v1.1.0

Weekly downloads
2
License
MIT
Repository
github
Last release
8 years ago

Wordpress OAuth2 Proxy

A reverse proxy using WP OAuth Server as an authentication scheme.

You can use it to expose any internal service to your Wordpress users.

Usage

Install the Wordpress plugin

First, you need to install WP OAuth Server on your Wordpress site.

In WP-CLI...

$ wp plugin install --activate oauth2-provider

Create a new client

From your https://YOUR_WORDPRESS/wp-admin/options-general.php?page=wo_settings#clients page, click "Add New Client", and set the redirect URI to https://YOUR_SERVICE/auth/wordpress/callback, where YOUR_SERVICE is the public name of your wordpress-oauth2-proxy.

Copy the Client ID and Secret for the client from this page.

Configure the proxy

It is easiest to use Docker with Docker Compose, but if you prefer you can simply set the appropriate environment variables and run node index.js.

If you are not using Docker, you will need to install node and MongoDB (or get a hosted MongoDB database from Compose). The database is merely used to persist authenticated clients.

Copy docker-compose.example.yml into your project, and adjust the environment variables as appropriate, then run docker-compose up.

VariableExplanation
HOSTThe external hostname for your service
TARGETThe internal hostname of the service to expose through the authenticated proxy. Commonly a linked image.
TARGET_SCHEME"http" or "https"
TARGET_PREPENDA path to be prepended to every request through the proxy
HTTP_PORTDefault: 80
HTTPS_PORTDefault: 443
HTTPS_FORCEEnable to redirect all non-https requests
KEY_FILEPath to a TLS certificate key
CERT_FILEPath to a TLS certificate
DB_URIA MongoDB database (by default running in a linked container)
SESSION_SECRETChange this to any random string
OAUTH_CLIENT_IDThe Client ID you created in Wordpress.
OAUTH_CLIENT_SECRETThe Secret you created in Wordpress.
OAUTH_URLThe SITEURL of the Wordpress instance.
OAUTH_CALLBACK_URLPrefix with the external URI of your service (such as a CNAME pointing to this Docker host). The /auth/wordpress/callback route is handled by wordpress-oauth2-proxy.
SECRET_TOKEN_HEADEROptionally accept a secret token on this header for unauthenticated requests ($SECRET_TOKEN) (for example, X-Gitlab-Token)
SECRET_TOKENA secret token which must match $SECRET_TOKEN_HEADER if enabled and the request is not authenticated by oAuth.

Make sure that TARGET is not publicly accessible, or unauthenticated users can simply ignore your reverse proxy!

With the proxy up and running, open the site in your browser, and verify the login process.

You're done!

Hacking

You will need docker and docker-compose installed.

$ git clone git@github.com:logankoester/wordpress-oauth2-proxy.git
$ cd wordpress-oauth2-proxy
$ mv docker-compose.example.yml docker-compose.yml

# Modify docker-compose.yml for your environment...

$ docker-compose up

Author

Copyright (c) 2015 Logan Koester. Released under the MIT license. See LICENSE for details.

wordpressreverseproxyauthenticationoauthdocker
cookie-parserexpressexpress-secure-onlyexpress-sessionmongoosepassportpassport-wordpress-oauth-serverproxy-express
@everything-registry/sub-chunk-3160
1.1.0

8 years ago