All Templates / Authentication

oauth2-proxy

oauth2-proxy

Reverse proxy that provides auth with Google and more identity providers

Deploy oauth2-proxy

oauth2-proxy

oauth2-proxy/oauth2-proxy:v7.7.0

Just deployed

OAuth2 Proxy Template for Railway

Overview

This template deploys OAuth2 Proxy, a reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. It's particularly useful for adding authentication to legacy applications or implementing single sign-on (SSO) across multiple services.

Features

  • Acts as a reverse proxy for your internal services
  • Provides authentication via Google OAuth2
  • Restricts access to specific email domains
  • Easy to configure and deploy

Deployment Instructions

  1. Click the "Deploy on Railway" button
  2. Configure the required environment variables (see below)
  3. Deploy the service
  4. Set up your Google OAuth2 credentials in the Google Cloud Console
  5. Configure your internal service to work with the proxy

Environment Variables

Configure the following environment variables:

  • OAUTH2_PROXY_PROVIDER: Set to "google" for Google OAuth
  • OAUTH2_PROXY_EMAIL_DOMAINS: Set to your company's email domain (e.g., "yourcompany.com")
  • OAUTH2_PROXY_COOKIE_SECRET: A secret string to encrypt cookies (generate a random string)
  • OAUTH2_PROXY_CLIENT_ID: Your Provider OAuth Client ID
  • OAUTH2_PROXY_CLIENT_SECRET: Your Provider OAuth Client Secret
  • OAUTH2_PROXY_REDIRECT_URL: The callback URL for OAuth (e.g., "https://your-proxy-domain/oauth2/callback")
  • OAUTH2_PROXY_UPSTREAMS: The internal service URL to proxy (e.g., "http://internal-service:8080")

Getting Started

  1. After deployment, access your OAuth2 Proxy URL provided by Railway
  2. Attempt to access your service; you'll be redirected to Google for authentication
  3. Sign in with your company Google account
  4. Upon successful authentication, you'll be proxied to your internal service

Security Considerations

  • Ensure your Google OAuth credentials are kept secret
  • Regularly rotate your OAUTH2_PROXY_COOKIE_SECRET
  • Limit the OAUTH2_PROXY_EMAIL_DOMAINS to your company's domain

Customization

  • Adjust the OAUTH2_PROXY_HTTP_ADDRESS if you need to change the listening port
  • Add additional OAuth2 Proxy flags as environment variables if needed

Support

For issues with the template itself, please each out to me at [email protected]. For OAuth2 Proxy specific questions, refer to the official documentation.

Enjoy secure access to your internal services with OAuth2 Proxy!


Template Content

Deploy Now

Details

Youssef Siam's Projects

Created on Oct 7, 2024

10 total projects

7 active projects

100% success on recent deploys

Authentication



More templates in this category

View Template
Keycloak

Keycloak

Keycloak template with keywind theme + apple and discord providers


beuz's Projects

View Template
bknd

bknd

Feature-rich yet lightweight backend


View Template
Authorizer

Authorizer

Open-source authentication and authorization solution for your business.


Lakhan Samani's Projects