<@ULVA73B9P> I want your help to fix and properly ...
# marvin-aim
Mohamed Zaki
08/30/2025, 10:24 PM@Marvin I want your help to fix and properly enhance my stack, here's my compose file:
Copy code
name: prefect-wizard
services:
nginx:
image: nginx:latest
ports:
- "80:80" # Expose NGINX on port 80
volumes:
- ./proxies/nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- server
- api
- keycloak
- oauth2-proxy
# VNC browser for local development to use for keycloak and oauth2-proxy
browser:
image: jlesage/firefox
ports:
- "5800:5800"
environment:
# Optional: Set a password for the VNC web interface
- VNC_PASSWORD=my_password
depends_on:
- keycloak
- oauth2-proxy
- nginx
keycloak:
image: quay.io/keycloak/keycloak:24.0
command: [ "start-dev", "--http-port=8080" ]
environment:
KC_BOOTSTRAP_ADMIN_USERNAME: admin
KC_BOOTSTRAP_ADMIN_PASSWORD: admin
#KC_HOSTNAME: "keycloak" # no path, just host (and optional port)
KC_HOSTNAME_STRICT: "false" # dev convenience
KC_HOSTNAME_STRICT_HTTPS: "false" # dev convenience
KC_PROXY: "edge" # recommended when behind a proxy
ports:
- "8080:8080"
volumes:
- keycloak_data:/opt/keycloak/data
- ./keycloak/local/config.json:/opt/keycloak/conf/realm-config.json
oauth2-proxy:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- "4180:4180"
command: [ "--config=/etc/oauth2-proxy.cfg" ]
volumes:
- "./proxies/oauth2-proxy.cfg:/etc/oauth2-proxy.cfg"
depends_on:
- keycloak
api:
build:
context: .
dockerfile: docker/api/nonprod/Dockerfile
ports:
- "9832:9832"
environment:
PREFECT_API_URL: <http://server:4200/api>
volumes:
- ./api:/app
- ./autoupdate:/app/autoupdate
- ./core:/app/core
extra_hosts:
- "host.docker.internal:host-gateway"
env_file:
- .env
restart: always
healthcheck:
test: [ "CMD-SHELL", "curl -f <http://localhost:9832/health> || exit 1" ]
interval: 5s
timeout: 5s
retries: 5
db:
...
redis:
...
server:
image: prefecthq/prefect:3.4.13-python3.11
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
environment:
PREFECT_API_DATABASE_CONNECTION_URL: <postgresql+asyncpg://prefect:prefect@db:5432/prefect>
PREFECT_SERVER_API_HOST: 0.0.0.0
PREFECT_UI_API_URL: "<http://localhost:4200/api>"
PREFECT_MESSAGING_BROKER: prefect_redis.messaging
PREFECT_MESSAGING_CACHE: prefect_redis.messaging
PREFECT_REDIS_MESSAGING_HOST: redis
PREFECT_REDIS_MESSAGING_PORT: 6379
PREFECT_REDIS_MESSAGING_DB: 0
PREFECT_LOGGING_LEVEL: DEBUG
PREFECT_LOGGING_LOG_PRINTS: True
PREFECT_SERVER_LOGGING_LEVEL: DEBUG
PREFECT_SERVER_LOGGING_LOG_PRINTS: True
#PREFECT_SERVER_API_AUTH_STRING: "admin:admin"
command: prefect server start --no-services
ports:
- "4200:4200"
healthcheck:
test: [ "CMD-SHELL", "python -c 'import json,urllib.request,sys; sys.exit(0 if json.loads(urllib.request.urlopen(\"<http://localhost:4200/api/health>\", timeout=1).read()) is True else 1)' " ]
interval: 5s
timeout: 3s
retries: 30
services:
...
create-deployment:
...
autoupdate-worker:
image: prefect-workpool
depends_on:
server:
condition: service_healthy
services:
condition: service_started
create-deployment:
condition: service_completed_successfully
environment:
PREFECT_API_URL: <http://server:4200/api>
DOCKER_HOST: <tcp://host.docker.internal:2375>
PREFECT_LOCAL_STORAGE_PATH: /logs/storage
# DOCKER_TLS_VERIFY: ${DOCKER_TLS_VERIFY:-}
# DOCKER_CERT_PATH: ${DOCKER_CERT_PATH:-}
restart: always
volumes:
- ./autoupdate:/opt/prefect/autoupdate
- ./core:/opt/prefect/autoupdate/core
- ${HOME}/.wizard:/logs
extra_hosts:
- "host.docker.internal:host-gateway"
env_file:
- .env
volumes:
postgres_data:
redis_data:
keycloak_data: Copy code
{
"clientId": "wizard-oauth",
"name": "wizard",
"description": "",
"rootUrl": "<http://nginx:80/wizard>",
"adminUrl": "<http://nginx:80/wizard>",
"baseUrl": "<http://nginx:80>",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "olcWi1lGcyrU82MtdvNgK8Nm7x4C8ieA",
"redirectUris": [
"<http://nginx:80/oauth2/callback>"
],
"webOrigins": [
"+"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": true,
"protocol": "openid-connect",
"attributes": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
} Copy code
provider = "keycloak-oidc"
oidc_issuer_url = "<http://keycloak:8080/realms/wizard>"
client_id = "wizard-oauth"
client_secret = "olcWi1lGcyrU82MtdvNgK8Nm7x4C8ieA"
cookie_secret = "bHEyY2E0dEZHSTlnY2hJa0FRWnRERURxaDg4Qm5qY3k="
email_domains = "*"
insecure_oidc_allow_unverified_email = true
http_address = "0.0.0.0:4180"
redirect_url = "<http://nginx:80/oauth2/callback>"
pass_access_token = true
skip_provider_button = true
reverse_proxy = true Copy code
# See reference:
# <https://github.com/pasha-r/oauth2_proxy/blob/master/docs/configuration/configuration.md#config-file>
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name localhost;
# The /oauth2/ location handles all OAuth2 Proxy traffic
location /oauth2/ {
proxy_pass <http://oauth2-proxy:4180>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Auth-Request-Redirect $request_uri;
}
# The /oauth2/auth location is the actual authentication endpoint
location = /oauth2/auth {
proxy_pass <http://oauth2-proxy:4180>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
}
# The / location is for the main Prefect UI
location / {
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
proxy_set_header X-User $user;
proxy_set_header X-Email $email;
# if you enabled --pass-access-token, this will pass the token to the backend
auth_request_set $token $upstream_http_x_auth_request_access_token;
proxy_set_header X-Access-Token $token;
proxy_pass <http://server:4200>;
}
}
}invalid parameter: redirect urim
Marvin
08/30/2025, 10:24 PMYour message was too long, here's your message at the allowed limit:
I want your help to fix and properly enhance my stack here's my compose file
Copy code
name prefect-wizard services nginx image nginx latest ports - 80 80 # Expose NGINX on port 80 volumes - /proxies/nginx conf /etc/nginx/nginx conf ro depends_on - server - api - keycloak - oauth2-proxy # VNC browser for local development to use for keycloak and oauth2-proxy browser image jlesage/firefox ports - 5800 5800 environment # Optional Set a password for the VNC web interface - VNC_PASSWORD=my_password depends_on - keycloak - oauth2-proxy - nginx keycloak image <http //quay io/keycloak/keycloak 24 0|quay io/keycloak/keycloak 24 0> command [ start-dev --http-port=8080 ] environment KC_BOOTSTRAP_ADMIN_USERNAME admin KC_BOOTSTRAP_ADMIN_PASSWORD admin #KC_HOSTNAME keycloak # no path just host (and optional port) KC_HOSTNAME_STRICT false # dev convenience KC_HOSTNAME_STRICT_HTTPS false # dev convenience KC_PROXY edge # recommended when behind a proxy ports - 8080 8080 volumes - keycloak_data /opt/keycloak/data - /keycloak/local/config json /opt/keycloak/conf/realm-config json oauth2-proxy image <http //quay io/oauth2-proxy/oauth2-proxy v7 5 1|quay io/oauth2-proxy/oauth2-proxy v7 5 1> extra_hosts - host docker internal host-gateway ports - 4180 4180 command [ --config=/etc/oauth2-proxy cfg ] volumes - /proxies/oauth2-proxy cfg /etc/oauth2-proxy cfg depends_on - keycloak api build context dockerfile docker/api/nonprod/Dockerfile ports - 9832 9832 environment PREFECT_API_URL <http //server 4200/api> volumes - /api /app - /autoupdate /app/autoupdate - /core /app/core extra_hosts - host docker internal host-gateway env_file - env restart always healthcheck test [ CMD-SHELL curl -f <http //localhost 9832/health> || exit 1 ] interval 5s timeout 5s retries 5 db redis server image prefecthq/prefect 3 4 13-python3 11 depends_on db condition service_healthy redis condition service_healthy environment PREFECT_API_DATABASE_CONNECTION_URL <postgresql+asyncpg //prefect prefect@db 5432/prefect> PREFECT_SERVER_API_HOST 0 0 0 0 PREFECT_UI_API_URL <http //localhost 4200/api> PREFECT_MESSAGING_BROKER prefect_redis messaging PREFECT_MESSAGING_CACHE prefect_redis messaging PREFECT_REDIS_MESSAGING_HOST redis PREFECT_REDIS_MESSAGING_PORT 6379 PREFECT_REDIS_MESSAGING_DB 0 PREFECT_LOGGING_LEVEL DEBUG PREFECT_LOGGING_LOG_PRINTS True PREFECT_SERVER_LOGGING_LEVEL DEBUG PREFECT_SERVER_LOGGING_LOG_PRINTS True #PREFECT_SERVER_API_AUTH_STRING admin admin command prefect server start --no-services ports - 4200 4200 healthcheck test [ CMD-SHELL python -c 'import json urllib request sys; sys exit(0 if json loads(urllib request urlopen(\ <http //localhost 4200/api/health>\ timeout=1) read()) is True else 1)' ] interval 5s timeout 3s retries 30 services create-deployment autoupdate-worker image prefect-workpool depends_on server condition service_healthy services condition service_started create-deployment condition service_completed_successfully environment PREFECT_API_URL <http //server 4200/api> DOCKER_HOST <tcp //host docker internal 2375> PREFECT_LOCAL_STORAGE_PATH /logs/storage # DOCKER_TLS_VERIFY ${DOCKER_TLS_VERIFY -} # DOCKER_CERT_PATH ${DOCKER_CERT_PATH -} restart always volumes - /autoupdate /opt/prefect/autoupdate - /core /opt/prefect/autoupdate/core - ${HOME}/ wizard /logs extra_hosts - host docker internal host-gateway env_file - env volumes postgres_data redis_data keycloak_dataMarvin
08/30/2025, 10:24 PMse publicClient false frontchannelLogout true protocol openid-connect attributes { client secret creation time 1756577822 post logout redirect uris <http //oauth2-proxy 4180/oauth2/callback##http //oauth2-proxy 4180/oauth2/callback> oauth2 device authorization grant enabled false backchannel logout revoke offline tokens false use refresh tokens true oidc ciba grant enabled false client use lightweight access token enabled
Marvin
08/30/2025, 10:26 PMYour message was too long, here's your message at the allowed limit:
I want your help to fix and properly enhance my stack here's my compose file
Copy code
name prefect-wizard services nginx image nginx latest ports - 80 80 # Expose NGINX on port 80 volumes - /proxies/nginx conf /etc/nginx/nginx conf ro depends_on - server - api - keycloak - oauth2-proxy # VNC browser for local development to use for keycloak and oauth2-proxy browser image jlesage/firefox ports - 5800 5800 environment # Optional Set a password for the VNC web interface - VNC_PASSWORD=my_password depends_on - keycloak - oauth2-proxy - nginx keycloak image quay io/keycloak/keycloak 24 0 command [ start-dev --http-port=8080 ] environment KC_BOOTSTRAP_ADMIN_USERNAME admin KC_BOOTSTRAP_ADMIN_PASSWORD admin #KC_HOSTNAME keycloak # no path just host (and optional port) KC_HOSTNAME_STRICT false # dev convenience KC_HOSTNAME_STRICT_HTTPS false # dev convenience KC_PROXY edge # recommended when behind a proxy ports - 8080 8080 volumes - keycloak_data /opt/keycloak/data - /keycloak/local/config json /opt/keycloak/conf/realm-config json oauth2-proxy image quay io/oauth2-proxy/oauth2-proxy v7 5 1 extra_hosts - host docker internal host-gateway ports - 4180 4180 command [ --config=/etc/oauth2-proxy cfg ] volumes - /proxies/oauth2-proxy cfg /etc/oauth2-proxy cfg depends_on - keycloak api build context dockerfile docker/api/nonprod/Dockerfile ports - 9832 9832 environment PREFECT_API_URL <http //server 4200/api> volumes - /api /app - /autoupdate /app/autoupdate - /core /app/core extra_hosts - host docker internal host-gateway env_file - env restart always healthcheck test [ CMD-SHELL curl -f <http //localhost 9832/health> || exit 1 ] interval 5s timeout 5s retries 5 db redis server image prefecthq/prefect 3 4 13-python3 11 depends_on db condition service_healthy redis condition service_healthy environment PREFECT_API_DATABASE_CONNECTION_URL <postgresql+asyncpg //prefect prefect@db 5432/prefect> PREFECT_SERVER_API_HOST 0 0 0 0 PREFECT_UI_API_URL <http //localhost 4200/api> PREFECT_MESSAGING_BROKER prefect_redis messaging PREFECT_MESSAGING_CACHE prefect_redis messaging PREFECT_REDIS_MESSAGING_HOST redis PREFECT_REDIS_MESSAGING_PORT 6379 PREFECT_REDIS_MESSAGING_DB 0 PREFECT_LOGGING_LEVEL DEBUG PREFECT_LOGGING_LOG_PRINTS True PREFECT_SERVER_LOGGING_LEVEL DEBUG PREFECT_SERVER_LOGGING_LOG_PRINTS True #PREFECT_SERVER_API_AUTH_STRING admin admin command prefect server start --no-services ports - 4200 4200 healthcheck test [ CMD-SHELL python -c 'import json urllib request sys; sys exit(0 if json loads(urllib request urlopen(\ <http //localhost 4200/api/health>\ timeout=1) read()) is True else 1)' ] interval 5s timeout 3s retries 30 services create-deployment autoupdate-worker image prefect-workpool depends_on server condition service_healthy services condition service_started create-deployment condition service_completed_successfully environment PREFECT_API_URL <http //server 4200/api> DOCKER_HOST <tcp //host docker internal 2375> PREFECT_LOCAL_STORAGE_PATH /logs/storage # DOCKER_TLS_VERIFY ${DOCKER_TLS_VERIFY -} # DOCKER_CERT_PATH ${DOCKER_CERT_PATH -} restart always volumes - /autoupdate /opt/prefect/autoupdate - /core /opt/prefect/autoupdate/core - ${HOME}/ wizard /logs extra_hosts - host docker internal host-gateway env_file - env volumes postgres_data redis_data keycloak_dataMarvin
08/30/2025, 10:26 PMcopeAllowed true nodeReRegistrationTimeout -1 defaultClientScopes [ web-origins acr roles profile email ] optionalClientScopes [ address phone offline_access microprofile-jwt ] access { view true configure true manage true } }``` Oauth-proxy ```provider = keycloak-oidc oidc_issuer_url = <http //keycloak 8080/realms/wizard> client_id = wizard-oauth client_secret = olcWi1lGcyrU82MtdvNgK8Nm7x4C8ieA cookie_secret = bHEyY2E0dEZHSTlnY2hJa0FRWnRERURxaDg4Qm5qY3k= email_domains =
m
Mohamed Zaki
08/30/2025, 10:27 PM@Marvin I want your help to fix and properly enhance my stack, here's my compose file:
Copy code
name: prefect-wizard
services:
nginx:
image: nginx:latest
ports:
- "80:80" # Expose NGINX on port 80
volumes:
- ./proxies/nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- server
- api
- keycloak
- oauth2-proxy
# VNC browser for local development to use for keycloak and oauth2-proxy
browser:
image: jlesage/firefox
ports:
- "5800:5800"
environment:
# Optional: Set a password for the VNC web interface
- VNC_PASSWORD=my_password
depends_on:
- keycloak
- oauth2-proxy
- nginx
keycloak:
image: <http://quay.io/keycloak/keycloak:24.0|quay.io/keycloak/keycloak:24.0>
command: [ "start-dev", "--http-port=8080" ]
environment:
KC_BOOTSTRAP_ADMIN_USERNAME: admin
KC_BOOTSTRAP_ADMIN_PASSWORD: admin
#KC_HOSTNAME: "keycloak" # no path, just host (and optional port)
KC_HOSTNAME_STRICT: "false" # dev convenience
KC_HOSTNAME_STRICT_HTTPS: "false" # dev convenience
KC_PROXY: "edge" # recommended when behind a proxy
ports:
- "8080:8080"
volumes:
- keycloak_data:/opt/keycloak/data
- ./keycloak/local/config.json:/opt/keycloak/conf/realm-config.json
oauth2-proxy:
image: <http://quay.io/oauth2-proxy/oauth2-proxy:v7.5.1|quay.io/oauth2-proxy/oauth2-proxy:v7.5.1>
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- "4180:4180"
command: [ "--config=/etc/oauth2-proxy.cfg" ]
volumes:
- "./proxies/oauth2-proxy.cfg:/etc/oauth2-proxy.cfg"
depends_on:
- keycloak
api:
build:
context: .
dockerfile: docker/api/nonprod/Dockerfile
ports:
- "9832:9832"
environment:
PREFECT_API_URL: <http://server:4200/api>
volumes:
- ./api:/app
- ./autoupdate:/app/autoupdate
- ./core:/app/core
extra_hosts:
- "host.docker.internal:host-gateway"
env_file:
- .env
restart: always
healthcheck:
test: [ "CMD-SHELL", "curl -f <http://localhost:9832/health> || exit 1" ]
interval: 5s
timeout: 5s
retries: 5
db:
...
redis:
...
server:
image: prefecthq/prefect:3.4.13-python3.11
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
environment:
PREFECT_API_DATABASE_CONNECTION_URL: <postgresql+asyncpg://prefect:prefect@db:5432/prefect>
PREFECT_SERVER_API_HOST: 0.0.0.0
PREFECT_UI_API_URL: "<http://localhost:4200/api>"
PREFECT_MESSAGING_BROKER: prefect_redis.messaging
PREFECT_MESSAGING_CACHE: prefect_redis.messaging
PREFECT_REDIS_MESSAGING_HOST: redis
PREFECT_REDIS_MESSAGING_PORT: 6379
PREFECT_REDIS_MESSAGING_DB: 0
PREFECT_LOGGING_LEVEL: DEBUG
PREFECT_LOGGING_LOG_PRINTS: True
PREFECT_SERVER_LOGGING_LEVEL: DEBUG
PREFECT_SERVER_LOGGING_LOG_PRINTS: True
#PREFECT_SERVER_API_AUTH_STRING: "admin:admin"
command: prefect server start --no-services
ports:
- "4200:4200"
healthcheck:
test: [ "CMD-SHELL", "python -c 'import json,urllib.request,sys; sys.exit(0 if json.loads(urllib.request.urlopen(\"<http://localhost:4200/api/health>\", timeout=1).read()) is True else 1)' " ]
interval: 5s
timeout: 3s
retries: 30
services:
...
create-deployment:
...
autoupdate-worker:
image: prefect-workpool
depends_on:
server:
condition: service_healthy
services:
condition: service_started
create-deployment:
condition: service_completed_successfully
environment:
PREFECT_API_URL: <http://server:4200/api>
DOCKER_HOST: <tcp://host.docker.internal:2375>
PREFECT_LOCAL_STORAGE_PATH: /logs/storage
# DOCKER_TLS_VERIFY: ${DOCKER_TLS_VERIFY:-}
# DOCKER_CERT_PATH: ${DOCKER_CERT_PATH:-}
restart: always
volumes:
- ./autoupdate:/opt/prefect/autoupdate
- ./core:/opt/prefect/autoupdate/core
- ${HOME}/.wizard:/logs
extra_hosts:
- "host.docker.internal:host-gateway"
env_file:
- .env
volumes:
postgres_data:
redis_data:
keycloak_data: Copy code
{
"clientId": "wizard-oauth",
"name": "wizard",
"description": "",
"rootUrl": "<http://nginx:80/wizard>",
"adminUrl": "<http://nginx:80/wizard>",
"baseUrl": "<http://nginx:80>",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "olcWi1lGcyrU82MtdvNgK8Nm7x4C8ieA",
"redirectUris": [
"<http://nginx:80/oauth2/callback>"
],
"webOrigins": [
"+"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": true,
"protocol": "openid-connect",
"attributes": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
} Copy code
provider = "keycloak-oidc"
oidc_issuer_url = "<http://keycloak:8080/realms/wizard>"
client_id = "wizard-oauth"
client_secret = "olcWi1lGcyrU82MtdvNgK8Nm7x4C8ieA"
cookie_secret = "bHEyY2E0dEZHSTlnY2hJa0FRWnRERURxaDg4Qm5qY3k="
email_domains = "*"
insecure_oidc_allow_unverified_email = true
http_address = "0.0.0.0:4180"
redirect_url = "<http://nginx:80/oauth2/callback>"
pass_access_token = true
skip_provider_button = true
reverse_proxy = true Copy code
# See reference:
# <https://github.com/pasha-r/oauth2_proxy/blob/master/docs/configuration/configuration.md#config-file>
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name localhost;
# The /oauth2/ location handles all OAuth2 Proxy traffic
location /oauth2/ {
proxy_pass <http://oauth2-proxy:4180>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Auth-Request-Redirect $request_uri;
}
# The /oauth2/auth location is the actual authentication endpoint
location = /oauth2/auth {
proxy_pass <http://oauth2-proxy:4180>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
}
# The / location is for the main Prefect UI
location / {
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
proxy_set_header X-User $user;
proxy_set_header X-Email $email;
# if you enabled --pass-access-token, this will pass the token to the backend
auth_request_set $token $upstream_http_x_auth_request_access_token;
proxy_set_header X-Access-Token $token;
proxy_pass <http://server:4200>;
}
}
}m
Marvin
08/30/2025, 10:27 PMYour message was too long, here's your message at the allowed limit:
I want your help to fix and properly enhance my stack here's my compose file
Copy code
name prefect-wizard services nginx image nginx latest ports - 80 80 # Expose NGINX on port 80 volumes - /proxies/nginx conf /etc/nginx/nginx conf ro depends_on - server - api - keycloak - oauth2-proxy # VNC browser for local development to use for keycloak and oauth2-proxy browser image jlesage/firefox ports - 5800 5800 environment # Optional Set a password for the VNC web interface - VNC_PASSWORD=my_password depends_on - keycloak - oauth2-proxy - nginx keycloak image <http //quay io/keycloak/keycloak 24 0|quay io/keycloak/keycloak 24 0> command [ start-dev --http-port=8080 ] environment KC_BOOTSTRAP_ADMIN_USERNAME admin KC_BOOTSTRAP_ADMIN_PASSWORD admin #KC_HOSTNAME keycloak # no path just host (and optional port) KC_HOSTNAME_STRICT false # dev convenience KC_HOSTNAME_STRICT_HTTPS false # dev convenience KC_PROXY edge # recommended when behind a proxy ports - 8080 8080 volumes - keycloak_data /opt/keycloak/data - /keycloak/local/config json /opt/keycloak/conf/realm-config json oauth2-proxy image <http //quay io/oauth2-proxy/oauth2-proxy v7 5 1|quay io/oauth2-proxy/oauth2-proxy v7 5 1> extra_hosts - host docker internal host-gateway ports - 4180 4180 command [ --config=/etc/oauth2-proxy cfg ] volumes - /proxies/oauth2-proxy cfg /etc/oauth2-proxy cfg depends_on - keycloak api build context dockerfile docker/api/nonprod/Dockerfile ports - 9832 9832 environment PREFECT_API_URL <http //server 4200/api> volumes - /api /app - /autoupdate /app/autoupdate - /core /app/core extra_hosts - host docker internal host-gateway env_file - env restart always healthcheck test [ CMD-SHELL curl -f <http //localhost 9832/health> || exit 1 ] interval 5s timeout 5s retries 5 db redis server image prefecthq/prefect 3 4 13-python3 11 depends_on db condition service_healthy redis condition service_healthy environment PREFECT_API_DATABASE_CONNECTION_URL <postgresql+asyncpg //prefect prefect@db 5432/prefect> PREFECT_SERVER_API_HOST 0 0 0 0 PREFECT_UI_API_URL <http //localhost 4200/api> PREFECT_MESSAGING_BROKER prefect_redis messaging PREFECT_MESSAGING_CACHE prefect_redis messaging PREFECT_REDIS_MESSAGING_HOST redis PREFECT_REDIS_MESSAGING_PORT 6379 PREFECT_REDIS_MESSAGING_DB 0 PREFECT_LOGGING_LEVEL DEBUG PREFECT_LOGGING_LOG_PRINTS True PREFECT_SERVER_LOGGING_LEVEL DEBUG PREFECT_SERVER_LOGGING_LOG_PRINTS True #PREFECT_SERVER_API_AUTH_STRING admin admin command prefect server start --no-services ports - 4200 4200 healthcheck test [ CMD-SHELL python -c 'import json urllib request sys; sys exit(0 if json loads(urllib request urlopen(\ <http //localhost 4200/api/health>\ timeout=1) read()) is True else 1)' ] interval 5s timeout 3s retries 30 services create-deployment autoupdate-worker image prefect-workpool depends_on server condition service_healthy services condition service_started create-deployment condition service_completed_successfully environment PREFECT_API_URL <http //server 4200/api> DOCKER_HOST <tcp //host docker internal 2375> PREFECT_LOCAL_STORAGE_PATH /logs/storage # DOCKER_TLS_VERIFY ${DOCKER_TLS_VERIFY -} # DOCKER_CERT_PATH ${DOCKER_CERT_PATH -} restart always volumes - /autoupdate /opt/prefect/autoupdate - /core /opt/prefect/autoupdate/core - ${HOME}/ wizard /logs extra_hosts - host docker internal host-gateway env_file - env volumes postgres_data redis_data keycloak_dataMarvin
08/30/2025, 10:27 PMse publicClient false frontchannelLogout true protocol openid-connect attributes { } fullScopeAllowed true nodeReRegistrationTimeout -1 defaultClientScopes [ web-origins acr roles profile email ] optionalClientScopes [ address phone offline_access microprofile-jwt ] access { view true configure true manage true } }``` Oauth-proxy ```provider = keycloak-oidc oidc_issuer_url = <http //keycloak 8080/realms/wizard> client_id =