From 07f0c49c3f460f2d75b3f5054ee152b7a3c8634f Mon Sep 17 00:00:00 2001 From: SashkoMarchuk Date: Sat, 4 Apr 2026 11:38:28 +0700 Subject: [PATCH 1/2] fix(oauth2-proxy): migrate domain references from speedandfunction.com to gluzdov.com MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update OAuth2 proxy cookie domains, whitelist domains, redirect URL, CSRF cookie domain, and sign-out URL to use gluzdov.com — matching the production ALB/DNS configuration. EMAIL_DOMAINS intentionally kept as speedandfunction.com (corporate Google Workspace domain). Co-Authored-By: Claude Opus 4.6 --- docker-compose.prod.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index b492a7e..f28f769 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -85,11 +85,11 @@ services: - OAUTH2_PROXY_EMAIL_DOMAINS=speedandfunction.com # Required settings - - OAUTH2_PROXY_COOKIE_DOMAINS=.temporal.speedandfunction.com - - OAUTH2_PROXY_WHITELIST_DOMAINS=.temporal.speedandfunction.com + - OAUTH2_PROXY_COOKIE_DOMAINS=.temporal.gluzdov.com + - OAUTH2_PROXY_WHITELIST_DOMAINS=.temporal.gluzdov.com - OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:8080 - OAUTH2_PROXY_UPSTREAMS=http://temporal-ui:8080 - - OAUTH2_PROXY_REDIRECT_URL=${OAUTH2_PROXY_REDIRECT_URL:-https://temporal.speedandfunction.com/oauth2/callback} + - OAUTH2_PROXY_REDIRECT_URL=${OAUTH2_PROXY_REDIRECT_URL:-https://temporal.gluzdov.com/oauth2/callback} - OAUTH2_PROXY_COOKIE_SECRET=${OAUTH2_PROXY_COOKIE_SECRET:?OAUTH2_PROXY_COOKIE_SECRET is required} # Cookie settings @@ -103,7 +103,7 @@ services: # CSRF protection settings - OAUTH2_PROXY_CSRF_COOKIE_NAME=_oauth2_proxy_csrf - OAUTH2_PROXY_CSRF_COOKIE_SECURE=true - - OAUTH2_PROXY_CSRF_COOKIE_DOMAIN=.temporal.speedandfunction.com + - OAUTH2_PROXY_CSRF_COOKIE_DOMAIN=.temporal.gluzdov.com - OAUTH2_PROXY_CSRF_COOKIE_HTTPONLY=true - OAUTH2_PROXY_CSRF_COOKIE_SAMESITE=lax @@ -111,7 +111,7 @@ services: - OAUTH2_PROXY_SHOW_DEBUG_ON_ERROR=true # Logout settings - - OAUTH2_PROXY_SIGN_OUT_URL=https://temporal.speedandfunction.com/oauth2/sign_out + - OAUTH2_PROXY_SIGN_OUT_URL=https://temporal.gluzdov.com/oauth2/sign_out healthcheck: test: ["CMD", "wget", "-O", "/dev/null", "-q", "http://localhost:8080/oauth2/health"] interval: 10s From f63f289ff13ebba2102e27f1c3fb5b81ef573242 Mon Sep 17 00:00:00 2001 From: SashkoMarchuk Date: Sat, 4 Apr 2026 12:23:52 +0700 Subject: [PATCH 2/2] fix(oauth2-proxy): make SIGN_OUT_URL configurable via env var Apply CodeRabbit nitpick: use ${VAR:-default} pattern for SIGN_OUT_URL to match REDIRECT_URL convention. Zero-cost consistency improvement. Co-Authored-By: Claude Opus 4.6 --- docker-compose.prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index f28f769..b793618 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -111,7 +111,7 @@ services: - OAUTH2_PROXY_SHOW_DEBUG_ON_ERROR=true # Logout settings - - OAUTH2_PROXY_SIGN_OUT_URL=https://temporal.gluzdov.com/oauth2/sign_out + - OAUTH2_PROXY_SIGN_OUT_URL=${OAUTH2_PROXY_SIGN_OUT_URL:-https://temporal.gluzdov.com/oauth2/sign_out} healthcheck: test: ["CMD", "wget", "-O", "/dev/null", "-q", "http://localhost:8080/oauth2/health"] interval: 10s