Public | Automated Build

Last pushed: a year ago
Short Description
Short description is empty for this repo.
Full Description

Wordpress OAuth2 Proxy

A reverse proxy using WP OAuth Server as an authentication scheme.

You can use it to expose any internal service to your Wordpress users.


Install the Wordpress plugin

First, you need to install WP OAuth
on your Wordpress site.

In WP-CLI...

$ wp plugin install --activate oauth2-provider

Create a new client

From your
page, click "Add New Client", and set the redirect URI to
https://YOUR_SERVICE/auth/wordpress/callback, where YOUR_SERVICE is the
public name of your wordpress-oauth2-proxy.

Copy the Client ID and Secret for the client from this page.

Configure the proxy

It is easiest to use Docker with Docker
, but if you prefer you can simply
set the appropriate environment variables and run node index.js.

If you are not using Docker, you will need to install node and
MongoDB (or get a hosted MongoDB database from
Compose). The database is merely used to persist
authenticated clients.

Copy docker-compose.example.yml into your project, and adjust the environment
variables as appropriate, then run docker-compose up.

Variable Explanation
HOST The external hostname for your service
TARGET The internal hostname of the service to expose through the authenticated proxy. Commonly a linked image.
TARGET_SCHEME "http" or "https"
TARGET_PREPEND A path to be prepended to every request through the proxy
HTTP_PORT Default: 80
HTTPS_PORT Default: 443
HTTPS_FORCE Enable to redirect all non-https requests
KEY_FILE Path to a TLS certificate key
CERT_FILE Path to a TLS certificate
DB_URI A MongoDB database (by default running in a linked container)
SESSION_SECRET Change this to any random string
OAUTH_CLIENT_ID The Client ID you created in Wordpress.
OAUTH_CLIENT_SECRET The Secret you created in Wordpress.
OAUTH_URL The SITEURL of the Wordpress instance.
OAUTH_CALLBACK_URL Prefix with the external URI of your service (such as a CNAME pointing to this Docker host). The /auth/wordpress/callback route is handled by wordpress-oauth2-proxy.
SECRET_TOKEN_HEADER Optionally accept a secret token on this header for unauthenticated requests ($SECRET_TOKEN) (for example, X-Gitlab-Token)
SECRET_TOKEN A secret token which must match $SECRET_TOKEN_HEADER if enabled and the request is not authenticated by oAuth.

Make sure that TARGET is not publicly accessible, or
unauthenticated users can simply ignore your reverse proxy!

With the proxy up and running, open the site in your browser, and verify the login process.

You're done!


You will need docker and docker-compose installed.

$ git clone
$ cd wordpress-oauth2-proxy
$ mv docker-compose.example.yml docker-compose.yml

# Modify docker-compose.yml for your environment...

$ docker-compose up


Copyright (c) 2015 Logan Koester. Released under the MIT license. See LICENSE for details.

Docker Pull Command

Comments (0)