Simple request proxy with Zitadel authentication intended for use in glanceapp/glance
Reddit blocks IP of VPS where the glance app is hosted. With this, the request can be proxied through self-hosted infrastructure while keeping it private.
-
Setup Zitadel
-
Register and create a project if you don't have one
-
Open Roles, create new one (ex. reddit-forward-proxy-access)
-
Go to General, and create an application
- Give it a name (ex. reddit-forward-proxy)
- Select API
- Keep 'Private Key JWT'
- Click create (no need to copy clientId)
- Add new Key (JSON, you can leave expiration empty) and download it
-
Go to Users tab > Service Users
- Create new one
- Fill necessary fields (ex. glance-app)
- Keep Access Token Type 'Bearer'
- Afterwards, open Personal Access Tokens, generate new one, copy and save the token
- Authorizations > New > select your project > add previously created (1.2) role, and save it
-
-
Prepare
reddit-forward-proxy
-
(Run the followings in machine with the "safe" IP)
-
Clone the repo and
cd
into it
git clone https://github.com/lastarc/reddit-forward-proxy.git cd reddit-forward-proxy
- Build the docker image
docker build . -t reddit-forward-proxy
-
Copy/move the key file (1.3.5) to this machine
-
Run the image
docker run -it -rm \ -v /path/to/key/xxxxxxxxxxxxxxxxxx.json:/app/key.json -p 8089:8089 reddit-forward-proxy /app/server --domain yourdomain.zitadel.cloud --key /app/key.json
- (Optional) Setup a reverse proxy (ex. cloudflared)
-
-
Add
request-url-template: <reddit-forward-proxy access url>/api/proxy?apiKey=<PAT from 1.4.4>&url={REQUEST-URL}
to yourglance.yml
...
- type: reddit
subreddit: selfhosted
+ request-url-template: reddit-forward-proxy.mydomain.com/api/proxy?apiKey=COp...jYI&url={REQUEST-URL}
- Done?
- Make auth optional
- Fix up defaults for docker image
(
... /app/server --domain yourdomain.zitadel.cloud --key /app/key.json
is too verbose)