- Update oauth2-proxy with working GitHub OAuth config
- Add OAUTH2_PROXY_SCOPE=user for proper user info retrieval
- Add OAUTH2_PROXY_UPSTREAMS to proxy staging traffic
- Route staging.domain through oauth2-proxy
- Set *.staging DNS to non-proxied for Let's Encrypt SSL
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Go regexp doesn't support negative lookahead (?!...).
Use proper anchored regex with escaped dots.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Using file() instead of templatefile() so $${VAR} isn't processed.
Changed to ${VAR} for proper docker-compose variable interpolation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Enable Forgejo registration for OAuth users (DISABLE_REGISTRATION=false)
- Use public URL for Woodpecker OAuth redirects instead of internal hostname
- Add WOODPECKER_OPEN=true to allow new user registrations
- Bcrypt hash OAuth client secret before storing in database
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
