Update 'README.md'
This commit is contained in:
parent
55413d20c5
commit
018b74e140
80
README.md
80
README.md
@ -1,32 +1,50 @@
|
|||||||
# lucidAuth
|
# lucidAuth [![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
|
||||||
[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
|
> *Respect* the unexpected, mitigate your risks
|
||||||
|
|
||||||
Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
|
Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
- Create a new folder, navigate to it in a commandprompt and run the following command:
|
- Create a new folder, navigate to it in a commandprompt and run the following command:
|
||||||
`git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git`
|
`git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git`
|
||||||
- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`
|
- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`
|
||||||
- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
|
- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
|
||||||
- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
|
- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
|
||||||
- Edit your proxy's configuration to use the new website as forward proxy:
|
- Edit your proxy's configuration to use the new website as forward proxy:
|
||||||
- #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small>
|
- #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small>
|
||||||
|
|
||||||
- #### in Traefik
|
- #### in Traefik
|
||||||
Add the following lines (change to reflect your existing configuration):
|
Add the following lines (change to reflect your existing configuration):
|
||||||
```
|
##### 1.7
|
||||||
[frontends.server1]
|
```
|
||||||
entrypoints = ["https"]
|
[frontends.server1]
|
||||||
backend = "server1"
|
entrypoints = ["https"]
|
||||||
[frontends.server1.auth.forward]
|
backend = "server1"
|
||||||
address = "https://<fqdn>/lucidAuth.validateRequest.php"
|
[frontends.server1.auth.forward]
|
||||||
[frontends.server1.routes]
|
address = "https://<fqdn>/lucidAuth.validateRequest.php"
|
||||||
[frontends.server1.routes.ext]
|
[frontends.server1.routes]
|
||||||
rule = "Host:<fqdn>"
|
[frontends.server1.routes.ext]
|
||||||
```
|
rule = "Host:<fqdn>"
|
||||||
|
```
|
||||||
- #### Important!
|
##### 2.0
|
||||||
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
|
In your dynamic file provider:
|
||||||
|
```
|
||||||
## Questions or bugs
|
https:
|
||||||
|
middlewares:
|
||||||
|
ldap-authentication:
|
||||||
|
forwardAuth:
|
||||||
|
address: "https://<fqdn>/lucidAuth.validateRequest.php"
|
||||||
|
trustForwardHeader: true
|
||||||
|
```
|
||||||
|
In your static configuration:
|
||||||
|
```
|
||||||
|
entryPoints:
|
||||||
|
https:
|
||||||
|
address: :443
|
||||||
|
insecure: true
|
||||||
|
```
|
||||||
|
|
||||||
|
- #### Important!
|
||||||
|
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
|
||||||
|
|
||||||
|
## Questions or bugs
|
||||||
Feel free to open issues in this repository.
|
Feel free to open issues in this repository.
|
Loading…
Reference in New Issue
Block a user