Update 'README.md'

This commit is contained in:
Danny Bessems 2019-12-06 14:08:19 +00:00
parent 55413d20c5
commit 018b74e140

View File

@ -1,32 +1,50 @@
# lucidAuth # lucidAuth [![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#) > *Respect* the unexpected, mitigate your risks
Forward Authentication for use with proxies (caddy, nginx, traefik, etc) Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
## Usage ## Usage
- Create a new folder, navigate to it in a commandprompt and run the following command: - Create a new folder, navigate to it in a commandprompt and run the following command:
`git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git` `git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git`
- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php` - Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`
- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder - Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on) - Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
- Edit your proxy's configuration to use the new website as forward proxy: - Edit your proxy's configuration to use the new website as forward proxy:
- #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small> - #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small>
- #### in Traefik - #### in Traefik
Add the following lines (change to reflect your existing configuration): Add the following lines (change to reflect your existing configuration):
``` ##### 1.7
[frontends.server1] ```
entrypoints = ["https"] [frontends.server1]
backend = "server1" entrypoints = ["https"]
[frontends.server1.auth.forward] backend = "server1"
address = "https://<fqdn>/lucidAuth.validateRequest.php" [frontends.server1.auth.forward]
[frontends.server1.routes] address = "https://<fqdn>/lucidAuth.validateRequest.php"
[frontends.server1.routes.ext] [frontends.server1.routes]
rule = "Host:<fqdn>" [frontends.server1.routes.ext]
``` rule = "Host:<fqdn>"
```
- #### Important! ##### 2.0
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy. In your dynamic file provider:
```
## Questions or bugs https:
middlewares:
ldap-authentication:
forwardAuth:
address: "https://<fqdn>/lucidAuth.validateRequest.php"
trustForwardHeader: true
```
In your static configuration:
```
entryPoints:
https:
address: :443
insecure: true
```
- #### Important!
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
## Questions or bugs
Feel free to open issues in this repository. Feel free to open issues in this repository.