djpbessems
/
lucidAuth
1
1
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Update 'README.md'

This commit is contained in:
Danny Bessems 2019-12-09 09:27:59 +00:00
parent 018b74e140
commit 5c2ae98afb
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@ -26,7 +26,18 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
rule = "Host:<fqdn>"
```
##### 2.0
In your dynamic file provider:
Either whitelist IP's which should be trusted to send `HTTP_X-Forwarded-*` headers, ór enable insecure-mode in your static configuration:
```
entryPoints:
https:
address: :443
forwardedHeaders:
trustedIPs:
- "127.0.0.1/32"
- "192.168.1.0/24"
# insecure: true
```
Define a middleware that tells Traefik to forward requests for authentication in your dynamic file provider:
```
https:
middlewares:
@ -35,12 +46,15 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
address: "https://<fqdn>/lucidAuth.validateRequest.php"
trustForwardHeader: true
```
In your static configuration:
And finally add the new middleware to your service (different methods; this depends on your configuration):
```
entryPoints:
https:
address: :443
insecure: true
# as a label (when using Docker provider)
traefik.http.routers.router1.middlewares: "ldap-authentication@file"
# as yaml (when using file provider)
routers:
router1:
middlewares:
- "ldap-authentication"
```
- #### Important!