From 5c2ae98afbb0f088ca86ae01d493f1abd90939f1 Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Mon, 9 Dec 2019 09:27:59 +0000 Subject: [PATCH] Update 'README.md' --- README.md | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 522cf15..00dbc43 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,18 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc) rule = "Host:" ``` ##### 2.0 - In your dynamic file provider: + Either whitelist IP's which should be trusted to send `HTTP_X-Forwarded-*` headers, ór enable insecure-mode in your static configuration: + ``` + entryPoints: + https: + address: :443 + forwardedHeaders: + trustedIPs: + - "127.0.0.1/32" + - "192.168.1.0/24" + # insecure: true + ``` + Define a middleware that tells Traefik to forward requests for authentication in your dynamic file provider: ``` https: middlewares: @@ -35,12 +46,15 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc) address: "https:///lucidAuth.validateRequest.php" trustForwardHeader: true ``` - In your static configuration: + And finally add the new middleware to your service (different methods; this depends on your configuration): ``` - entryPoints: - https: - address: :443 - insecure: true + # as a label (when using Docker provider) + traefik.http.routers.router1.middlewares: "ldap-authentication@file" + # as yaml (when using file provider) + routers: + router1: + middlewares: + - "ldap-authentication" ``` - #### Important!