From 635b96c72ea4fc84e253eccadf3c482eb7b1965d Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Sun, 22 Mar 2020 11:51:41 +0000 Subject: [PATCH] Update 'README.md' --- README.md | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 00dbc43..2b2071f 100644 --- a/README.md +++ b/README.md @@ -10,41 +10,41 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc) - Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder - Check if you are able to browse to `https:///lucidAuth.login.php` (where `` is the actual domain -or IP address- your webserver is listening on) - Edit your proxy's configuration to use the new website as forward proxy: - - #### ~~in Caddy/nginx~~ (planned for a later stage) + #### ~~in Caddy/nginx~~ (planned for a later stage) - - #### in Traefik + #### in Traefik Add the following lines (change to reflect your existing configuration): -##### 1.7 + ##### 1.7 ``` [frontends.server1] - entrypoints = ["https"] - backend = "server1" - [frontends.server1.auth.forward] - address = "https:///lucidAuth.validateRequest.php" - [frontends.server1.routes] - [frontends.server1.routes.ext] - rule = "Host:" + entrypoints = ["https"] + backend = "server1" + [frontends.server1.auth.forward] + address = "https:///lucidAuth.validateRequest.php" + [frontends.server1.routes] + [frontends.server1.routes.ext] + rule = "Host:" ``` -##### 2.0 + ##### 2.0 Either whitelist IP's which should be trusted to send `HTTP_X-Forwarded-*` headers, ór enable insecure-mode in your static configuration: ``` entryPoints: - https: - address: :443 - forwardedHeaders: - trustedIPs: - - "127.0.0.1/32" - - "192.168.1.0/24" - # insecure: true + https: + address: :443 + forwardedHeaders: + trustedIPs: + - "127.0.0.1/32" + - "192.168.1.0/24" + # insecure: true ``` Define a middleware that tells Traefik to forward requests for authentication in your dynamic file provider: ``` https: - middlewares: - ldap-authentication: - forwardAuth: - address: "https:///lucidAuth.validateRequest.php" - trustForwardHeader: true + middlewares: + ldap-authentication: + forwardAuth: + address: "https:///lucidAuth.validateRequest.php" + trustForwardHeader: true ``` And finally add the new middleware to your service (different methods; this depends on your configuration): ``` @@ -52,9 +52,9 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc) traefik.http.routers.router1.middlewares: "ldap-authentication@file" # as yaml (when using file provider) routers: - router1: - middlewares: - - "ldap-authentication" + router1: + middlewares: + - "ldap-authentication" ``` - #### Important!