djpbessems
/
lucidAuth
1
1
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Update 'README.md'

This commit is contained in:
Danny Bessems 2020-03-22 11:51:41 +00:00
parent 69bb1368cb
commit 635b96c72e
1 changed files with 26 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
README.md
View File

@ -10,41 +10,41 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder - Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on) - Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
- Edit your proxy's configuration to use the new website as forward proxy: - Edit your proxy's configuration to use the new website as forward proxy:
- #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small> #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small>
- #### in Traefik #### in Traefik
Add the following lines (change to reflect your existing configuration): Add the following lines (change to reflect your existing configuration):
##### 1.7 ##### 1.7
``` ```
[frontends.server1] [frontends.server1]
entrypoints = ["https"] entrypoints = ["https"]
backend = "server1" backend = "server1"
[frontends.server1.auth.forward] [frontends.server1.auth.forward]
address = "https://<fqdn>/lucidAuth.validateRequest.php" address = "https://<fqdn>/lucidAuth.validateRequest.php"
[frontends.server1.routes] [frontends.server1.routes]
[frontends.server1.routes.ext] [frontends.server1.routes.ext]
rule = "Host:<fqdn>" rule = "Host:<fqdn>"
``` ```
##### 2.0 ##### 2.0
Either whitelist IP's which should be trusted to send `HTTP_X-Forwarded-*` headers, ór enable insecure-mode in your static configuration: Either whitelist IP's which should be trusted to send `HTTP_X-Forwarded-*` headers, ór enable insecure-mode in your static configuration:
``` ```
entryPoints: entryPoints:
https: https:
address: :443 address: :443
forwardedHeaders: forwardedHeaders:
trustedIPs: trustedIPs:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.0/24" - "192.168.1.0/24"
# insecure: true # insecure: true
``` ```
Define a middleware that tells Traefik to forward requests for authentication in your dynamic file provider: Define a middleware that tells Traefik to forward requests for authentication in your dynamic file provider:
``` ```
https: https:
middlewares: middlewares:
ldap-authentication: ldap-authentication:
forwardAuth: forwardAuth:
address: "https://<fqdn>/lucidAuth.validateRequest.php" address: "https://<fqdn>/lucidAuth.validateRequest.php"
trustForwardHeader: true trustForwardHeader: true
``` ```
And finally add the new middleware to your service (different methods; this depends on your configuration): And finally add the new middleware to your service (different methods; this depends on your configuration):
``` ```
@ -52,9 +52,9 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
traefik.http.routers.router1.middlewares: "ldap-authentication@file" traefik.http.routers.router1.middlewares: "ldap-authentication@file"
# as yaml (when using file provider) # as yaml (when using file provider)
routers: routers:
router1: router1:
middlewares: middlewares:
- "ldap-authentication" - "ldap-authentication"
``` ```
- #### Important! - #### Important!