Pulled changes from master
This commit is contained in:
parent
f7760ab568
commit
aabc6cf196
53
README.md
53
README.md
@ -1,5 +1,5 @@
|
||||
# lucidAuth
|
||||
[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
|
||||
# lucidAuth [![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
|
||||
> *Respect* the unexpected, mitigate your risks
|
||||
|
||||
Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
|
||||
|
||||
@ -14,16 +14,51 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
|
||||
|
||||
- #### in Traefik
|
||||
Add the following lines (change to reflect your existing configuration):
|
||||
##### 1.7
|
||||
```
|
||||
[frontends.server1]
|
||||
entrypoints = ["https"]
|
||||
backend = "server1"
|
||||
[frontends.server1.auth.forward]
|
||||
address = "https://<fqdn>/lucidAuth.validateRequest.php"
|
||||
[frontends.server1.routes]
|
||||
[frontends.server1.routes.ext]
|
||||
rule = "Host:<fqdn>"
|
||||
entrypoints = ["https"]
|
||||
backend = "server1"
|
||||
[frontends.server1.auth.forward]
|
||||
address = "https://<fqdn>/lucidAuth.validateRequest.php"
|
||||
[frontends.server1.routes]
|
||||
[frontends.server1.routes.ext]
|
||||
rule = "Host:<fqdn>"
|
||||
```
|
||||
##### 2.0
|
||||
Either whitelist IP's which should be trusted to send `HTTP_X-Forwarded-*` headers, ór enable insecure-mode in your static configuration:
|
||||
```
|
||||
entryPoints:
|
||||
https:
|
||||
address: :443
|
||||
forwardedHeaders:
|
||||
trustedIPs:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.0/24"
|
||||
# insecure: true
|
||||
```
|
||||
Define a middleware that tells Traefik to forward requests for authentication in your dynamic file provider:
|
||||
```
|
||||
https:
|
||||
middlewares:
|
||||
ldap-authentication:
|
||||
forwardAuth:
|
||||
address: "https://<fqdn>/lucidAuth.validateRequest.php"
|
||||
trustForwardHeader: true
|
||||
```
|
||||
And finally add the new middleware to your service (different methods; this depends on your configuration):
|
||||
```
|
||||
# as a label (when using Docker provider)
|
||||
traefik.http.routers.router1.middlewares: "ldap-authentication@file"
|
||||
# as yaml (when using file provider)
|
||||
routers:
|
||||
router1:
|
||||
middlewares:
|
||||
- "ldap-authentication"
|
||||
```
|
||||
|
||||
- #### Important!
|
||||
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
|
||||
|
||||
## Questions or bugs
|
||||
Feel free to open issues in this repository.
|
Loading…
Reference in New Issue
Block a user