Periodic merge upstream #5

Manually merged
djpbessems merged 13 commits from development into master 2019-12-30 12:18:50 +00:00
Showing only changes of commit aabc6cf196 - Show all commits

View File

@ -1,5 +1,5 @@
# lucidAuth # lucidAuth [![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#) > *Respect* the unexpected, mitigate your risks
Forward Authentication for use with proxies (caddy, nginx, traefik, etc) Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
@ -14,6 +14,7 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
- #### in Traefik - #### in Traefik
Add the following lines (change to reflect your existing configuration): Add the following lines (change to reflect your existing configuration):
##### 1.7
``` ```
[frontends.server1] [frontends.server1]
entrypoints = ["https"] entrypoints = ["https"]
@ -24,6 +25,40 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
[frontends.server1.routes.ext] [frontends.server1.routes.ext]
rule = "Host:<fqdn>" rule = "Host:<fqdn>"
``` ```
##### 2.0
Either whitelist IP's which should be trusted to send `HTTP_X-Forwarded-*` headers, ór enable insecure-mode in your static configuration:
```
entryPoints:
https:
address: :443
forwardedHeaders:
trustedIPs:
- "127.0.0.1/32"
- "192.168.1.0/24"
# insecure: true
```
Define a middleware that tells Traefik to forward requests for authentication in your dynamic file provider:
```
https:
middlewares:
ldap-authentication:
forwardAuth:
address: "https://<fqdn>/lucidAuth.validateRequest.php"
trustForwardHeader: true
```
And finally add the new middleware to your service (different methods; this depends on your configuration):
```
# as a label (when using Docker provider)
traefik.http.routers.router1.middlewares: "ldap-authentication@file"
# as yaml (when using file provider)
routers:
router1:
middlewares:
- "ldap-authentication"
```
- #### Important!
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
## Questions or bugs ## Questions or bugs
Feel free to open issues in this repository. Feel free to open issues in this repository.