Periodic merge upstream #5
21
README.md
21
README.md
@ -1,19 +1,19 @@
|
|||||||
# lucidAuth
|
# lucidAuth
|
||||||
[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
|
[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
|
||||||
|
|
||||||
Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
|
Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
- Create a new folder, navigate to it in a commandprompt and run the following command:
|
- Create a new folder, navigate to it in a commandprompt and run the following command:
|
||||||
`git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git`
|
`git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git`
|
||||||
- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`
|
- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`
|
||||||
- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
|
- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
|
||||||
- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
|
- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
|
||||||
- Edit your proxy's configuration to use the new website as forward proxy:
|
- Edit your proxy's configuration to use the new website as forward proxy:
|
||||||
- #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small>
|
- #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small>
|
||||||
|
|
||||||
- #### in Traefik
|
- #### in Traefik
|
||||||
Add the following lines (change to reflect your existing configuration):
|
Add the following lines (change to reflect your existing configuration):
|
||||||
```
|
```
|
||||||
[frontends.server1]
|
[frontends.server1]
|
||||||
entrypoints = ["https"]
|
entrypoints = ["https"]
|
||||||
@ -25,8 +25,5 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
|
|||||||
rule = "Host:<fqdn>"
|
rule = "Host:<fqdn>"
|
||||||
```
|
```
|
||||||
|
|
||||||
- #### Important!
|
|
||||||
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
|
|
||||||
|
|
||||||
## Questions or bugs
|
## Questions or bugs
|
||||||
Feel free to open issues in this repository.
|
Feel free to open issues in this repository.
|
@ -18,6 +18,16 @@ return (object) array(
|
|||||||
// Specify the NetBios name of the domain; to allow users to log on with just their usernames.
|
// Specify the NetBios name of the domain; to allow users to log on with just their usernames.
|
||||||
],
|
],
|
||||||
|
|
||||||
|
'2FA' => [
|
||||||
|
'Protocol' => 'TOTP', // Possible options are HOTP (sequential codes) and TOTP (timebased codes)
|
||||||
|
'TOTP' => [
|
||||||
|
'Secret' => 'NULL', // By default, a 512 bits secret is generated. If you need, you can provide your own secret here.
|
||||||
|
'Age' => '30', // The duration that each OTP code is valid for.
|
||||||
|
'Length' => '6', // Number of digits the OTP code will consist of.
|
||||||
|
'Algorithm' => 'SHA256' // The hashing algorithm used.
|
||||||
|
],
|
||||||
|
],
|
||||||
|
|
||||||
'Sqlite' => [
|
'Sqlite' => [
|
||||||
'Path' => '../data/lucidAuth.sqlite.db'
|
'Path' => '../data/lucidAuth.sqlite.db'
|
||||||
// Relative path to the location where the database should be stored
|
// Relative path to the location where the database should be stored
|
||||||
@ -37,6 +47,9 @@ return (object) array(
|
|||||||
'CrossDomainLogin' => False,
|
'CrossDomainLogin' => False,
|
||||||
// Set this to True if SingleSignOn (albeit rudementary) is desired
|
// Set this to True if SingleSignOn (albeit rudementary) is desired
|
||||||
// (cookies are inheritently unaware of each other; clearing cookies for one domain does not affect other domains)
|
// (cookies are inheritently unaware of each other; clearing cookies for one domain does not affect other domains)
|
||||||
|
// Important!
|
||||||
|
// If you leave this set to False, the domainname where lucidAuth will be running on,
|
||||||
|
// needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing the authentication proxy.
|
||||||
'CookieDomains' => [
|
'CookieDomains' => [
|
||||||
'domain1.tld' #, 'domain2.tld', 'subdomain.domain3.tld'
|
'domain1.tld' #, 'domain2.tld', 'subdomain.domain3.tld'
|
||||||
]
|
]
|
||||||
|
Loading…
Reference in New Issue
Block a user