39 lines
1.4 KiB
Markdown
39 lines
1.4 KiB
Markdown
|
google_auth_proxy
|
||
|
|
=================
|
||
|
|
|
||
|
|
A reverse proxy that acts as an authentication layer using Google Oauth2 to validate
|
||
|
|
individual accounts, or a whole google apps domain.
|
||
|
|
|
||
|
|
|
||
|
|
## Structure
|
||
|
|
|
||
|
|
|
||
|
|
```
|
||
|
|
_______ ___________________ __________
|
||
|
|
|Nginx| ----> |google_auth_proxy| ----> |upstream|
|
||
|
|
------- ------------------- ----------
|
||
|
|
||
|
||
|
|
\/
|
||
|
|
[google oauth2 api]
|
||
|
|
|
||
|
|
```
|
||
|
|
|
||
|
|
## Configuration
|
||
|
|
|
||
|
|
1) visit to Google Api Console https://code.google.com/apis/console/
|
||
|
|
2) under "API Access", choose "Create an OAuth 2.0 Client ID"
|
||
|
|
3) Edit the application settings, and list the Redirect URI(s) where you will run your application. For example:
|
||
|
|
`https://internalapp.yourcompany.com/oauth2/callback`
|
||
|
|
|
||
|
|
## Usage
|
||
|
|
|
||
|
|
```
|
||
|
|
./google_auth_proxy
|
||
|
|
-client-id="": the Google OAuth Client ID: ie: "123456.apps.googleusercontent.com"
|
||
|
|
-client-secret="": the OAuth Client secret
|
||
|
|
-cookie-secret="": the seed for cookie values
|
||
|
|
-redirect-url="": the http base to redirect to. ie: https://internalapp.yourcompany.com/oauth2/callback
|
||
|
|
-htpasswd-file="": additionally lookup basic auth in a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
|
||
|
|
-pass-basic-auth=true: pass basic auth information to upstream
|
||
|
|
-upstream=[]: the http url(s) of the upstream endpoint(s). If multiple, routing is based on URL path
|
||
|
|
```
|