discourse
/
discourse-auth-proxy
mirror of https://github.com/discourse/discourse-auth-proxy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
An http proxy that uses the DiscourseConnect protocol to authenticate users
68 Commits 5 Branches 0 Tags 129 KiB
Go 100%
Go to file
Leonardo Mosquera 0df66c9afa
Extract allowedByWhiteList for unit testability, and add tests 		2023-12-20 16:50:57 -03:00
internal/httpproxy Optionally use DNS SRV records for origin discovery 2019-05-07 04:48:50 +10:00
.gitignore Initial commit 2015-04-15 13:18:18 +10:00
Dockerfile docker: debian bullseye -> bookworm 2023-12-05 03:26:54 +11:00
Makefile DEV: release Makefile target and documentation 2022-04-06 14:06:08 +00:00
README.md DEV: release Makefile target and documentation 2022-04-06 14:06:08 +00:00
config.go Add --whitelist-prefix option to allowlist a path prefix 2023-12-20 15:56:35 -03:00
docker-entrypoint switch to go modules 2020-11-06 08:50:35 +11:00
go.mod FEATURE: add support for allowGroups setting 2020-12-16 15:43:35 +11:00
go.sum FEATURE: add support for allowGroups setting 2020-12-16 15:43:35 +11:00
logging.go Add error logging to aid in SSO debugging 2019-07-24 00:25:54 +10:00
main.go Extract allowedByWhiteList for unit testability, and add tests 2023-12-20 16:50:57 -03:00
main_test.go Extract allowedByWhiteList for unit testability, and add tests 2023-12-20 16:50:57 -03:00
string_set.go FEATURE: add support for allowGroups setting 2020-12-16 15:43:35 +11:00

README.md

Discourse Auth Proxy

This package allows you to use Discourse as an SSO endpoint for an arbitrary site.

Discourse SSO is invoked prior to serving the proxied site. This allows you to reuse Discourse Auth in a site that ships with no auth.

Usage:

Usage of ./discourse-auth-proxy:
  -listen-url="": uri to listen on eg: localhost:2001. leave blank to set equal to proxy-url
  -origin-url="": origin to proxy eg: http://localhost:2002
  -proxy-url="": outer url of this host eg: http://secrets.example.com
  -sso-secret="": SSO secret for origin
  -sso-url="": SSO endpoint eg: http://discourse.example.com
  -allow-all: don't restrict access to "admin" users on the SSO endpoint
  -timeout="10": Read/Write timeout

+--------+    proxy-url   +---------+    listen-url    +----------------------+
|  User  |  ============> |  Nginx  |  ==============> | discourse-auth-proxy |
+--------+                +---------+                  +----------------------+
    |                                                             |
    | sso-url                                          origin-url |
    |                                                             |
    v                                                             v
+-----------+                                          +----------------------+
| Discourse |                                          | Protected web server |
+-----------+                                          +----------------------+

Environment variables may be used as a substitute for command-line flags, e.g.:

ORIGIN_URL='http://somesite.com' \
PROXY_URL='http://listen.com' \
SSO_SECRET='somesecret' \
SSO_URL='http://somediscourse.com' \
./discourse-auth-proxy

-origin-url may specify a name equipped with RFC 2782 DNS SRV records, such as http://_foo._tcp.example.com. If SRV records are found in the DNS, each request is proxied to a host and port taken from these records.

Docker Image

You may run using docker using

docker run discourse/auth-proxy

Running will display configuration instructions

You may build an image using

make build

After building, you may publish it as a new release -- i.e. latest tag -- using

make release TAG=20220406.135620

(Replace with the actual built tag.)