{"id":16054830,"url":"https://github.com/cristianbica/auth-proxy","last_synced_at":"2025-04-05T07:23:44.024Z","repository":{"id":56842664,"uuid":"77146948","full_name":"cristianbica/auth-proxy","owner":"cristianbica","description":null,"archived":false,"fork":false,"pushed_at":"2016-12-28T00:52:14.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-04-26T16:04:27.359Z","etag":null,"topics":["authentication","proxy","ruby"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cristianbica.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-12-22T13:31:29.000Z","updated_at":"2016-12-22T13:31:36.000Z","dependencies_parsed_at":"2022-08-29T12:40:26.755Z","dependency_job_id":null,"html_url":"https://github.com/cristianbica/auth-proxy","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cristianbica%2Fauth-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cristianbica%2Fauth-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cristianbica%2Fauth-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cristianbica%2Fauth-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cristianbica","download_url":"https://codeload.github.com/cristianbica/auth-proxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247301628,"owners_count":20916545,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","proxy","ruby"],"created_at":"2024-10-09T02:04:19.883Z","updated_at":"2025-04-05T07:23:44.001Z","avatar_url":"https://github.com/cristianbica.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Auth::Proxy\n\nExternal auth for your web services.\n\nIMPORTANT: This is still under development and untested\n\n## Usage\n\nCreate a directorry for your auth-proxy app.\n\nCreate a Gemfile and add the auth-proxy gem and any omniauth gems you want to use:\n\n```ruby\ngem \"auth-proxy\"\ngem \"omniauth-facebook\"\ngem \"omniauth-twitter\"\n```\n\nAnd then execute:\n\n    $ bundle install\n\nCreate a config.ru file:\n\n```ruby\nrequire \"auth-proxy\"\nrequire \"omniauth-facebook\"\n\nAuthProxy.configure do |config|\n  config.ssl = true\n  config.register :facebook,\n    display_name: \"Facebook\",\n    app_id: \"ID\",\n    app_secret: \"SECRET\"\nend\n\nrun AuthProxy.app\n```\n\nAnd then execute\n\n    $ AUTH_PROXY_APP_DOMAIN=auth.my.domain AUTH_PROXY_COOKIE_DOMAIN=my.domain rackup config.ru\n\n\nNow you can proxy requests through this app to be authenticated. One nice way of doing this is using nginx's\n`auth_request` directive. Assuming you have different services under ops.company.tld domain\n(service1.ops.company.tld service2.ops.company.tld etc) you would setup auth-proxy to run under\nauth.ops.company.tld and keep the cookies under ops.company.tld so they will be available on all services:\n\n    $ AUTH_PROXY_APP_DOMAIN=auth.ops.company.tld AUTH_PROXY_COOKIE_DOMAIN=ops.company.tld rackup -p 5000 config.ru\n\nIn front of the auth-proxy you will have an nginx (or more nginx loadbalancers) with the following config:\n\n```\nworker_processes 1;\n\nevents {\n  worker_connections  1024;\n}\n\nhttp {\n  upstream auth {\n    server 127.0.0.1:6000 fail_timeout=0;\n  }\n\n  server {\n    listen 80;\n    server_name auth.ops.company.tld;\n\n    location / {\n      proxy_pass http://auth;\n      proxy_set_header Host $http_host;\n      proxy_set_header X-Real-IP $remote_addr;\n      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n      proxy_set_header X-Forwarded-Proto $scheme;\n    }\n  }\n}\n```\n\nNow for each app that needs to be authenticated you will need a nginx in front of it with the following\nconfig:\n\n```\nworker_processes 1;\n\nevents {\n  worker_connections  1024;\n}\n\nhttp {\n  upstream service1 {\n    server 127.0.0.1:7000 fail_timeout=0;\n  }\n\n\n  server {\n    listen 7000;\n    server_name service1.ops.company.tld;\n\n    auth_request /auth/try;\n\n    # optional - if you need to pass to your app headers set by the auth-proxy\n    auth_request_set $auth_proxy_user_name $upstream_http_x_auth_proxy_user_name;\n    auth_request_set $auth_proxy_user_email $upstream_http_x_auth_proxy_user_email;\n    auth_request_set $auth_proxy_user_id $upstream_http_x_auth_proxy_user_id;\n    auth_request_set $auth_proxy_user_provider $upstream_http_x_auth_proxy_user_provider;\n    auth_request_set $auth_proxy_user_token $upstream_http_x_auth_proxy_user_token;\n    # optional end\n\n    error_page 401 403 =200 @login;\n    location @login {\n      return 301 https://auth.ops.company.tld/login?return_to=https://$http_host$request_uri;\n    }\n\n    location = /auth/try {\n      proxy_pass http://auth..ops.company.tld;\n      proxy_pass_request_body off;\n      proxy_set_header Content-Length \"\";\n    }\n\n    location / {\n      proxy_pass http://service1;\n      proxy_set_header Host $http_host;\n      proxy_set_header X-Real-IP $remote_addr;\n      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n      proxy_set_header X-Forwarded-Proto $scheme;\n      # optional - if you need to pass to your app headers set by the auth-proxy\n      proxy_set_header X-Auth-Proxy-User-Name $auth_proxy_user_name;\n      proxy_set_header X-Auth-Proxy-User-Email $auth_proxy_user_email;\n      proxy_set_header X-Auth-Proxy-User-ID $auth_proxy_user_id;\n      proxy_set_header X-Auth-Proxy-User-provider $auth_proxy_user_provider;\n      proxy_set_header X-Auth-Proxy-User-token $auth_proxy_user_token;\n      # optional end\n    }\n  }\n\n}\n```\n\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at https://github.com/cristianbica/auth-proxy.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcristianbica%2Fauth-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcristianbica%2Fauth-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcristianbica%2Fauth-proxy/lists"}