https://github.com/discourse/discourse-auth-proxy

An http proxy that uses the DiscourseConnect protocol to authenticate users
https://github.com/discourse/discourse-auth-proxy

Last synced: 6 months ago
JSON representation

An http proxy that uses the DiscourseConnect protocol to authenticate users

• Host: GitHub
• URL: https://github.com/discourse/discourse-auth-proxy
• Owner: discourse
• Created: 2015-04-15T03:12:12.000Z (about 10 years ago)
• Default Branch: main
• Last Pushed: 2024-04-06T01:54:59.000Z (about 1 year ago)
• Last Synced: 2024-11-25T18:22:40.336Z (7 months ago)
• Language: Go
• Homepage:
• Size: 86.9 KB
• Stars: 33
• Watchers: 25
• Forks: 9
• Open Issues: 2
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
Discourse Auth Proxy

===

This package allows you to use Discourse as an SSO endpoint for an arbitrary site.

Discourse SSO is invoked prior to serving the proxied site. This allows you to reuse Discourse Auth in a site that ships with no auth.

Usage:

```

Usage of ./discourse-auth-proxy:

  -listen-url="": uri to listen on eg: localhost:2001. leave blank to set equal to proxy-url

  -origin-url="": origin to proxy eg: http://localhost:2002

  -proxy-url="": outer url of this host eg: http://secrets.example.com

  -sso-secret="": SSO secret for origin

  -sso-url="": SSO endpoint eg: http://discourse.example.com

  -allow-all: don't restrict access to "admin" users on the SSO endpoint

  -timeout="10": Read/Write timeout

```

```

+--------+    proxy-url   +---------+    listen-url    +----------------------+

|  User  |  ============> |  Nginx  |  ==============> | discourse-auth-proxy |

+--------+                +---------+                  +----------------------+

    |                                                             |

    | sso-url                                          origin-url |

    |                                                             |

    v                                                             v

+-----------+                                          +----------------------+

| Discourse |                                          | Protected web server |

+-----------+                                          +----------------------+

```

Environment variables may be used as a substitute for command-line flags, e.g.:

``` shell

ORIGIN_URL='http://somesite.com' \

PROXY_URL='http://listen.com' \

SSO_SECRET='somesecret' \

SSO_URL='http://somediscourse.com' \

./discourse-auth-proxy

```

`-origin-url` may specify a name equipped with [RFC 2782](https://tools.ietf.org/html/rfc2782) DNS SRV records, such as `http://_foo._tcp.example.com`.  If SRV records are found in the DNS, each request is proxied to a host and port taken from these records.

Docker Image

===

You may run using docker using

```

docker run discourse/auth-proxy

```

Running will display configuration instructions

A new OCI image is automatically published to [Docker Hub](https://hub.docker.com/r/discourse/auth-proxy/tags) upon every push to branch `main` on GitHub.  The release procedure is documented in t/120578 for the benefit of CDCK staff.