https://github.com/m42e/authserver

A simple nginx auth_request compatible authentication server
https://github.com/m42e/authserver

Last synced: 9 months ago
JSON representation

A simple nginx auth_request compatible authentication server

• Host: GitHub
• URL: https://github.com/m42e/authserver
• Owner: m42e
• Created: 2019-09-01T19:46:05.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2023-05-01T21:15:22.000Z (about 3 years ago)
• Last Synced: 2025-02-23T19:16:24.775Z (over 1 year ago)
• Language: Python
• Size: 20.5 KB
• Stars: 2
• Watchers: 2
• Forks: 0
• Open Issues: 4
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Authserver

This repository offers a (to be honest a hacky) implementation which allows to use a login using `auth_request` module in nginx.

It enforces two factor authorization or token based `Authorization` header.

## Add User

Run the docker image with `adduser` and `-it`.

## Create a token

Run the docker image with `token `.

## Delete a token

Run the docker image with `token  --rm `.

## Run Docker

```sh

docker run -v /var/proj/authserver/data:/home/appuser -p 127.0.0.1:9999:9999/tcp authserver:latest

```

## Nginx Configuration

### authorization protected

```nginx

location ^~ / {

    proxy_pass http://127.0.0.1:5232;

    auth_request /login-validate;

    auth_request_set $auth_user $upstream_http_x_user;

    proxy_set_header     X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header Remote-User $auth_user;

    proxy_set_header X-Remote-User $auth_user;

		# Set the header according what you need.

		

}

error_page 401 /error/401.html;

# If the user is not logged in, redirect them to login URL

location = /error/401.html {

  return 302 https://login.d1v3.de/login?fwd=https://$http_host$request_uri;

}

location = /login-validate {

  proxy_pass http://127.0.0.1:9999/auth;

  proxy_pass_request_body off; # no need to send the POST body

  proxy_set_header Content-Length "";

  proxy_set_header X-Real-IP $remote_addr;

  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  proxy_set_header X-Forwarded-Proto $scheme;

  auth_request_set $auth_user $upstream_http_x_user;

}

```

### login page

```nginx

location / {

	proxy_pass http://127.0.0.1:9999/;

	proxy_set_header  Host  login.d1v3.de;

	proxy_set_header  X-Forwarded-Proto https;

	if ($scheme != "https") {

		rewrite ^ https://$host$request_uri? permanent;

	}

}

```

# TODOs

- Web interface for account and token managing

- Rest interface for accounts and tokens.

- Logging of Logins

- Token activity