Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/shunfei/aproxy
aproxy is a reverse proxy that includes authentication
https://github.com/shunfei/aproxy
Last synced: 3 months ago
JSON representation
aproxy is a reverse proxy that includes authentication
- Host: GitHub
- URL: https://github.com/shunfei/aproxy
- Owner: shunfei
- Created: 2015-09-28T16:50:20.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2022-03-07T03:22:37.000Z (over 2 years ago)
- Last Synced: 2024-06-27T08:35:14.004Z (4 months ago)
- Language: Go
- Homepage:
- Size: 1.05 MB
- Stars: 256
- Watchers: 22
- Forks: 35
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# aproxy
`aproxy` is a reverse proxy that includes authentication. It is designed to protect the resources that you want to expose, but only allow some one has you permission to access.
## Screenshot
**Backend config**:
**Role List**:
**Authority config**:
## Install
### Install from source
```
cd $GOPATH/src
git clone https://github.com/shunfei/aproxy.git
cd aproxy
sh ./install.sh
```
### Install from tarball
Go to [releases](https://github.com/shunfei/aproxy/releases) page download the tar file.
```
tar xzvf aproxy-v0.1-xxxx-xxx-xx.tar.gz
cd aproxy-v0.1-xxxx-xxx-xx
cp conf/aproxy.toml.example conf/aproxy.toml
```
## Run
Before running, your need set up [MongoDB](http://docs.mongodb.org/manual/installation/) and [Redis](http://redis.io/download#installation) (MongoDB for config storage, Redis for session storage),
and change the config in `conf/aproxy.toml`.
```
./bin/aproxy -c conf/aproxy.toml
```
By now there is no users in the database, so let me add a user:
```
./bin/adduser -c conf/aproxy.toml -action adduser -email [email protected] -pwd passwordxxx
```
And the user added above do not have admin permission, so let me set it to admin.
```
./bin/adduser -c conf/aproxy.toml -action setadmin -email [email protected] -adminlevel 99
```
And now you can visit `http://127.0.0.1:8098/-_-aproxy-_-/` and config your aproxy.
## Config
`conf/aproxy.toml`
## Nginx Config Example
Assuming that the resources required authorized all are the domain of `pri.domain.com`'s subdomain,
Aproxy nginx server configuration should look like:
```
server {
listen 80;
server_name pri.domain.com *.pri.domain.com;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# pass to aproxy
proxy_pass http://127.0.0.1:8098;
}
}
```
And then set the WildCard DNS Record `*.pri.domain.com` to this nginx server.
Assume that we have the following domain:
- pri.domain.com
- hadoop.pri.domain.com
- druid.pri.domain.com
- aerospike.pri.domain.com
Then we can set the login domain to `pri.domain.com`, to ensure that the sub-domain of `pri.domain.com` ( for example `hadoop.pri.domain.com`) can get the session cookies after login.
So we change `conf/aproxy.toml` to set the domain:
```
loginHost = "http://pri.domain.com"
[session]
domain = "pri.domain.com"
```
## Integration with your company's account system
Aproxy's authority is base on email, so if your company's account system has email field, can be integration.
To integration with aproxy, just need implement the interface of `aproxy/module/auth/UserStorager`.
```
type UserStorager interface {
Login(email, pwd string) (*User, error)
GetByEmail(email string) (*User, error)
GetAll() ([]User, error)
// add new user.
// user.Pwd field has encrypted.
Insert(user User) error
Update(id string, user User) error
}
```
If you don't need manage the user in aproxy, you can just implement the `Login(email, pwd string) (*User, error)` func.
After implement the `aproxy/module/auth/UserStorager` interface, we need change the code in `aproxy/bin/main.go`:
```
//file: aproxy/bin/main.go
delete this line:
//auth.SetUserStorageToMongo()
add this code, to register your own UserStorager to aproxy
auth.SetUserStorage(&yourUserStorage{})
```