35 lines
1 KiB
Markdown
35 lines
1 KiB
Markdown
|
## ldap_forwardauth
|
||
|
|
|
||
|
|
LDAP Forward Auth is a forward auth service (shocking) that i made to use with the caddy reverse proxy.
|
||
|
|
|
||
|
|
It allows a proxied login page to appear if a user tries to access restricted content while not logged in.
|
||
|
|
|
||
|
|
It uses LDAP for authentication, which can be configured in the conf/ldap/ldap.env file.
|
||
|
|
|
||
|
|
```
|
||
|
|
# the following is all the ldap credentials for a ldap bind dn auth setup
|
||
|
|
# this does not support ldap simple auth
|
||
|
|
LDAP_URL=
|
||
|
|
LDAP_BIND_DN=
|
||
|
|
LDAP_BIND_PASSWORD=
|
||
|
|
LDAP_BASE_DN=
|
||
|
|
LDAP_FILTER="(&)"
|
||
|
|
LDAP_UID="cn"
|
||
|
|
|
||
|
|
# the host that the forward auth is hosted at
|
||
|
|
# if the user is not logged in they will be redirected here
|
||
|
|
HTTP_HOST=auth.example.com
|
||
|
|
|
||
|
|
# the base domain for all websites that are being authed checked including the forward auth itself.
|
||
|
|
# they all need to have a common root domain otherwise the X-LDAP-Auth-Key cookie cannot be set.
|
||
|
|
COOKIE_DOMAIN=example.com
|
||
|
|
```
|
||
|
|
|
||
|
|
Once authenticated, sets the X-Webauth-User header, which can be used by applications to see who is logged in.
|
||
|
|
|
||
|
|
### how to run
|
||
|
|
|
||
|
|
'''
|
||
|
|
docker compose up -d
|
||
|
|
'''
|