self-hosted/dockerfiles
1
0
Fork 0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-01-08 04:04:42 +02:00
Code Issues Releases Activity

update nginx-sso

Browse Source
This commit is contained in:
kev 2019-12-11 19:20:07 +08:00
parent 8e5310c7a5
commit de973aa032
2 changed files with 21 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
nginx-sso/README.md
View File

@ -5,4 +5,15 @@ nginx-sso
Nginx to provide a single-sign-on for a domain using one central authentication Nginx to provide a single-sign-on for a domain using one central authentication
directory. directory.
```bash
# start service
$ docker-compose up -d
# view log
$ docker-compose logs --tail 10 -f
# reload config
$ docker-compose kill -s SIGHUP
```
[1]: https://github.com/Luzifer/nginx-sso/wiki [1]: https://github.com/Luzifer/nginx-sso/wiki

21
nginx-sso/data/config.yaml
View File

@ -1,5 +1,9 @@
--- ---
listen:
addr: "0.0.0.0"
port: 8082
login: login:
title: "yourdomain.com - Login" title: "yourdomain.com - Login"
default_method: "simple" default_method: "simple"
@ -9,25 +13,21 @@ login:
cookie: cookie:
domain: ".yourdomain.com" domain: ".yourdomain.com"
# You'll want to regenerate this. Use something like: cat /dev/urandom | tr -dc 'A-Za-z0-9' | dd bs=1 count=60 # To regenerate this key: cat /dev/urandom | tr -dc "A-Za-z0-9" | dd bs=1 count=60 2>/dev/null
authentication_key: "5foFtWocwA3hq0tUztgMqn9xaagqNP1wFqfFyZDHTxhr154iQQ60eDI9z6oDVNHF7B" authentication_key: "5foFtWocwA3hq0tUztgMqn9xaagqNP1wFqfFyZDHTxhr154iQQ60eDI9z6oDVNHF7B"
listen:
addr: "0.0.0.0"
port: 8082
audit_log: audit_log:
targets: targets:
- fd://stdout - fd://stdout
- file:///var/log/nginx-sso/audit.jsonl - file:///data/audit.jsonl
events: ['access_denied', 'login_success', 'login_failure', 'logout', 'validate'] events: ["access_denied", "login_success", "login_failure", "logout", "validate"]
headers: ['x-origin-uri'] headers: ["x-origin-uri"]
trusted_ip_headers: ["X-Forwarded-For", "RemoteAddr", "X-Real-IP"] trusted_ip_headers: ["X-Forwarded-For", "RemoteAddr", "X-Real-IP"]
acl: acl:
rule_sets: rule_sets:
- rules: - rules:
- field: "x-host" - field: "X-Host"
regexp: ".*" regexp: ".*"
allow: ["@admins"] allow: ["@admins"]
@ -35,8 +35,7 @@ providers:
simple: simple:
enable_basic_auth: true enable_basic_auth: true
users: users:
# This password is 'admin'. Use this to generate a new password: # To generate a new password: htpasswd -nbBC 10 username password
# htpasswd -BnC 10 ""
admin: "$2y$10$3aJxJ6ttJNPeky/bCdg1OOVvGU8pLVj9L.U9kN0F0JWLN.nt3b5WO" admin: "$2y$10$3aJxJ6ttJNPeky/bCdg1OOVvGU8pLVj9L.U9kN0F0JWLN.nt3b5WO"
groups: groups:
admins: ["admin"] admins: ["admin"]