feat: added mirrors for go and for golang image and change the name gate to proxy
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
# Auth-gate API Reference
|
||||
# Auth-proxy API Reference
|
||||
|
||||
## Endpoints
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
## Build
|
||||
|
||||
```bash
|
||||
docker build -t yejayekhoob/auth-gate:latest .
|
||||
docker build -t yejayekhoob/auth-proxy:latest .
|
||||
```
|
||||
|
||||
## Run
|
||||
@@ -20,10 +20,10 @@ docker-compose up -d
|
||||
|
||||
## NGINX integration
|
||||
|
||||
### 1. Create the auth-gate include file
|
||||
### 1. Create the auth-proxy include file
|
||||
|
||||
```nginx
|
||||
# /etc/nginx/snippets/auth-gate.conf
|
||||
# /etc/nginx/snippets/auth-proxy.conf
|
||||
#
|
||||
# This is the shared auth_request configuration. Include it in any
|
||||
# server block that needs authentication.
|
||||
@@ -33,10 +33,10 @@ docker-compose up -d
|
||||
# spoofed. If you need a CDN, configure the realip module instead
|
||||
# of trusting the header.
|
||||
|
||||
location = /_auth_gate {
|
||||
location = /_auth_proxy {
|
||||
internal;
|
||||
|
||||
proxy_pass http://auth-gate:8080/auth;
|
||||
proxy_pass http://auth-proxy:8080/auth;
|
||||
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
@@ -54,7 +54,7 @@ server {
|
||||
listen 443 ssl;
|
||||
server_name phpmyadmin.yejayekhoob.com;
|
||||
|
||||
include /etc/nginx/snippets/auth-gate.conf;
|
||||
include /etc/nginx/snippets/auth-proxy.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://phpmyadmin:80/;
|
||||
@@ -74,9 +74,9 @@ nginx -s reload
|
||||
|
||||
| Variable | Description | Default |
|
||||
|----------|-------------|---------|
|
||||
| AUTH_GATE_PORT | HTTP listen port | 8080 |
|
||||
| AUTH_GATE_API_TOKEN | API bearer token | (none) |
|
||||
| AUTH_GATE_DB_PATH | SQLite database path | ./data/auth-gate.db |
|
||||
| AUTH_proxy_PORT | HTTP listen port | 8080 |
|
||||
| AUTH_proxy_API_TOKEN | API bearer token | (none) |
|
||||
| AUTH_proxy_DB_PATH | SQLite database path | ./data/auth-proxy.db |
|
||||
| DATA_DIR | Data directory | /data |
|
||||
| CLEANUP_INTERVAL | Cleanup interval | 60s |
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ NGINX's auth_basic is simpler but doesn't support:
|
||||
- Temporary whitelisting (requires config reload).
|
||||
- API-based management.
|
||||
|
||||
Our auth-gate service fills these gaps while keeping the architecture simple.
|
||||
Our auth-proxy service fills these gaps while keeping the architecture simple.
|
||||
|
||||
## Why not Authelia?
|
||||
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
# Auth-gate Security Model
|
||||
# Auth-proxy Security Model
|
||||
|
||||
## Authentication flow
|
||||
|
||||
1. Client request arrives at NGINX.
|
||||
2. NGINX sends an internal auth_request subrequest to auth-gate.
|
||||
3. Auth-gate checks:
|
||||
2. NGINX sends an internal auth_request subrequest to auth-proxy.
|
||||
3. Auth-proxy checks:
|
||||
- Is the IP in the permanent whitelist? → Allow.
|
||||
- Is the IP in the temporary whitelist and not expired? → Allow.
|
||||
- Otherwise → 401 Unauthorized.
|
||||
4. NGINX passes the request to the upstream service if auth-gate returned 200.
|
||||
5. NGINX returns 401 to the client if auth-gate returned 401/403.
|
||||
4. NGINX passes the request to the upstream service if auth-proxy returned 200.
|
||||
5. NGINX returns 401 to the client if auth-proxy returned 401/403.
|
||||
|
||||
## IP handling
|
||||
|
||||
@@ -70,7 +70,7 @@ This ensures Docker deployments can shut down cleanly.
|
||||
- We don't support metrics. If you need metrics, add them later.
|
||||
- We don't support health checks with Prometheus. The /status endpoint is a simple text response.
|
||||
- We don't support configuration via a config file. Use environment variables.
|
||||
- We don't support multiple domains. The auth-gate service doesn't care about domains.
|
||||
- We don't support HTTP/2. The auth-gate service uses HTTP/1.1 only.
|
||||
- We don't support WebSocket. The auth-gate service doesn't need WebSocket.
|
||||
- We don't support gRPC. The auth-gate service is a simple REST API.
|
||||
- We don't support multiple domains. The auth-proxy service doesn't care about domains.
|
||||
- We don't support HTTP/2. The auth-proxy service uses HTTP/1.1 only.
|
||||
- We don't support WebSocket. The auth-proxy service doesn't need WebSocket.
|
||||
- We don't support gRPC. The auth-proxy service is a simple REST API.
|
||||
|
||||
Reference in New Issue
Block a user