feat: added mirrors for go and for golang image and change the name gate to proxy

This commit is contained in:
db123-test
2026-05-04 10:49:44 +03:30
parent b094c78318
commit 7a2bd72311
11 changed files with 62 additions and 58 deletions

View File

@@ -1,15 +1,15 @@
# Auth-gate Security Model
# Auth-proxy Security Model
## Authentication flow
1. Client request arrives at NGINX.
2. NGINX sends an internal auth_request subrequest to auth-gate.
3. Auth-gate checks:
2. NGINX sends an internal auth_request subrequest to auth-proxy.
3. Auth-proxy checks:
- Is the IP in the permanent whitelist? → Allow.
- Is the IP in the temporary whitelist and not expired? → Allow.
- Otherwise → 401 Unauthorized.
4. NGINX passes the request to the upstream service if auth-gate returned 200.
5. NGINX returns 401 to the client if auth-gate returned 401/403.
4. NGINX passes the request to the upstream service if auth-proxy returned 200.
5. NGINX returns 401 to the client if auth-proxy returned 401/403.
## IP handling
@@ -70,7 +70,7 @@ This ensures Docker deployments can shut down cleanly.
- We don't support metrics. If you need metrics, add them later.
- We don't support health checks with Prometheus. The /status endpoint is a simple text response.
- We don't support configuration via a config file. Use environment variables.
- We don't support multiple domains. The auth-gate service doesn't care about domains.
- We don't support HTTP/2. The auth-gate service uses HTTP/1.1 only.
- We don't support WebSocket. The auth-gate service doesn't need WebSocket.
- We don't support gRPC. The auth-gate service is a simple REST API.
- We don't support multiple domains. The auth-proxy service doesn't care about domains.
- We don't support HTTP/2. The auth-proxy service uses HTTP/1.1 only.
- We don't support WebSocket. The auth-proxy service doesn't need WebSocket.
- We don't support gRPC. The auth-proxy service is a simple REST API.