# auth-gate A lightweight Go auth gateway that sits in front of sensitive services (phpMyAdmin, Git, uptime monitors) and provides: - IP-based whitelisting (permanent via file, temporary via REST API with TTL) - HTTP Basic Auth as fallback - No domain changes — NGINX continues to proxy to the same `server_name` ## Architecture ``` Client ──NGINX auth_request──► auth-gate ──► allow / deny ``` NGINX calls auth-gate as an internal subrequest. On 200 the original request proceeds. On 401/403 NGINX returns the response to the client. Whitelisted IPs never see auth. ## Build ```bash go build -o auth-gate . ``` ## Docker ```bash docker build -t yejayekhoob/auth-gate:latest . ``` ## Quick start ```bash # Set required env vars (see .env.example) cp .env.example .env vim .env # Start ./auth-gate ``` ## NGINX integration See `docs/deploy.md` for the full NGINX `auth_request` configuration. ## Documentation - `README.md` — this file - `docs/api.md` — API reference - `docs/security.md` — security model and notes - `docs/deploy.md` — deployment instructions - `docs/design.md` — design rationale