536d7016418cb03cd6182c29380d9742c70872e4
auth-gate
A lightweight Go auth gateway that sits in front of sensitive services (phpMyAdmin, Git, uptime monitors) and provides:
- IP-based whitelisting (permanent via file, temporary via REST API with TTL)
- HTTP Basic Auth as fallback
- No domain changes — NGINX continues to proxy to the same
server_name
Architecture
Client ──NGINX auth_request──► auth-gate ──► allow / deny
NGINX calls auth-gate as an internal subrequest. On 200 the original request proceeds. On 401/403 NGINX returns the response to the client. Whitelisted IPs never see auth.
Build
go build -o auth-gate .
Docker
docker build -t yejayekhoob/auth-gate:latest .
Quick start
# Set required env vars (see .env.example)
cp .env.example .env
vim .env
# Start
./auth-gate
NGINX integration
See docs/deploy.md for the full NGINX auth_request configuration.
Documentation
README.md— this filedocs/api.md— API referencedocs/security.md— security model and notesdocs/deploy.md— deployment instructionsdocs/design.md— design rationale
Description
Languages
Go
95.8%
Dockerfile
4.2%