52 lines
1.1 KiB
Markdown
52 lines
1.1 KiB
Markdown
# auth-gate
|
|
|
|
A lightweight Go auth gateway that sits in front of sensitive services (phpMyAdmin, Git,
|
|
uptime monitors) and provides:
|
|
|
|
- IP-based whitelisting (permanent via file, temporary via REST API with TTL)
|
|
- HTTP Basic Auth as fallback
|
|
- No domain changes — NGINX continues to proxy to the same `server_name`
|
|
|
|
## Architecture
|
|
|
|
```
|
|
Client ──NGINX auth_request──► auth-gate ──► allow / deny
|
|
```
|
|
|
|
NGINX calls auth-gate as an internal subrequest. On 200 the original request proceeds.
|
|
On 401/403 NGINX returns the response to the client. Whitelisted IPs never see auth.
|
|
|
|
## Build
|
|
|
|
```bash
|
|
go build -o auth-gate .
|
|
```
|
|
|
|
## Docker
|
|
|
|
```bash
|
|
docker build -t yejayekhoob/auth-gate:latest .
|
|
```
|
|
|
|
## Quick start
|
|
|
|
```bash
|
|
# Set required env vars (see .env.example)
|
|
cp .env.example .env
|
|
vim .env
|
|
|
|
# Start
|
|
./auth-gate
|
|
```
|
|
|
|
## NGINX integration
|
|
|
|
See `docs/deploy.md` for the full NGINX `auth_request` configuration.
|
|
|
|
## Documentation
|
|
|
|
- `README.md` — this file
|
|
- `docs/api.md` — API reference
|
|
- `docs/security.md` — security model and notes
|
|
- `docs/deploy.md` — deployment instructions
|
|
- `docs/design.md` — design rationale |