Add forward auth documentation.

This commit is contained in:
Ludovic Fernandez 2017-09-14 21:26:02 +02:00 committed by Traefiker
parent 243b45881d
commit 5229b7cfba
2 changed files with 40 additions and 12 deletions

View file

@ -109,23 +109,52 @@ Users can be specified directly in the toml file, or indirectly by referencing a
usersFile = "/path/to/.htdigest" usersFile = "/path/to/.htdigest"
``` ```
### Forward Authentication
This configuration will first forward the request to `http://authserver.com/auth`.
If the response code is 2XX, access is granted and the original request is performed.
Otherwise, the response from the auth server is returned.
```toml
[entryPoints]
[entryPoints.http]
# ...
# To enable forward auth on an entrypoint
[entryPoints.http.auth.forward]
address = "http://authserver.com/auth"
```
```toml
[entryPoints]
[entrypoints.http]
# ...
# To enable forward auth on an entrypoint (HTTPS)
[entrypoints.http.auth.forward]
address = "https://authserver.com/auth"
[entrypoints.http.auth.forward.tls]
cert = "authserver.crt"
key = "authserver.key"
```
## Specify Minimum TLS Version ## Specify Minimum TLS Version
To specify an https entrypoint with a minimum TLS version, and specifying an array of cipher suites (from crypto/tls). To specify an https entry point with a minimum TLS version, and specifying an array of cipher suites (from crypto/tls).
```toml ```toml
[entryPoints] [entryPoints]
[entryPoints.https] [entryPoints.https]
address = ":443" address = ":443"
[entryPoints.https.tls] [entryPoints.https.tls]
MinVersion = "VersionTLS12" minVersion = "VersionTLS12"
CipherSuites = ["TLS_RSA_WITH_AES_256_GCM_SHA384"] cipherSuites = ["TLS_RSA_WITH_AES_256_GCM_SHA384"]
[[entryPoints.https.tls.certificates]] [[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.com.cert" certFile = "integration/fixtures/https/snitest.com.cert"
KeyFile = "integration/fixtures/https/snitest.com.key" keyFile = "integration/fixtures/https/snitest.com.key"
[[entryPoints.https.tls.certificates]] [[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.org.cert" certFile = "integration/fixtures/https/snitest.org.cert"
KeyFile = "integration/fixtures/https/snitest.org.key" keyFile = "integration/fixtures/https/snitest.org.key"
``` ```
## Compression ## Compression

View file

@ -1,16 +1,15 @@
package types package types
import ( import (
"crypto/tls"
"crypto/x509"
"encoding" "encoding"
"errors" "errors"
"fmt" "fmt"
"strconv"
"strings"
"crypto/tls"
"crypto/x509"
"io/ioutil" "io/ioutil"
"os" "os"
"strconv"
"strings"
"github.com/containous/traefik/log" "github.com/containous/traefik/log"
"github.com/docker/libkv/store" "github.com/docker/libkv/store"