Skip to content

shunfei/aproxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits

bin

bin

 
 

conf

conf

 
 

doc/img

doc/img

 
 

lib

lib

 
 

loginservices/github

loginservices/github

 
 

module

module

 
 

web/static

web/static

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

install.sh

install.sh

 
 

release.sh

release.sh

 
 

Repository files navigation

aproxy

aproxy is a reverse proxy that includes authentication. It is designed to protect the resources that you want to expose, but only allow some one has you permission to access.

Screenshot

Backend config:

Role List:

Authority config:

Install

Install from source

cd $GOPATH/src
git clone https://github.com/shunfei/aproxy.git
cd aproxy
sh ./install.sh

Install from tarball

Go to releases page download the tar file.

tar xzvf aproxy-v0.1-xxxx-xxx-xx.tar.gz
cd aproxy-v0.1-xxxx-xxx-xx
cp conf/aproxy.toml.example conf/aproxy.toml

Run

Before running, your need set up MongoDB and Redis (MongoDB for config storage, Redis for session storage), and change the config in conf/aproxy.toml.

./bin/aproxy -c conf/aproxy.toml

By now there is no users in the database, so let me add a user:

./bin/adduser -c conf/aproxy.toml -action adduser -email yourname@gmail.com -pwd passwordxxx

And the user added above do not have admin permission, so let me set it to admin.

./bin/adduser -c conf/aproxy.toml -action setadmin -email yourname@gmail.com -adminlevel 99

And now you can visit http://127.0.0.1:8098/-_-aproxy-_-/ and config your aproxy.

Config

conf/aproxy.toml

Nginx Config Example

Assuming that the resources required authorized all are the domain of pri.domain.com's subdomain, Aproxy nginx server configuration should look like:

server {
  listen 80;
  server_name pri.domain.com *.pri.domain.com;

  location / {
    proxy_redirect      off;
    proxy_set_header    Host 			$host;
    proxy_set_header    X-Real-IP 		$remote_addr;
    proxy_set_header    X-Forwarded-For	$proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto $scheme;
    # pass to aproxy
    proxy_pass http://127.0.0.1:8098;
  }

}

And then set the WildCard DNS Record *.pri.domain.com to this nginx server.

Assume that we have the following domain:

  • pri.domain.com
  • hadoop.pri.domain.com
  • druid.pri.domain.com
  • aerospike.pri.domain.com

Then we can set the login domain to pri.domain.com, to ensure that the sub-domain of pri.domain.com ( for example hadoop.pri.domain.com) can get the session cookies after login.
So we change conf/aproxy.toml to set the domain:

loginHost = "http://pri.domain.com"
[session]
domain = "pri.domain.com"

Integration with your company's account system

Aproxy's authority is base on email, so if your company's account system has email field, can be integration.
To integration with aproxy, just need implement the interface of aproxy/module/auth/UserStorager.

type UserStorager interface {
    Login(email, pwd string) (*User, error)
    GetByEmail(email string) (*User, error)
    GetAll() ([]User, error)
    // add new user.
    // user.Pwd field has encrypted.
    Insert(user User) error
    Update(id string, user User) error
}

If you don't need manage the user in aproxy, you can just implement the Login(email, pwd string) (*User, error) func.

After implement the aproxy/module/auth/UserStorager interface, we need change the code in aproxy/bin/main.go:

//file: aproxy/bin/main.go

delete this line:
//auth.SetUserStorageToMongo()

add this code, to register your own UserStorager to aproxy
auth.SetUserStorage(&yourUserStorage{})

About

aproxy is a reverse proxy that includes authentication

Resources

Readme
Activity
Custom properties

Stars

256 stars

Watchers

22 watching

Forks

34 forks
Report repository

Releases 3

v0.3 Latest
Nov 25, 2021
+ 2 releases

Packages

No packages published

Languages