-
Notifications
You must be signed in to change notification settings - Fork 1
/
secure-proxy.yaml
81 lines (77 loc) · 2.06 KB
/
secure-proxy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
listen: 127.0.0.1:8080
# auth_type: ldap, local, ldap+local
auth_type: local
client_ip_header: X-Real-IP
#log_path: /var/log/secure-proxy-%s.log
users:
ignore_account_suffix: "@example.com"
ldap:
- account: CN=guanyiyao,CN=Users,DC=example,DC=com
groups:
- admin
- devops
- account: CN=liupeng,CN=Users,DC=example,DC=com
groups:
- devops
local:
- name: 张三
account: "zhangsan"
password: $2a$10$L4tAaN9jLZZV4VCYtHbuKO8gTK8HRPAZU3sGXESWguiOobvMOvuNW
# algo 支持 plain(默认明文), bcrypt, base64
algo: bcrypt
- name: 李四
account: "lisi"
password: "111111"
backends:
- host: prometheus.example.com
upstream: http://127.0.0.1:9090
privilege: private
groups:
- devops
- host: consul.example.com
upstream: http://127.0.0.1:8500
privilege: private
groups:
- CN=devops,DC=example,DC=com
- host: hdfs.example.com
upstream: http://127.0.0.1:50070
privilege: private
groups:
- CN=dev,DC=example,DC=com
- host: spark.example.com
upstream: http://127.0.0.1:8080
privilege: private
groups:
- CN=dev,DC=example,DC=com
- host: pinpoint.example.com
upstream: http://127.0.0.1:8079
privilege: private
groups:
- CN=devops,DC=example,DC=com
- host: kibana.example.com
upstream: http://127.0.0.1:5601
privilege: private
groups:
- CN=devops,DC=example,DC=com
- CN=dev,DC=example,DC=com
session:
hash_key: oxjsWLzBv8l4jU4RuwEbC/zw+UjqgPHg8aqY6+RPYbc=
block_key: H+3qpeM/vn1FN1R05Vy3HvLDYOaJatKqNWp7/8bXvyg=
cookie_name: secure-proxy-auth
# cookie_domain 留空则默认登录 Cookie 域为当前域名
cookie_domain: .example.com
max_age: 86400 # 24H
ldap:
url: ldap://127.0.0.1:389
base_dn: dc=example,dc=com
username: admin
password: admin
display_name: displayName
uid: sAMAccountName
user_filter: CN=Users,DC=example,DC=com
cache:
# 缓存驱动,支持 redis,memory,默认为 memory
driver: memory
redis:
addr: 127.0.0.1:6379
# password: "111111"