Skip to content

shunfei/aproxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
bin
bin
 
 
conf
conf
 
 
doc/img
doc/img
 
 
lib
lib
 
 
loginservices/github
loginservices/github
 
 
module
module
 
 
web/static
web/static
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
install.sh
install.sh
 
 
release.sh
release.sh
 
 

Repository files navigation

aproxy

aproxy is a reverse proxy that includes authentication. It is designed to protect the resources that you want to expose, but only allow some one has you permission to access.

Screenshot

Backend config:

Role List:

Authority config:

Install

Install from source

cd $GOPATH/src
git clone https://github.com/shunfei/aproxy.git
cd aproxy
sh ./install.sh

Install from tarball

Go to releases page download the tar file.

tar xzvf aproxy-v0.1-xxxx-xxx-xx.tar.gz
cd aproxy-v0.1-xxxx-xxx-xx
cp conf/aproxy.toml.example conf/aproxy.toml

Run

Before running, your need set up MongoDB and Redis (MongoDB for config storage, Redis for session storage), and change the config in conf/aproxy.toml.

./bin/aproxy -c conf/aproxy.toml

By now there is no users in the database, so let me add a user:

./bin/adduser -c conf/aproxy.toml -action adduser -email [email protected] -pwd passwordxxx

And the user added above do not have admin permission, so let me set it to admin.

./bin/adduser -c conf/aproxy.toml -action setadmin -email [email protected] -adminlevel 99

And now you can visit http://127.0.0.1:8098/-_-aproxy-_-/ and config your aproxy.

Config

conf/aproxy.toml

Nginx Config Example

Assuming that the resources required authorized all are the domain of pri.domain.com's subdomain, Aproxy nginx server configuration should look like:

server {
  listen 80;
  server_name pri.domain.com *.pri.domain.com;

  location / {
    proxy_redirect      off;
    proxy_set_header    Host 			$host;
    proxy_set_header    X-Real-IP 		$remote_addr;
    proxy_set_header    X-Forwarded-For	$proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto $scheme;
    # pass to aproxy
    proxy_pass http://127.0.0.1:8098;
  }

}

And then set the WildCard DNS Record *.pri.domain.com to this nginx server.

Assume that we have the following domain:

  • pri.domain.com
  • hadoop.pri.domain.com
  • druid.pri.domain.com
  • aerospike.pri.domain.com

Then we can set the login domain to pri.domain.com, to ensure that the sub-domain of pri.domain.com ( for example hadoop.pri.domain.com) can get the session cookies after login.
So we change conf/aproxy.toml to set the domain:

loginHost = "http://pri.domain.com"
[session]
domain = "pri.domain.com"

Integration with your company's account system

Aproxy's authority is base on email, so if your company's account system has email field, can be integration.
To integration with aproxy, just need implement the interface of aproxy/module/auth/UserStorager.

type UserStorager interface {
    Login(email, pwd string) (*User, error)
    GetByEmail(email string) (*User, error)
    GetAll() ([]User, error)
    // add new user.
    // user.Pwd field has encrypted.
    Insert(user User) error
    Update(id string, user User) error
}

If you don't need manage the user in aproxy, you can just implement the Login(email, pwd string) (*User, error) func.

After implement the aproxy/module/auth/UserStorager interface, we need change the code in aproxy/bin/main.go:

//file: aproxy/bin/main.go

delete this line:
//auth.SetUserStorageToMongo()

add this code, to register your own UserStorager to aproxy
auth.SetUserStorage(&yourUserStorage{})

About

aproxy is a reverse proxy that includes authentication

Resources

Readme
Activity
Custom properties

Stars

258 stars

Watchers

22 watching

Forks

34 forks
Report repository

Releases 3

v0.3 Latest
Nov 25, 2021
+ 2 releases

Packages

No packages published

Languages