mirror of
https://github.com/deadcxap/init_scripts.git
synced 2026-07-02 05:43:40 +03:00
и снова фикс кадди
This commit is contained in:
@@ -3,7 +3,7 @@
|
||||
acme_dns cloudflare {$CF_API_TOKEN}
|
||||
|
||||
order authenticate before respond
|
||||
order authorize before reverse_proxy
|
||||
order authorize before basicauth
|
||||
|
||||
servers {
|
||||
trusted_proxies static private_ranges
|
||||
@@ -17,6 +17,7 @@
|
||||
|
||||
authentication portal authportal {
|
||||
crypto default token lifetime {$AUTH_TOKEN_LIFETIME:43200}
|
||||
crypto key sign-verify {$JWT}
|
||||
enable identity store localdb
|
||||
|
||||
cookie domain realy.nothing.help
|
||||
@@ -25,30 +26,34 @@
|
||||
|
||||
ui {
|
||||
links {
|
||||
"Portainer" "https://port.realy.nothing.help" icon "las la-tachometer-alt"
|
||||
"WhoAmI" "/whoami" icon "las la-user"
|
||||
"Portainer" "https://port.realy.nothing.help" icon "las la-tachometer-alt"
|
||||
"My Identity" "/auth/whoami" icon "las la-id-badge"
|
||||
"My Profile" "/auth/profile/" icon "las la-user"
|
||||
}
|
||||
}
|
||||
|
||||
transform user {
|
||||
match origin local
|
||||
action add role admin
|
||||
action add role authp/admin
|
||||
# require mfa
|
||||
}
|
||||
}
|
||||
|
||||
authorization policy apikey_or_admin {
|
||||
set auth url https://auth.realy.nothing.help
|
||||
allow roles admin
|
||||
allow roles authp/admin authp/user
|
||||
crypto key verify {$JWT}
|
||||
|
||||
with basic auth portal authportal realm local
|
||||
with api key auth portal authportal realm local
|
||||
|
||||
acl rule {
|
||||
comment "Accept"
|
||||
match role admin
|
||||
allow stop log info
|
||||
comment allow users
|
||||
match role authp/user
|
||||
allow stop log info
|
||||
}
|
||||
acl rule {
|
||||
comment "Deny"
|
||||
comment default deny
|
||||
match any
|
||||
deny log warn
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user