luzifer/nginx-sso
1
0
Fork 0
mirror of https://github.com/Luzifer/nginx-sso.git synced 2024-11-09 09:50:01 +00:00
Code Issues Releases Wiki Activity

Updated Nginx Reverse Proxy for homelab services using SSO (markdown)

mjbnz 2019-02-14 10:51:57 +13:00
parent 6b49fe3041
commit 55e59d9ade
1 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
Nginx-Reverse-Proxy-for-homelab-services-using-SSO.md

@ -14,25 +14,27 @@ First, create the following docker containers (feel free to adjust local volume
```sh
mkdir -p /srv/nginx-rproxy/{conf/include,certs,log}
docker run -d nginx:latest \
docker run \
--name=nginx-rproxy \
-p 443:443 \
-p 80:80 \
--restart=unless-stopped \
--volume="/srv/nginx-rproxy/conf:/etc/nginx/conf.d:ro" \
--volume="/srv/nginx-rproxy/certs:/etc/nginx/certs:ro" \
--volume="/srv/nginx-rproxy/log:/var/log/nginx"
--volume="/srv/nginx-rproxy/log:/var/log/nginx" \
-d nginx:latest
```
##### nginx-sso
```sh
mkdir -p /srv/nginx-sso
docker run -d luzifer/nginx-sso:latest \
docker run \
--name=nginx-sso \
-p 8082:8082 \
-p 172.17.0.1:8082:8082 \
--restart=unless-stopped \
--volume="/srv/nginx-sso:/data"
--volume="/srv/nginx-sso:/data" \
-d luzifer/nginx-sso:latest
```
### nginx-sso Configuration
@ -285,6 +287,8 @@ If you would like to logout of the SSO session (to use another username for exam
The SSO login page html is in `/srv/nginx-sso/frontend/index.html` if you wanted to adjust it, skin it, theme it, etc etc.
The IP `172.17.0.1` mentioned throughout is that of your `docker0` interface. If yours is different, adjust accordingly.
There's good information on the [nginx-sso GitHub wiki](https://github.com/Luzifer/nginx-sso/wiki) for configuration of nginx-sso. You probably saw while editing the config file that there's fairly decent support for other authentication providers, and even 2FA.... You should use 2FA.
The default nginx-sso config above is very generous with the access acls (which are very powerful - see the nginx-sso wiki linked above). You can basically access anything you've configured once you're logged in. You can be very granular about what services a given username or group can log into.