Skip to content

typester/gate

1 Branch4 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

typestertypester
Merge branch 'catatsuy-feature/noslash_redirect_re'
Nov 5, 2014
31b6bbe · Nov 5, 2014

History

34 Commits
.gitignore
.gitignore
Jul 14, 2014
README.md
README.md
Aug 25, 2014
authenticator.go
authenticator.go
Nov 5, 2014
conf.go
conf.go
Nov 5, 2014
config_sample.yml
config_sample.yml
Aug 16, 2014
config_test.go
config_test.go
Nov 5, 2014
httpd.go
httpd.go
Nov 5, 2014
httpd_test.go
httpd_test.go
Sep 8, 2014
main.go
main.go
Oct 29, 2014

Repository files navigation

"gate" for your private resources

gate is a static file server and reverse proxy integrated with OAuth2 account authentication.

With gate, you can safely serve your private resources based on whether or not request user is a member of your company's Google Apps or GitHub organizations.

Usage

  1. Download binary or go get
  2. rename config_sample.yml to config.yml
  3. edit config.yml to fit your environment
  4. run gate

Example config

# address to bind
address: :9999

# # ssl keys (optional)
# ssl:
#   cert: ./ssl/ssl.cer
#   key: ./ssl/ssl.key

auth:
  session:
    # authentication key for cookie store
    key: secret123

  info:
    # oauth2 provider name (`google` or `github`)
    service: google
    # your app keys for the service
    client_id: your client id
    client_secret: your client secret
    # your app redirect_url for the service: if the service is Google, path is always "/oauth2callback"
    redirect_url: https://yourapp.example.com/oauth2callback

# # restrict user request. (optional)
# restrictions:
#   - yourdomain.com    # domain of your Google App (Google)
#   - example@gmail.com # specific email address (same as above)
#   - your_company_org  # organization name (GitHub)

# document root for static files
htdocs: ./

# proxy definitions
proxy:
  - path: /elasticsearch
    dest: http://127.0.0.1:9200
    strip_path: yes

  - path: /influxdb
    dest: http://127.0.0.1:8086
    strip_path: yes

Authentication Strategy

gate now supports Google Apps and GitHub to authenticate users.

Example config for Google

auth:
  info:
    service: google
    client_id: your client id
    client_secret: your client secret
    redirect_url: https://yourapp.example.com/oauth2callback

# restrict user request. (optional)
restrictions:
  - yourdomain.com    # domain of your Google App
  - example@gmail.com # specific email address

Example config for GitHub

Unlike the example of Google Apps above, if the service is GitHub, gate uses whether request user is a member of organization designated like below:

auth:
  info:
    service: github
    client_id: your client id
    client_secret: your client secret
    redirect_url: https://yourapp.example.com/oauth2callback

# restrict user request. (optional)
restrictions:
  - foo_organization
  - bar_organization

github:e support

GitHub Enterprise is also supported. To authenticate via github enterprise, add api endpoint information to config like following:

auth:
  info:
    service: github
    client_id: your client id
    client_secret: your client secret
    redirect_url: https://yourapp.example.com/oauth2callback
    endpoint: https://github.yourcompany.com
    api_endpoint: https://github.yourcompany.com/api

Name Based Virtual Host

An example of "Name Based Viatual Host" setting.

auth:
  session:
    # authentication key for cookie store
    key: secret123
    # domain of virtual hosts base host
    cookie_domain: gate.example.com

# proxy definitions
proxy:
  - path: /
    host: elasticsearch.gate.example.com
    dest: http://127.0.0.1:9200

  - path: /
    host: influxdb.gate.example.com
    dest: http://127.0.0.1:8086

License

MIT

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

182 stars

Watchers

10 watching

Forks

21 forks
Report repository

Releases 4

v0.4 Latest
Nov 5, 2014
+ 3 releases

Packages

No packages published

Contributors 7

Languages