sohop 是一个反向代理,可以选择性地限制对使用 OAuth 进行身份验证的用户的访问权限。它还提供一个运行状况检查端点,用于报告上游服务的可达性。
sohop 可以在保持限制访问的情况下,公开原有的内部应用到公共互联网,而不必在应用本身配置认证/授权。
Usage of sohop: -config string Config file (default "config.json") -httpAddr string Address to bind HTTP server (default ":80") -httpsAddr string Address to bind HTTPS server (default ":443")
{ "Domain": "example.com", "Cookie": { "Name": "exampleauth", "Secret": "3c0767ada2466a92a59c1214061441713aeafe6d115e29aa376c0f9758cdf0f5" }, "Auth" : { "Type": "github-org", "Config": { "ClientID": "12345678", "ClientSecret": "12345678", "OrgID": 12345678 } }, "TLS": { "CertFile": "cert.pem", "CertKey": "key.pem" }, "Upstreams": { "intranet": { "URL": "http://10.0.0.16:8888", "HealthCheck": "http://10.0.0.16:8888/login", "WebSocket": "ws://10.0.0.16:8888", "Auth": true, "Headers": { "X-WEBAUTH-USER":["{{.Session.Values.user}}"] } }, "public": { "URL": "http://10.0.0.16:8111", "HealthCheck": "http://10.0.0.16:8111/login.html", "WebSocket": "ws://10.0.0.16:8111", "Auth": false } } } { "Domain": "example.com", "Auth" : { "Type": "gmail-regex", "Config": { "Credentials": {"web":{"client_id":"XXXX-yyyyyy.apps.googleusercontent.com","project_id":"example","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://accounts.google.com/o/oauth2/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"zzzzZZzzZZ","redirect_uris":["https://oauth.example.com/authorized"]}}, "EmailRegex":"^davars@gmail.com$" } }, "Upstreams": { ... } }