diff options
Diffstat (limited to 'readme.md')
| -rw-r--r-- | readme.md | 25 |
1 files changed, 16 insertions, 9 deletions
@@ -6,6 +6,7 @@ a simple stupid reverse proxy - HTTP/1.1 - Simple to configure (see below) +- Somewhat fast (about 150k req/s on a rpi5 for simple routes) - Composable modules - Handles connection upgrades correctly by default (websocket, etc.) - TLS support @@ -37,14 +38,20 @@ https: # !hosts multiplexes requests for different hostnames. handler: !hosts - # requests for `example.org` are forwarded to 127.0.0.1:8000 + # requests for `example.org` are forwarded to 127.0.0.1:8000. "example.org": !proxy { backend: "127.0.0.1:8000" } - # requests for `mydomain.com` will access files from /srv/http + # requests for `mydomain.com` will access files from /srv/http. "mydomain.com": !files root: "/srv/http" index: true - + # requests for `panel.mydomain.com` will be logged, authentificated and passed on to `otherserver`. "panel.mydomain.com": !access_log + file: "/var/log/gnix/panel" + next: !cookie_auth + users: "/etc/panel_creds" + expire: 86400 + fail: !file { path: "/usr/share/gnix/login.html" } + next: !proxy { backend: "otherserver:80" } ``` ## Reference @@ -120,7 +127,7 @@ themselves; in that case the request is passed on. - **module `http_basic_auth`** - Filters requests via HTTP Basic Authentification. Unauthorized clients will - be challenged on every request. + be challenged. - `realm`: describes what the user is logging into (most modern browsers dont show this anymore -_-) - `users`: list of valid logins (credentials) @@ -132,10 +139,10 @@ themselves; in that case the request is passed on. POST request to `/_gnix_login` with form fields `password` and `username` (optional, default: "user") in `x-www-form-urlencoded` format. In any case the users submitting this request will be directed back to the page they - come from. Successful logins set two cookies: `gnix_username` containing the - username and `gnix_auth` containing an opaque authentification token. The - `gnix_username` cookie is authentificated by gnix and can therefore be used - by applications. + come from. For successful logins two cookies are set: `gnix_username` + containing the username and `gnix_auth` containing an opaque + authentification token. The `gnix_username` cookie is authentificated by + gnix and can therefore be used by applications. - `users`: list of valid logins (credentials) - `expire`: seconds before logins expire; not setting this option keeps the login valid forever on the server but cleared after the session on the @@ -147,7 +154,7 @@ themselves; in that case the request is passed on. - `fail`: a module to handle the request when a user is not authorized. This could show an HTML form prompting the user to log in. An implementation of such a form is provided with the distribution of this software, usually in - `/usr/share/gnix/login.html` + `/usr/share/gnix/login.html` (module) #### Credentials config format |