Skip to content

evo-cloud/azp

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Authn/z Proxy

A simple HTTP proxy does Authn/z with HTTPS termination.

It supports

  • OpenID Connect based authentication
  • RBAC based on URL path matching
  • HTTPS termination

It's quick and handy to run in front of your application which doesn't supports HTTPS, Authn, Authz and make your application secure.

It doesn't do

  • Multiple backend servers

Quick Start

Build

Written in Go and built by Go, that's simple.

You don't want to install Go?

And issue a single command:

hmake

The binary is in your hand, at bin/OS/ARCH/azp.

Launch

HTTPS is required, so you need to prepare your certificates. For testing, generate self-signed certificate:

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 3650 -out cert.pem -subj /CN=localhost

Get CLIENT_ID and CLIENT_SECRET from your Google account

bin/linux/amd64/azp -b http://my-backend-server/ -c CLIENT_ID -s CLIENT_SECRET

And point your browser to https://localhost:8443 and you will be directed to Google account login.

RBAC Rules

RBAC is enabled when -rbac-rules RULES.json is specified. Here's an example of RULES.json:

{
    "rules": [
        {"id": "private", "path": "/internal/"},
        {"id": "privileged", "method": "POST|PUT|PATCH|DELETE", "path": "/users/"},
        {"id": "all", "path": "/"}
    ],
    "binding": {
        "private": ["developers", "[email protected]", "[email protected]"],
        "privileged": ["admins"],
        "all": ["*"]
    }
}

TD;LR

bin/linux/amd64/azp --help

for details.

License

MIT

About

A simple Authn/Authz HTTPS proxy

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published