From e8344b03cbb07b7ac32a2f42bf7f1ba688585341 Mon Sep 17 00:00:00 2001 From: philipparndt Date: Tue, 12 Nov 2024 19:35:18 +0000 Subject: [PATCH] Document Reverse Proxy authentication for API (#84) I figured out that the reverse proxy authentication for the API is supported (implemented with https://github.com/go-gitea/gitea/pull/26703). This will update the documentation to the current state. Co-authored-by: Lunny Xiao Co-authored-by: Philipp Arndt <2f.mail@gmx.de> Reviewed-on: https://gitea.com/gitea/docs/pulls/84 Reviewed-by: Lunny Xiao Co-authored-by: philipparndt Co-committed-by: philipparndt --- docs/usage/authentication.md | 9 ++++++++- .../current/usage/authentication.md | 11 ++++++++++- .../version-1.21/usage/authentication.md | 11 ++++++++++- .../version-1.22/usage/authentication.md | 11 ++++++++++- versioned_docs/version-1.21/usage/authentication.md | 9 ++++++++- versioned_docs/version-1.22/usage/authentication.md | 9 ++++++++- 6 files changed, 54 insertions(+), 6 deletions(-) diff --git a/docs/usage/authentication.md b/docs/usage/authentication.md index c15efb4a..2cbd44cc 100644 --- a/docs/usage/authentication.md +++ b/docs/usage/authentication.md @@ -339,6 +339,13 @@ If set `ENABLE_REVERSE_PROXY_FULL_NAME=true`, a user full name expected in `X-WE You can also limit the reverse proxy's IP address range with `REVERSE_PROXY_TRUSTED_PROXIES` which default value is `127.0.0.0/8,::1/128`. By `REVERSE_PROXY_LIMIT`, you can limit trusted proxies level. +You can enable the this authentication method for the API with + +```ini +[service] +ENABLE_REVERSE_PROXY_AUTHENTICATION_API = true +``` + :::note -Reverse Proxy Auth doesn't support the API. You still need an access token or basic auth to make API requests. +When this method is enabled for the API, the reverse proxy is responsible for handling CSRF protection. ::: diff --git a/i18n/zh-cn/docusaurus-plugin-content-docs/current/usage/authentication.md b/i18n/zh-cn/docusaurus-plugin-content-docs/current/usage/authentication.md index 3e6eeb6e..fe9e812b 100644 --- a/i18n/zh-cn/docusaurus-plugin-content-docs/current/usage/authentication.md +++ b/i18n/zh-cn/docusaurus-plugin-content-docs/current/usage/authentication.md @@ -281,4 +281,13 @@ ENABLE_REVERSE_PROXY_AUTHENTICATION = true 你也可以通过修改 `REVERSE_PROXY_TRUSTED_PROXIES` 来设置反向代理的IP地址范围,加强安全性,默认值是 `127.0.0.0/8,::1/128`。 通过 `REVERSE_PROXY_LIMIT`, 可以设置最多信任几级反向代理。 -注意:反向代理认证不支持认证 API,API 仍旧需要用 access token 来进行认证。 +你可以通过以下配置为 API 启用此认证方法: + +```ini +[service] +ENABLE_REVERSE_PROXY_AUTHENTICATION_API = true +``` + +:::note +当此方法用于 API 时,反向代理负责处理 CSRF 保护。 +::: diff --git a/i18n/zh-cn/docusaurus-plugin-content-docs/version-1.21/usage/authentication.md b/i18n/zh-cn/docusaurus-plugin-content-docs/version-1.21/usage/authentication.md index d8295933..612d6341 100644 --- a/i18n/zh-cn/docusaurus-plugin-content-docs/version-1.21/usage/authentication.md +++ b/i18n/zh-cn/docusaurus-plugin-content-docs/version-1.21/usage/authentication.md @@ -284,4 +284,13 @@ ENABLE_REVERSE_PROXY_AUTHENTICATION = true 你也可以通过修改 `REVERSE_PROXY_TRUSTED_PROXIES` 来设置反向代理的IP地址范围,加强安全性,默认值是 `127.0.0.0/8,::1/128`。 通过 `REVERSE_PROXY_LIMIT`, 可以设置最多信任几级反向代理。 -注意:反向代理认证不支持认证 API,API 仍旧需要用 access token 来进行认证。 +你可以通过以下配置为 API 启用此认证方法: + +```ini +[service] +ENABLE_REVERSE_PROXY_AUTHENTICATION_API = true +``` + +:::note +当此方法用于 API 时,反向代理负责处理 CSRF 保护。 +::: diff --git a/i18n/zh-cn/docusaurus-plugin-content-docs/version-1.22/usage/authentication.md b/i18n/zh-cn/docusaurus-plugin-content-docs/version-1.22/usage/authentication.md index 2dc67113..58d3bdf3 100644 --- a/i18n/zh-cn/docusaurus-plugin-content-docs/version-1.22/usage/authentication.md +++ b/i18n/zh-cn/docusaurus-plugin-content-docs/version-1.22/usage/authentication.md @@ -284,4 +284,13 @@ ENABLE_REVERSE_PROXY_AUTHENTICATION = true 你也可以通过修改 `REVERSE_PROXY_TRUSTED_PROXIES` 来设置反向代理的IP地址范围,加强安全性,默认值是 `127.0.0.0/8,::1/128`。 通过 `REVERSE_PROXY_LIMIT`, 可以设置最多信任几级反向代理。 -注意:反向代理认证不支持认证 API,API 仍旧需要用 access token 来进行认证。 +你可以通过以下配置为 API 启用此认证方法: + +```ini +[service] +ENABLE_REVERSE_PROXY_AUTHENTICATION_API = true +``` + +:::note +当此方法用于 API 时,反向代理负责处理 CSRF 保护。 +::: diff --git a/versioned_docs/version-1.21/usage/authentication.md b/versioned_docs/version-1.21/usage/authentication.md index 72a31da0..12e9a0bb 100644 --- a/versioned_docs/version-1.21/usage/authentication.md +++ b/versioned_docs/version-1.21/usage/authentication.md @@ -342,6 +342,13 @@ If set `ENABLE_REVERSE_PROXY_FULL_NAME=true`, a user full name expected in `X-WE You can also limit the reverse proxy's IP address range with `REVERSE_PROXY_TRUSTED_PROXIES` which default value is `127.0.0.0/8,::1/128`. By `REVERSE_PROXY_LIMIT`, you can limit trusted proxies level. +You can enable the this authentication method for the API with + +```ini +[service] +ENABLE_REVERSE_PROXY_AUTHENTICATION_API = true +``` + :::note -Reverse Proxy Auth doesn't support the API. You still need an access token or basic auth to make API requests. +When this method is enabled for the API, the reverse proxy is responsible for handling CSRF protection. ::: diff --git a/versioned_docs/version-1.22/usage/authentication.md b/versioned_docs/version-1.22/usage/authentication.md index d70d7d65..6cab184b 100644 --- a/versioned_docs/version-1.22/usage/authentication.md +++ b/versioned_docs/version-1.22/usage/authentication.md @@ -342,6 +342,13 @@ If set `ENABLE_REVERSE_PROXY_FULL_NAME=true`, a user full name expected in `X-WE You can also limit the reverse proxy's IP address range with `REVERSE_PROXY_TRUSTED_PROXIES` which default value is `127.0.0.0/8,::1/128`. By `REVERSE_PROXY_LIMIT`, you can limit trusted proxies level. +You can enable the this authentication method for the API with + +```ini +[service] +ENABLE_REVERSE_PROXY_AUTHENTICATION_API = true +``` + :::note -Reverse Proxy Auth doesn't support the API. You still need an access token or basic auth to make API requests. +When this method is enabled for the API, the reverse proxy is responsible for handling CSRF protection. :::