mirror of
https://github.com/9001/copyparty.git
synced 2025-08-17 00:52:16 -06:00
IdP config draft (#62)
This commit is contained in:
ed
parent
59688bc8d7
commit
97d9c149f1
|
|
@ -1219,7 +1219,7 @@ work is [ongoing](https://github.com/9001/copyparty/issues/62) to support authen
|
|||
|
||||
it is currently possible to specify `--idp-h-usr x-username`; copyparty will then skip password validation and blindly trust the username specified in the `X-Username` request header
|
||||
|
||||
the remaining stuff (accepting user groups through another header, creating volumes on the fly) are still to-do
|
||||
the remaining stuff (accepting user groups through another header, creating volumes on the fly) are still to-do; configuration will probably [look like this](./docs/examples/docker/idp/copyparty.conf)
|
||||
|
||||
|
||||
## hiding from google
|
||||
|
|
|
|||
60
docs/examples/docker/idp/copyparty.conf
Normal file
60
docs/examples/docker/idp/copyparty.conf
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
# not actually YAML but lets pretend:
|
||||
# -*- mode: yaml -*-
|
||||
# vim: ft=yaml:
|
||||
|
||||
|
||||
# example config for how copyparty can be used with an identity
|
||||
# provider, replacing the built-in authentication/authorization
|
||||
# mechanism, and instead expecting the reverse-proxy to provide
|
||||
# the requester's username (and possibly a group-name, for
|
||||
# optional group-based access control)
|
||||
#
|
||||
# the filesystem-path `/w` is used as the storage location
|
||||
# because that is the data-volume in the docker containers,
|
||||
# because a deployment like this (with an IdP) is more commonly
|
||||
# seen in containerized environments -- but this is not required
|
||||
|
||||
|
||||
[global]
|
||||
e2dsa # enable file indexing and filesystem scanning
|
||||
e2ts # enable multimedia indexing
|
||||
ansi # enable colors in log messages
|
||||
|
||||
# enable IdP support by expecting username/groupname in
|
||||
# http-headers provided by the reverse-proxy; header "X-IdP-User"
|
||||
# will contain the username, "X-IdP-Group" the groupname
|
||||
idp-h-usr: x-idp-user
|
||||
idp-h-grp: x-idp-group
|
||||
|
||||
|
||||
[/] # create a volume at "/" (the webroot), which will
|
||||
/w # share /w (the docker data volume)
|
||||
accs:
|
||||
rw: * # everyone gets read-access, but
|
||||
rwmda: %su # the group "su" gets read-write-move-delete-admin
|
||||
|
||||
|
||||
[/~${u}] # each user gets their own home-folder at /~username
|
||||
/w/~${u} # which will be in a folder named ~username in the docker data volume
|
||||
accs:
|
||||
r: * # read-access for anyone, and
|
||||
rwmda: ${u}, %su # read-write-move-delete-admin for that username + the "su" group
|
||||
|
||||
|
||||
[/~${u}/priv] # each user also gets a private area at /~username/priv
|
||||
/w/~${u}/priv # stored at DATAVOLUME/~username/priv
|
||||
accs:
|
||||
rwmda: ${u}, %su # read-write-move-delete-admin for that username + the "su" group
|
||||
|
||||
|
||||
[/lounge/${g}] # each group gets their own shared volume
|
||||
/w/lounge/${g} # stored at DATAVOLUME/lounge/groupname
|
||||
accs:
|
||||
r: * # read-access for anyone, and
|
||||
rwmda: %${g}, %su # read-write-move-delete-admin for that group + the "su" group
|
||||
|
||||
|
||||
[/lounge/${g}/priv] # and a private area for each group too
|
||||
/w/lounge/${g}/priv # stored at DATAVOLUME/lounge/groupname/priv
|
||||
accs:
|
||||
rwmda: %${g}, %su # read-write-move-delete-admin for that group + the "su" group
|
||||
Loading…
Reference in a new issue