mirror of
https://github.com/9001/copyparty.git
synced 2025-08-17 00:52:16 -06:00
b377791be7
the old `10.88.` syntax is still supported, translating to `10.88.0.0/16` also fix `--tftp-ipa` when optimizations are enabled
1.1 KiB
1.1 KiB
there is a docker-compose example which is hopefully a good starting point (meaning you can skip the steps below) -- but if you want to set this up from scratch yourself (or learn about how it works), keep reading:
to configure IdP from scratch, you must place copyparty behind a reverse-proxy which sends all requests through a middleware (the IdP / identity-provider service) which will inject a set of headers into the requests, telling copyparty who the user is
in the copyparty [global] config, specify which headers to read client info from; username is required (idp-h-usr: X-Authooley-User), group(s) are optional (idp-h-grp: X-Authooley-Groups)
- it is also required to specify the subnet that legit requests will be coming from, for example
--xff-src=10.88.0.0/24to allow 10.88.x.x (or--xff-src=lanfor all private IPs), and it is recommended to configure the reverseproxy to include a secret header as proof that the other headers are also legit (and not smuggled in by a malicious client), telling copyparty the headername to expect withidp-h-key: shangala-bangala