devbennett7/goma-gateway
1
0
Fork 0
Code Pull Requests Activity

docs: add block common exploits and oauth middleware

Browse Source
This commit is contained in:
Jonas Kaninda
2024-11-08 19:34:28 +01:00
parent 2012ac69a3
commit d4de147524
7 changed files with 98 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
README.md
View File

@@ -45,9 +45,13 @@ It comes with a lot of integrated features, such as:
- Custom Headers
- Backend Errors interceptor
- Support TLS
- Block common exploits middleware
- Patterns to detect SQL injection attempts
- Pattern to detect simple XSS attempts
- Authentication middleware
- JWT `client authorization based on the result of a request`
- Basic-Auth
- OAuth
- Rate limiting
- In-Memory Token Bucket based
- In-Memory client IP based
@@ -56,8 +60,6 @@ It comes with a lot of integrated features, such as:
- [ ] Distributed Rate Limiting for In-Memory client IP based across multiple instances using Redis
- [ ] Blocklist IP address middleware
- [x] Block common exploits middleware
- [x] OAuth authentication middleware
----
@@ -72,25 +74,25 @@ The default configuration is automatically generated if any configuration file i
```shell
docker run --rm --name goma-gateway \
-v "${PWD}/config:/config" \
jkaninda/goma-gateway config init --output /config/goma.yml
-v "${PWD}/config:/etc/goma/" \
jkaninda/goma-gateway config init --output /etc/goma/goma.yml
```
### 2. Run server
```shell
docker run --rm --name goma-gateway \
-v "${PWD}/config:/config" \
-p 80:80 \
-v "${PWD}/config:/etc/goma/" \
-p 8080:8080 \
jkaninda/goma-gateway server
```
### 3. Start server with a custom config
```shell
docker run --rm --name goma-gateway \
-v "${PWD}/config:/config" \
-p 80:80 \
-p 443:443 \
jkaninda/goma-gateway server --config /config/config.yml
-v "${PWD}/config:/etc/goma/" \
-p 8080:8080 \
-p 8443:8443 \
jkaninda/goma-gateway server --config /etc/goma/config.yml
```
### 4. Healthcheck
@@ -111,9 +113,9 @@ services:
start_period: 20s
timeout: 10s
ports:
- "80:80"
- "8080:8080"
volumes:
- ./config:/config/
- ./config:/etc/goma/
```
Create a config file in this format
@@ -145,6 +147,7 @@ gateway:
disableDisplayRouteOnStart: false
# disableKeepAlive allows enabling and disabling KeepALive server
disableKeepAlive: false
blockCommonExploits: false
# interceptErrors intercepts backend errors based on defined the status codes
interceptErrors:
- 405

5
docs/index.md
View File

@@ -20,9 +20,14 @@ It comes with a lot of integrated features, such as:
- Cross-Origin Resource Sharing (CORS)
- Custom Headers
- Backend Errors interceptor
- Support TLS
- Block common exploits middleware
- Patterns to detect SQL injection attempts
- Pattern to detect simple XSS attempts
- Authentication middleware
- JWT `client authorization based on the result of a request`
- Basic-Auth
- OAuth
- Rate limiting
- In-Memory Token Bucket based
- In-Memory client IP based

55
docs/middleware.md
View File

@@ -18,6 +18,7 @@ Goma Gateway supports :
- Authentication middleware
- JWT `client authorization based on the result of a request`
- Basic-Auth
- OAuth
- Rate limiting middleware
- In-Memory client IP based
- Access middleware
@@ -133,6 +134,60 @@ middlewares:
params:
userCountryId: countryId
```
### OAuth middleware
Example of Google provider
```yaml
- name: google-oauth
type: oauth
paths:
- /*
rule:
clientId: xxx
clientSecret: xxxx
# oauth provider google, gitlab, github, amazon, facebook, custom
provider: google # facebook, gitlab, github, amazon
redirectUrl: https://example.com/callback/protected
#RedirectPath is the PATH to redirect users after authentication, e.g: /my-protected-path/dashboard
redirectPath: /dashboard
scopes:
- https://www.googleapis.com/auth/userinfo.email
- https://www.googleapis.com/auth/userinfo.profile
state: randomStateString
jwtSecret: your-strong-jwt-secret | It's optional
```
Example of Authentik provider
```yaml
- name: oauth-authentik
type: oauth
paths:
- /protected
- /example-of-oauth
rule:
clientId: xxx
clientSecret: xxx
# oauth provider google, gitlab, github, amazon, facebook, custom
provider: custom
endpoint:
authUrl: https://authentik.example.com/application/o/authorize/
tokenUrl: https://authentik.example.com/application/o/token/
userInfoUrl: https://authentik.example.com/application/o/userinfo/
redirectUrl: https://example.com/callback
#RedirectPath is the PATH to redirect users after authentication, e.g: /my-protected-path/dashboard
redirectPath: ''
#CookiePath e.g.: /my-protected-path or / || by default is applied on a route path
cookiePath: "/"
scopes:
- email
- openid
state: randomStateString
jwtSecret: your-strong-jwt-secret | It's optional
```
### Access middleware
Access middleware prevents access to a route or specific route path.

17
docs/quickstart.md
View File

@@ -11,19 +11,19 @@ nav_order: 2
You can generate the configuration file using `config init --output /config/config.yml` command.
The default configuration is automatically generated if any configuration file is not provided, and is available at `/config/goma.yml`
The default configuration is automatically generated if any configuration file is not provided, and is available at `/etc/goma/goma.yml`
```shell
docker run --rm --name goma-gateway \
-v "${PWD}/config:/config" \
-v "${PWD}/config:/etc/goma/" \
jkaninda/goma-gateway config init --output /config/config.yml
```
### 3. Start server with a custom config
```shell
docker run --rm --name goma-gateway \
-v "${PWD}/config:/config" \
-p 80:80 \
-v "${PWD}/config:/etc/goma/" \
-p 8080:8080 \
jkaninda/goma-gateway server --config /config/config.yml
```
### 4. Healthcheck
@@ -39,16 +39,16 @@ services:
image: jkaninda/goma-gateway
command: server
healthcheck:
test: curl -f http://localhost/readyz || exit 1
test: curl -f http://localhost/health/live || exit 1
interval: 30s
retries: 5
start_period: 20s
timeout: 10s
ports:
- "80:80"
- "443:443"
- "8080:8080"
- "8443:8443"
volumes:
- ./config:/config/
- ./config:/etc/goma/
```
## Customize configuration file
@@ -79,6 +79,7 @@ gateway:
disableDisplayRouteOnStart: false
# disableKeepAlive allows enabling and disabling KeepALive server
disableKeepAlive: false
blockCommonExploits: false
# interceptErrors intercepts backend errors based on defined the status codes
interceptErrors:
- 405

8
examples/compose.yaml
View File

@@ -3,13 +3,13 @@ services:
image: jkaninda/goma-gateway
command: server
healthcheck:
test: curl -f http://localhost/readyz || exit 1
test: curl -f http://localhost:8080/health/live || exit 1
interval: 30s
retries: 5
start_period: 20s
timeout: 10s
ports:
- "80:80"
- "443:443"
- "80:8080"
- "443:8443"
volumes:
- ./config:/config/
- ./config:/etc/goma/

10
examples/kubernetes.yaml
View File

@@ -20,24 +20,24 @@ spec:
memory: "128Mi"
cpu: "200m"
ports:
- containerPort: 80
- containerPort: 8080
livenessProbe:
httpGet:
path: /health/live
port: 80
port: 8080
initialDelaySeconds: 15
periodSeconds: 30
timeoutSeconds: 10
readinessProbe:
httpGet:
path: /health/live
port: 80
port: 8080
initialDelaySeconds: 15
periodSeconds: 40
periodSeconds: 30
timeoutSeconds: 10
volumeMounts:
- name: config
mountPath: /config/
mountPath: /etc/goma/
volumes:
- name: config
configMap:

1
goma.yml
View File

@@ -22,6 +22,7 @@ gateway:
disableDisplayRouteOnStart: false
# disableKeepAlive allows enabling and disabling KeepALive server
disableKeepAlive: false
blockCommonExploits: false
# interceptErrors intercepts backend errors based on defined the status codes
interceptErrors:
- 405