add nginx-sso

README.md

@@ -318,6 +318,7 @@ A collection of delicious docker recipes.
 - [x] mongo
 - [x] neo4j
 - [x] erichough/nfs-server
+- [x] luzifer/nginx-sso
 - [x] odoo
 - [x] osixia/openldap
 - [x] campbellsoftwaresolutions/osticket

nginx-sso/README.md

@@ -0,0 +1,8 @@
+nginx-sso
+=========
+
+[nginx-sso][1] is intended to be used within the `ngx_http_auth_request_module` of
+Nginx to provide a single-sign-on for a domain using one central authentication
+directory.
+
+[1]: https://github.com/Luzifer/nginx-sso/wiki

nginx-sso/data/config.yaml

@@ -0,0 +1,42 @@
+---
+
+login:
+  title: "yourdomain.com - Login"
+  default_method: "simple"
+  hide_mfa_field: true
+  names:
+    simple: "Username / Password"
+
+cookie:
+  domain: ".yourdomain.com"
+  # You'll want to regenerate this. Use something like: cat /dev/urandom | tr -dc 'A-Za-z0-9' | dd bs=1 count=60
+  authentication_key: "5foFtWocwA3hq0tUztgMqn9xaagqNP1wFqfFyZDHTxhr154iQQ60eDI9z6oDVNHF7B"
+
+listen:
+  addr: "0.0.0.0"
+  port: 8082
+
+audit_log:
+  targets:
+    - fd://stdout
+    - file:///var/log/nginx-sso/audit.jsonl
+  events: ['access_denied', 'login_success', 'login_failure', 'logout', 'validate']
+  headers: ['x-origin-uri']
+  trusted_ip_headers: ["X-Forwarded-For", "RemoteAddr", "X-Real-IP"]
+
+acl:
+  rule_sets:
+  - rules:
+    - field: "x-host"
+      regexp: ".*"
+    allow: ["@admins"]
+
+providers:
+  simple:
+    enable_basic_auth: true
+    users:
+      # This password is 'admin'. Use this to generate a new password:
+      #      htpasswd -BnC 10 ""
+      admin: "$2y$10$3aJxJ6ttJNPeky/bCdg1OOVvGU8pLVj9L.U9kN0F0JWLN.nt3b5WO"
+    groups:
+      admins: ["admin"]

nginx-sso/docker-compose.yml

@@ -0,0 +1,7 @@
+nginx-sso:
+  image: luzifer/nginx-sso
+  ports:
+    - "8082:8082"
+  volumes:
+    - ./data:/data
+  restart: unless-stopped