From e8433b7fe6dd1dfa5ecf0633568cc3e34caeb0f9 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Thu, 23 Mar 2023 23:18:24 +0800 Subject: Restructure documentation. Now the documentation has installation, administration, usage, development, contributing the 5 main parts (#23629) - **Installation**: includes how to install Gitea and related other tools, also includes upgrade Gitea - **Administration**: includes how to configure Gitea, customize Gitea and manage Gitea instance out of Gitea admin UI - **Usage**: includes how to use Gitea's functionalities. A sub documentation is about packages, in future we could also include CI/CD and others. - **Development**: includes how to integrate with Gitea's API, how to develop new features within Gitea - **Contributing**: includes how to contribute code to Gitea repositories. After this is merged, I think we can have a sub-documentation of `Usage` part named `Actions` to describe how to use Gitea actions --------- Co-authored-by: John Olheiser --- docs/content/doc/usage/authentication.zh-cn.md | 35 ++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 docs/content/doc/usage/authentication.zh-cn.md (limited to 'docs/content/doc/usage/authentication.zh-cn.md') diff --git a/docs/content/doc/usage/authentication.zh-cn.md b/docs/content/doc/usage/authentication.zh-cn.md new file mode 100644 index 0000000000..403c3f43ce --- /dev/null +++ b/docs/content/doc/usage/authentication.zh-cn.md @@ -0,0 +1,35 @@ +--- +date: "2016-12-01T16:00:00+02:00" +title: "认证" +slug: "authentication" +weight: 10 +toc: false +draft: false +menu: + sidebar: + parent: "usage" + name: "认证" + weight: 10 + identifier: "authentication" +--- + +# 认证 + +## 反向代理认证 + +Gitea 支持通过读取反向代理传递的 HTTP 头中的登录名或者 email 地址来支持反向代理来认证。默认是不启用的,你可以用以下配置启用。 + +```ini +[service] +ENABLE_REVERSE_PROXY_AUTHENTICATION = true +``` + +默认的登录用户名的 HTTP 头是 `X-WEBAUTH-USER`,你可以通过修改 `REVERSE_PROXY_AUTHENTICATION_USER` 来变更它。如果用户不存在,可以自动创建用户,当然你需要修改 `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION=true` 来启用它。 + +默认的登录用户 Email 的 HTTP 头是 `X-WEBAUTH-EMAIL`,你可以通过修改 `REVERSE_PROXY_AUTHENTICATION_EMAIL` 来变更它。如果用户不存在,可以自动创建用户,当然你需要修改 `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION=true` 来启用它。你也可以通过修改 `ENABLE_REVERSE_PROXY_EMAIL` 来启用或停用这个 HTTP 头。 + +如果设置了 `ENABLE_REVERSE_PROXY_FULL_NAME=true`,则用户的全名会从 `X-WEBAUTH-FULLNAME` 读取,这样在自动创建用户时将使用这个字段作为用户全名,你也可以通过修改 `REVERSE_PROXY_AUTHENTICATION_FULL_NAME` 来变更 HTTP 头。 + +你也可以通过修改 `REVERSE_PROXY_TRUSTED_PROXIES` 来设置反向代理的IP地址范围,加强安全性,默认值是 `127.0.0.0/8,::1/128`。 通过 `REVERSE_PROXY_LIMIT`, 可以设置最多信任几级反向代理。 + +注意:反向代理认证不支持认证 API,API 仍旧需要用 access token 来进行认证。 -- cgit v1.2.3