From 1c2c188dc3544bd4df571ce06d24784640db43d5 Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Tue, 30 Mar 2021 20:25:01 +0200 Subject: Implement a reverse proxy --- doc/webid-oidc.texi | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'doc') diff --git a/doc/webid-oidc.texi b/doc/webid-oidc.texi index 6a0e633..dda97bd 100644 --- a/doc/webid-oidc.texi +++ b/doc/webid-oidc.texi @@ -438,6 +438,7 @@ the seed. @chapter Running a Resource Server @menu +* Running webid-oidc-reverse-proxy:: * The authenticator:: @end menu @@ -445,6 +446,38 @@ A Solid server is the server that manages your data. It needs to check that the proofs of possession are correct, and the possessed key is signed by the identity provider. +@node Running webid-oidc-reverse-proxy +@section Running webid-oidc-reverse-proxy + +The distribution comes with a reverse proxy, aptly named +@code{webid-oidc-reverse-proxy}, to listen to an interface, take +requests, authenticate them, and pass them to a backend with an +additional header containing the webid of the agent, if authenticated. + +The reverse proxy is invoked with the following arguments: + +@table @asis +@item @code{-p}@var{PORT}, @code{--port=}@var{PORT} +the port on which the reverse proxy listens; +@item @code{-i}@var{INBOUND}, @code{--inbound-uri=}@var{INBOUND} +the public name of the server; +@item @code{-o}@var{OUTBOUND}, @code{--outbound-uri=}@var{OUTBOUND} +the address of the backend; +@item @code{-H}@var{HEADER}, @code{--header=}@var{HEADER} +replace the name of the header that will contain the webid of the +user. Defaults to @code{XXX-Agent}. Please note that this value should +be ASCII, otherwise it’s not guaranteed that the reverse proxy will +drop other capitalizations of the header in malicious requests; +@item @code{-l @var{FILE.log}}, or @code{--log-file=@var{FILE.log}} +let the server dump all its output to @var{FILE.log}. See the identity +provider comment; +@item @code{-e @var{FILE.err}}, or @code{--error-file=@var{FILE.err}} +let the server dump all its errors to @var{FILE.err}. +@end table + +You can localize the interface by setting the @var{LANG} environment +variable. + @node The authenticator @section The authenticator -- cgit v1.2.3