2017-11-26 16:44:32 -05:00
|
|
|
|
---
|
|
|
|
|
date: "2016-12-01T16:00:00+02:00"
|
|
|
|
|
title: "认证"
|
|
|
|
|
slug: "authentication"
|
|
|
|
|
weight: 10
|
2020-12-09 01:47:06 -05:00
|
|
|
|
toc: false
|
2017-11-26 16:44:32 -05:00
|
|
|
|
draft: false
|
Refactor docs (#23752)
This was intended to be a small followup for
https://github.com/go-gitea/gitea/pull/23712, but...here we are.
1. Our docs currently use `slug` as the entire URL, which makes
refactoring tricky (see https://github.com/go-gitea/gitea/pull/23712).
Instead, this PR attempts to make future refactoring easier by using
slugs as an extension of the section. (Hugo terminology)
- What the above boils down to is this PR attempts to use directory
organization as URL management. e.g. `usage/comparison.en-us.md` ->
`en-us/usage/comparison/`, `usage/packages/overview.en-us.md` ->
`en-us/usage/packages/overview/`
- Technically we could even remove `slug`, as Hugo defaults to using
filename, however at least with this PR it means `slug` only needs to be
the name for the **current file** rather than an entire URL
2. This PR adds appropriate aliases (redirects) for pages, so anything
on the internet that links to our docs should hopefully not break.
3. A minor nit I've had for a while, renaming `seek-help` to `support`.
It's a minor thing, but `seek-help` has a strange connotation to it.
4. The commits are split such that you can review the first which is the
"actual" change, and the second is added redirects so that the first
doesn't break links elsewhere.
---------
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-04-27 23:33:41 -04:00
|
|
|
|
aliases:
|
|
|
|
|
- /zh-cn/authentication
|
2017-11-26 16:44:32 -05:00
|
|
|
|
menu:
|
|
|
|
|
sidebar:
|
2023-03-23 11:18:24 -04:00
|
|
|
|
parent: "usage"
|
2017-11-26 16:44:32 -05:00
|
|
|
|
name: "认证"
|
|
|
|
|
weight: 10
|
|
|
|
|
identifier: "authentication"
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
# 认证
|
|
|
|
|
|
2023-02-03 05:37:25 -05:00
|
|
|
|
## 反向代理认证
|
|
|
|
|
|
|
|
|
|
Gitea 支持通过读取反向代理传递的 HTTP 头中的登录名或者 email 地址来支持反向代理来认证。默认是不启用的,你可以用以下配置启用。
|
|
|
|
|
|
|
|
|
|
```ini
|
|
|
|
|
[service]
|
|
|
|
|
ENABLE_REVERSE_PROXY_AUTHENTICATION = true
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
默认的登录用户名的 HTTP 头是 `X-WEBAUTH-USER`,你可以通过修改 `REVERSE_PROXY_AUTHENTICATION_USER` 来变更它。如果用户不存在,可以自动创建用户,当然你需要修改 `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION=true` 来启用它。
|
|
|
|
|
|
|
|
|
|
默认的登录用户 Email 的 HTTP 头是 `X-WEBAUTH-EMAIL`,你可以通过修改 `REVERSE_PROXY_AUTHENTICATION_EMAIL` 来变更它。如果用户不存在,可以自动创建用户,当然你需要修改 `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION=true` 来启用它。你也可以通过修改 `ENABLE_REVERSE_PROXY_EMAIL` 来启用或停用这个 HTTP 头。
|
|
|
|
|
|
|
|
|
|
如果设置了 `ENABLE_REVERSE_PROXY_FULL_NAME=true`,则用户的全名会从 `X-WEBAUTH-FULLNAME` 读取,这样在自动创建用户时将使用这个字段作为用户全名,你也可以通过修改 `REVERSE_PROXY_AUTHENTICATION_FULL_NAME` 来变更 HTTP 头。
|
|
|
|
|
|
|
|
|
|
你也可以通过修改 `REVERSE_PROXY_TRUSTED_PROXIES` 来设置反向代理的IP地址范围,加强安全性,默认值是 `127.0.0.0/8,::1/128`。 通过 `REVERSE_PROXY_LIMIT`, 可以设置最多信任几级反向代理。
|
|
|
|
|
|
|
|
|
|
注意:反向代理认证不支持认证 API,API 仍旧需要用 access token 来进行认证。
|