9af05bfb01
Reviewed-on: https://codeberg.org/forgejo/website/pulls/323 # Conflicts: # v1.19/admin/command-line.md # v1.19/admin/config-cheat-sheet.md # v1.19/admin/database-preparation.md # v1.19/admin/email-setup.md # v1.19/admin/incoming-email.md # v1.19/admin/index.md # v1.19/admin/logging-documentation.md # v1.19/admin/reverse-proxy.md # v1.19/admin/seek-assistance.md # v1.19/admin/upgrade.md # v1.19/developer/code-forgejo-org.md # v1.19/developer/index.md # v1.19/index.md # v1.19/license.md # v1.19/user/agit-support.md # v1.19/user/api-usage.md # v1.19/user/authentication.md # v1.19/user/email-settings.md # v1.19/user/first-repository.md # v1.19/user/index.md # v1.19/user/issue-pull-request-templates.md # v1.19/user/issue-tracking-basics.md # v1.19/user/labels.md # v1.19/user/linked-references.md # v1.19/user/merge-message-templates.md # v1.19/user/oauth2-provider.md # v1.19/user/packages/cargo.md # v1.19/user/packages/chef.md # v1.19/user/packages/composer.md # v1.19/user/packages/conan.md # v1.19/user/packages/conda.md # v1.19/user/packages/container.md # v1.19/user/packages/generic.md # v1.19/user/packages/helm.md # v1.19/user/packages/index.md # v1.19/user/packages/maven.md # v1.19/user/packages/npm.md # v1.19/user/packages/nuget.md # v1.19/user/packages/pub.md # v1.19/user/packages/pypi.md # v1.19/user/packages/rubygems.md # v1.19/user/packages/storage.md # v1.19/user/packages/vagrant.md # v1.19/user/project.md # v1.19/user/protection.md # v1.19/user/push-options.md # v1.19/user/push-to-create.md # v1.19/user/repo-permissions.md # v1.19/user/webhooks.md # v1.19/user/wiki.md # v1.20/user/semver.md
1.4 KiB
| title | license | origin_url |
|---|---|---|
| Reverse proxy | Apache-2.0 | faa28b5a44/docs/content/doc/usage/authentication.en-us.md |
Forgejo supports Reverse Proxy Header authentication, it will read headers as a trusted login user name or user email address. This hasn't been enabled by default, you can enable it with
[service]
ENABLE_REVERSE_PROXY_AUTHENTICATION = true
The default login user name is in the X-WEBAUTH-USER header, you can change it via changing REVERSE_PROXY_AUTHENTICATION_USER in app.ini. If the user doesn't exist, you can enable automatic registration with ENABLE_REVERSE_PROXY_AUTO_REGISTRATION=true.
The default login user email is X-WEBAUTH-EMAIL, you can change it via changing REVERSE_PROXY_AUTHENTICATION_EMAIL in app.ini, this could also be disabled with ENABLE_REVERSE_PROXY_EMAIL
If set ENABLE_REVERSE_PROXY_FULL_NAME=true, a user full name expected in X-WEBAUTH-FULLNAME will be assigned to the user when auto creating the user. You can also change the header name with REVERSE_PROXY_AUTHENTICATION_FULL_NAME.
You can also limit the reverse proxy's IP address range with REVERSE_PROXY_TRUSTED_PROXIES which default value is 127.0.0.0/8,::1/128. By REVERSE_PROXY_LIMIT, you can limit trusted proxies level.
Notice: Reverse Proxy Auth doesn't support the API. You still need an access token or basic auth to make API requests.