0
0
Fork 0
mirror of https://codeberg.org/forgejo/docs.git synced 2024-12-26 22:51:22 -05:00
forgejo-docs/admin/reverse-proxy.md
Earl Warren 121a25e25e
docs: v1.20: sync Gitea 62ac3251fa545d32bdfc9ff824106b97ec63edbb
# Conflicts:
#	user/packages/alpine.md
#	user/packages/cran.md
#	user/packages/debian.md
#	user/packages/go.md
#	user/packages/rpm.md
2023-08-13 14:13:15 +01:00

1.5 KiB

layout title license origin_url
~/layouts/Markdown.astro Reverse proxy Apache-2.0 62ac3251fa/docs/content/doc/usage/authentication.en-us.md

Forgejo supports Reverse Proxy Header authentication, it will read headers as a trusted login user name or user email address. This hasn't been enabled by default, you can enable it with

[service]
ENABLE_REVERSE_PROXY_AUTHENTICATION = true

The default login user name is in the X-WEBAUTH-USER header, you can change it via changing REVERSE_PROXY_AUTHENTICATION_USER in app.ini. If the user doesn't exist, you can enable automatic registration with ENABLE_REVERSE_PROXY_AUTO_REGISTRATION=true.

The default login user email is X-WEBAUTH-EMAIL, you can change it via changing REVERSE_PROXY_AUTHENTICATION_EMAIL in app.ini, this could also be disabled with ENABLE_REVERSE_PROXY_EMAIL

If set ENABLE_REVERSE_PROXY_FULL_NAME=true, a user full name expected in X-WEBAUTH-FULLNAME will be assigned to the user when auto creating the user. You can also change the header name with REVERSE_PROXY_AUTHENTICATION_FULL_NAME.

You can also limit the reverse proxy's IP address range with REVERSE_PROXY_TRUSTED_PROXIES which default value is 127.0.0.0/8,::1/128. By REVERSE_PROXY_LIMIT, you can limit trusted proxies level.

Notice: Reverse Proxy Auth doesn't support the API. You still need an access token or basic auth to make API requests.