mirror of https://github.com/vouch/vouch-proxy
54 lines
2.5 KiB
Plaintext
54 lines
2.5 KiB
Plaintext
# Vouch Proxy configuration
|
|
# bare minimum to get Vouch Proxy running with github enterprise
|
|
# see config.yml_example for all options
|
|
|
|
vouch:
|
|
# domains:
|
|
# valid domains that the jwt cookies can be set into
|
|
# each of these domains must serve the url https://login.$domains[0] https://login.$domains[1] ...
|
|
# the callback_urls will be to these domains
|
|
domains:
|
|
- yourdomain.com
|
|
- yourothersite.io
|
|
|
|
# - OR -
|
|
# instead of setting specific domains you may prefer to allow all users...
|
|
# set allowAllUsers: true to use Vouch Proxy to just accept anyone who can authenticate at the configured provider
|
|
# allowAllUsers: true
|
|
|
|
cookie:
|
|
# allow the jwt/cookie to be set into http://yourdomain.com (defaults to true, requiring https://yourdomain.com)
|
|
secure: false
|
|
# vouch.cookie.domain must be set when enabling allowAllUsers
|
|
# domain: yourdomain.com
|
|
|
|
|
|
# set teamWhitelist: to list of teams and/or GitHub organizations
|
|
# When putting an organization id without a slash, it will allow all (public) members from the organization.
|
|
# The client will try to read the private organization membership using the client credentials, if that's not possible
|
|
# due to access restriction, it will try to evaluate the publicly visible membership.
|
|
# Allowing members form a specific team can be configured by qualifying the team with the organization, separated by
|
|
# a slash.
|
|
# teamWhitelist:
|
|
# - myOrg
|
|
# - myOrg/myTeam
|
|
# In case both vouch.teamWhitelist AND oauth.scopes is configured, make sure read:org scope is included
|
|
|
|
oauth:
|
|
# create a new OAuth application at:
|
|
# https://githubenterprise.yourdomain.com/settings/applications/new
|
|
provider: github
|
|
client_id: xxxxxxxxxxxxxxxxxxxx
|
|
client_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
auth_url: https://githubenterprise.yourdomain.com/login/oauth/authorize
|
|
token_url: https://githubenterprise.yourdomain.com/login/oauth/access_token
|
|
user_info_url: https://githubenterprise.yourdomain.com/api/v3/user?access_token=
|
|
# relevant only if teamWhitelist is configured; colon-prefixed parts are parameters that
|
|
# will be replaced with the respective values.
|
|
user_team_url: https://githubenterprise.yourdomain.com/api/v3/orgs/:org_id/teams/:team_slug/memberships/:username?access_token=
|
|
user_org_url: https://githubenterprise.yourdomain.com/api/v3/orgs/:org_id/members/:username?access_token=
|
|
# these GitHub OAuth defaults are set for you..
|
|
# scopes:
|
|
# - user
|
|
# In case both vouch.teamWhitelist AND oauth.scopes is configured, make sure read:org scope is included
|