forgejo/docs/content/doc/usage/authentication.zh-cn.md
John Olheiser bb25f85ce8
Refactor docs (#23752)
This was intended to be a small followup for
https://github.com/go-gitea/gitea/pull/23712, but...here we are.

1. Our docs currently use `slug` as the entire URL, which makes
refactoring tricky (see https://github.com/go-gitea/gitea/pull/23712).
Instead, this PR attempts to make future refactoring easier by using
slugs as an extension of the section. (Hugo terminology)
- What the above boils down to is this PR attempts to use directory
organization as URL management. e.g. `usage/comparison.en-us.md` ->
`en-us/usage/comparison/`, `usage/packages/overview.en-us.md` ->
`en-us/usage/packages/overview/`
- Technically we could even remove `slug`, as Hugo defaults to using
filename, however at least with this PR it means `slug` only needs to be
the name for the **current file** rather than an entire URL
2. This PR adds appropriate aliases (redirects) for pages, so anything
on the internet that links to our docs should hopefully not break.
3. A minor nit I've had for a while, renaming `seek-help` to `support`.
It's a minor thing, but `seek-help` has a strange connotation to it.
4. The commits are split such that you can review the first which is the
"actual" change, and the second is added redirects so that the first
doesn't break links elsewhere.

---------

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-04-28 11:33:41 +08:00

1.7 KiB
Raw Blame History

date title slug weight toc draft aliases menu
2016-12-01T16:00:00+02:00 认证 authentication 10 false false
/zh-cn/authentication
sidebar
parent name weight identifier
usage 认证 10 authentication

认证

反向代理认证

Gitea 支持通过读取反向代理传递的 HTTP 头中的登录名或者 email 地址来支持反向代理来认证。默认是不启用的,你可以用以下配置启用。

[service]
ENABLE_REVERSE_PROXY_AUTHENTICATION = true

默认的登录用户名的 HTTP 头是 X-WEBAUTH-USER,你可以通过修改 REVERSE_PROXY_AUTHENTICATION_USER 来变更它。如果用户不存在,可以自动创建用户,当然你需要修改 ENABLE_REVERSE_PROXY_AUTO_REGISTRATION=true 来启用它。

默认的登录用户 Email 的 HTTP 头是 X-WEBAUTH-EMAIL,你可以通过修改 REVERSE_PROXY_AUTHENTICATION_EMAIL 来变更它。如果用户不存在,可以自动创建用户,当然你需要修改 ENABLE_REVERSE_PROXY_AUTO_REGISTRATION=true 来启用它。你也可以通过修改 ENABLE_REVERSE_PROXY_EMAIL 来启用或停用这个 HTTP 头。

如果设置了 ENABLE_REVERSE_PROXY_FULL_NAME=true,则用户的全名会从 X-WEBAUTH-FULLNAME 读取,这样在自动创建用户时将使用这个字段作为用户全名,你也可以通过修改 REVERSE_PROXY_AUTHENTICATION_FULL_NAME 来变更 HTTP 头。

你也可以通过修改 REVERSE_PROXY_TRUSTED_PROXIES 来设置反向代理的IP地址范围加强安全性默认值是 127.0.0.0/8,::1/128。 通过 REVERSE_PROXY_LIMIT 可以设置最多信任几级反向代理。

注意:反向代理认证不支持认证 APIAPI 仍旧需要用 access token 来进行认证。