1
1
mirror of https://github.com/go-gitea/gitea synced 2025-01-10 09:44:43 +00:00
gitea/docs/content/doc/usage/authentication.zh-cn.md
Lunny Xiao e8433b7fe6
Restructure documentation. Now the documentation has installation, administration, usage, development, contributing the 5 main parts (#23629)
- **Installation**: includes how to install Gitea and related other
tools, also includes upgrade Gitea
- **Administration**: includes how to configure Gitea, customize Gitea
and manage Gitea instance out of Gitea admin UI
- **Usage**: includes how to use Gitea's functionalities. A sub
documentation is about packages, in future we could also include CI/CD
and others.
- **Development**: includes how to integrate with Gitea's API, how to
develop new features within Gitea
- **Contributing**: includes how to contribute code to Gitea
repositories.

After this is merged, I think we can have a sub-documentation of `Usage`
part named `Actions` to describe how to use Gitea actions

---------

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-03-23 23:18:24 +08:00

1.7 KiB
Raw Blame History

date title slug weight toc draft menu
2016-12-01T16:00:00+02:00 认证 authentication 10 false false
sidebar
parent name weight identifier
usage 认证 10 authentication

认证

反向代理认证

Gitea 支持通过读取反向代理传递的 HTTP 头中的登录名或者 email 地址来支持反向代理来认证。默认是不启用的,你可以用以下配置启用。

[service]
ENABLE_REVERSE_PROXY_AUTHENTICATION = true

默认的登录用户名的 HTTP 头是 X-WEBAUTH-USER,你可以通过修改 REVERSE_PROXY_AUTHENTICATION_USER 来变更它。如果用户不存在,可以自动创建用户,当然你需要修改 ENABLE_REVERSE_PROXY_AUTO_REGISTRATION=true 来启用它。

默认的登录用户 Email 的 HTTP 头是 X-WEBAUTH-EMAIL,你可以通过修改 REVERSE_PROXY_AUTHENTICATION_EMAIL 来变更它。如果用户不存在,可以自动创建用户,当然你需要修改 ENABLE_REVERSE_PROXY_AUTO_REGISTRATION=true 来启用它。你也可以通过修改 ENABLE_REVERSE_PROXY_EMAIL 来启用或停用这个 HTTP 头。

如果设置了 ENABLE_REVERSE_PROXY_FULL_NAME=true,则用户的全名会从 X-WEBAUTH-FULLNAME 读取,这样在自动创建用户时将使用这个字段作为用户全名,你也可以通过修改 REVERSE_PROXY_AUTHENTICATION_FULL_NAME 来变更 HTTP 头。

你也可以通过修改 REVERSE_PROXY_TRUSTED_PROXIES 来设置反向代理的IP地址范围加强安全性默认值是 127.0.0.0/8,::1/128。 通过 REVERSE_PROXY_LIMIT 可以设置最多信任几级反向代理。

注意:反向代理认证不支持认证 APIAPI 仍旧需要用 access token 来进行认证。