sigoden/dufs
1
0
Fork 0
mirror of https://github.com/sigoden/dufs.git synced 2026-04-08 16:49:02 +03:00
Code Issues 8 Packages Projects Releases 10 Wiki Activity

[GH-ISSUE #260] Add external authenticator header for reverse proxying #135

New Issue
Closed
opened 2026-04-08 16:50:36 +03:00 by zhus · 2 comments
zhus commented 2026-04-08 16:50:36 +03:00
Owner
Copy Link

Originally created by @pikaro on GitHub (Aug 29, 2023).
Original GitHub issue: https://github.com/sigoden/dufs/issues/260

Specific Demand

Allow trusting an X-Remote-User or similar header which would denote the logged-in user. This is a common feature in environments using reverse proxies where authentication is often externalized to SSO services or similarly more complex than the current authentication scheme allows.

The -a option would have to be adapted to make the password optional without implying "passwordless" and to accept a %u or similar placeholder for the remotely logged-in user. This would allow settings like "each user can access their own home directory".

Adding other settings commonly used in this context, such as

  • a "trusted proxies" comma-separated list of CIDR subnets
  • a "forwarded IP / Proto header" setting
  • an "external hostname" setting
  • etc

would be useful in a reverse-proxied environment as well.

Originally created by @pikaro on GitHub (Aug 29, 2023). Original GitHub issue: https://github.com/sigoden/dufs/issues/260 ## Specific Demand Allow trusting an `X-Remote-User` or similar header which would denote the logged-in user. This is a common feature in environments using reverse proxies where authentication is often externalized to SSO services or similarly more complex than the current authentication scheme allows. The `-a` option would have to be adapted to make the password optional without implying "passwordless" and to accept a `%u` or similar placeholder for the remotely logged-in user. This would allow settings like "each user can access their own home directory". Adding other settings commonly used in this context, such as - a "trusted proxies" comma-separated list of CIDR subnets - a "forwarded IP / Proto header" setting - an "external hostname" setting - etc would be useful in a reverse-proxied environment as well.
zhus closed this issue 2026-04-08 16:50:36 +03:00
zhus commented 2026-04-08 16:50:37 +03:00
Author
Owner
Copy Link

@sigoden commented on GitHub (Aug 31, 2023):

Use proxy server authentication alone,or use dufs authentication alone,Mixing these together can be both intricate and prone to errors.

<!-- gh-comment-id:1700056570 --> @sigoden commented on GitHub (Aug 31, 2023): Use proxy server authentication alone,or use dufs authentication alone,Mixing these together can be both intricate and prone to errors.
zhus commented 2026-04-08 16:50:37 +03:00
Author
Owner
Copy Link

@ItalyPaleAle commented on GitHub (Jan 21, 2024):

I would love support for "pass-through authentication" too, where the proxy authenticates users and dufs uses the value supplied by the proxy (e.g. the "x-forwarded-user" header).

Alternatively, support for authentication via OAuth2 ("Bearer" authorization headers) could work too!

<!-- gh-comment-id:1902509240 --> @ItalyPaleAle commented on GitHub (Jan 21, 2024): I would love support for "pass-through authentication" too, where the proxy authenticates users and dufs uses the value supplied by the proxy (e.g. the "x-forwarded-user" header). Alternatively, support for authentication via OAuth2 ("Bearer" authorization headers) could work too!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
zhus
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: sigoden/dufs#135
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?