diff --git a/README.md b/README.md index 84aeae5..1bdcbc1 100644 --- a/README.md +++ b/README.md @@ -112,10 +112,16 @@ services: - ./config:/etc/goma/ ``` +## Supported Systems -## Requirement +- [x] Linux +- [x] MacOS +- [x] Windows + +## Deployment - Docker +- Kubernetes ## Contributing @@ -126,6 +132,8 @@ The Goma Gateway project welcomes all contributors. We appreciate your help! If you like or are using Goma Gateway, please give it a star. Thanks! +Please share. + ## License diff --git a/examples/compose.yaml b/examples/compose.yaml index 3fa6a72..0556ef2 100644 --- a/examples/compose.yaml +++ b/examples/compose.yaml @@ -9,7 +9,7 @@ services: start_period: 20s timeout: 10s ports: - - "80:8080" - - "443:8443" + - "8080:8080" + - "8443:8443" volumes: - - ./config:/etc/goma/ + - ./:/etc/goma/ diff --git a/examples/configMap.yaml b/examples/configMap.yaml index 7d2efe2..7b82992 100644 --- a/examples/configMap.yaml +++ b/examples/configMap.yaml @@ -4,20 +4,21 @@ metadata: name: goma-config data: goma.yml: | - # Goma Gateway configurations + # Goma Gateway configurations + version: 0.1.7 gateway: # Proxy write timeout writeTimeout: 15 # Proxy read timeout readTimeout: 15 # Proxy idle timeout - idleTimeout: 60 + idleTimeout: 30 ## SSL Certificate file sslCertFile: '' #cert.pem ## SSL Private Key file sslKeyFile: ''#key.pem # Proxy rate limit, it's In-Memory IP based - rateLimiter: 0 + rateLimit: 0 accessLog: "/dev/Stdout" errorLog: "/dev/stderr" ## Enable, disable routes health check @@ -28,6 +29,8 @@ data: disableDisplayRouteOnStart: false # disableKeepAlive allows enabling and disabling KeepALive server disableKeepAlive: false + # Block common exploits | detect SQL injection, and simple XSS attempts + blockCommonExploits: false # interceptErrors intercepts backend errors based on defined the status codes interceptErrors: - 405 @@ -47,7 +50,7 @@ data: ##### Define routes routes: # Example of a route | 1 - - name: Public + - name: Public # Name is optional # host Domain/host based request routing host: "" # Host is optional path: /public @@ -55,6 +58,8 @@ data: # e.g rewrite: /store to / rewrite: / destination: https://example.com + # Limit HTTP methods allowed for this route + methods: [POST, PUT, GET] #DisableHeaderXForward Disable X-forwarded header. # [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ] # It will not match the backend route, by default, it's disabled @@ -84,6 +89,7 @@ data: path: /protected rewrite: / destination: https://example.com + methods: [] healthCheck: cors: {} middlewares: diff --git a/examples/goma.yml b/examples/goma.yml index 74c5b16..aac44c2 100644 --- a/examples/goma.yml +++ b/examples/goma.yml @@ -6,7 +6,7 @@ gateway: # Proxy read timeout readTimeout: 15 # Proxy idle timeout - idleTimeout: 60 + idleTimeout: 30 ## SSL Certificate file sslCertFile: '' #cert.pem ## SSL Private Key file @@ -23,6 +23,7 @@ gateway: disableDisplayRouteOnStart: false # disableKeepAlive allows enabling and disabling KeepALive server disableKeepAlive: false + # Block common exploits | detect SQL injection, and simple XSS attempts blockCommonExploits: false # interceptErrors intercepts backend errors based on defined the status codes interceptErrors: @@ -43,7 +44,7 @@ gateway: ##### Define routes routes: # Example of a route | 1 - - name: Public + - name: Public # Name is optional # host Domain/host based request routing host: "" # Host is optional path: /public @@ -51,6 +52,7 @@ gateway: # e.g rewrite: /store to / rewrite: / destination: https://example.com + # Limit HTTP methods allowed for this route methods: [POST, PUT, GET] #DisableHeaderXForward Disable X-forwarded header. # [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ] @@ -81,6 +83,7 @@ gateway: path: /protected rewrite: / destination: https://example.com + methods: [] healthCheck: cors: {} middlewares: @@ -138,4 +141,44 @@ middlewares: - /v2/swagger-ui/* - /api-docs/* - /internal/* - - /actuator/* \ No newline at end of file + - /actuator/* + - name: oauth-google + type: oauth + paths: + - /protected + - /example-of-oauth + rule: + clientId: xxx + clientSecret: xxx + provider: google + endpoint: + userInfoUrl: "" + redirectUrl: http://localhost:8080/callback + redirectPath: "" + cookiePath: "" + scopes: + - https://www.googleapis.com/auth/userinfo.email + - https://www.googleapis.com/auth/userinfo.profile + state: randomStateString + jwtSecret: your-strong-jwt-secret | It's optional + - name: oauth-authentik + type: oauth + paths: + - /protected + - /example-of-oauth + rule: + clientId: xxx + clientSecret: xxx + provider: custom + endpoint: + authUrl: https://authentik.example.com/application/o/authorize/ + tokenUrl: https://authentik.example.com/application/o/token/ + userInfoUrl: https://authentik.example.com/application/o/userinfo/ + redirectUrl: http://localhost:8080/callback + redirectPath: "" + cookiePath: "" + scopes: + - email + - openid + state: randomStateString + jwtSecret: your-strong-jwt-secret | It's optional \ No newline at end of file diff --git a/goma.yml b/goma.yml index 57ac839..6a5450c 100644 --- a/goma.yml +++ b/goma.yml @@ -5,7 +5,7 @@ gateway: # Proxy read timeout readTimeout: 15 # Proxy idle timeout - idleTimeout: 60 + idleTimeout: 30 ## SSL Certificate file sslCertFile: '' #cert.pem ## SSL Private Key file