Add docs for allowlist and header remapping

2024-10-12 13:21:45 +01:00 · 2024-10-12 13:21:45 +01:00 · 62fc7c3144
commit 62fc7c3144
parent ba69bd699f
1 changed files with 23 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -5,7 +5,7 @@ functions similarly to the default `basic_auth` Caddyfile directive except using
 remote address of a connection to authenticate based on if a connection is coming via a Tailnet and if so, who it is.

 Optionally, the `Tailscale-User-{Id,Login,Name}` headers are set on the incoming request to allow this to be used as an
-analogue for [`forward_auth`](https://caddyserver.com/docs/caddyfile/directives/forward_auth).
+analogue for [`forward_auth`](https://caddyserver.com/docs/caddyfile/directives/forward_auth). The names of these headers can be modified (see below).

 ## Limitations

@ -30,3 +30,25 @@ www.example.com {
  reverse_proxy localhost:9090
 }
 ```
+
+**Remap header names** - there can be multiple `remap` lines in a block.
+
+```
+www.example.com {
+  tailscale_auth set_headers {
+    remap Tailscale-User-Login X-Authentik-Email
+  }
+  reverse_proxy localhost:9090
+}
+```
+
+**Allow only certain users by email address** - there is not currently any way to do this without email addresses.
+
+```
+www.example.com {
+  tailscale_auth {
+    allowed_logins example@gmail.com
+  }
+  reverse_proxy localhost:9090
+}
+```