From 707ad4a78a34d3abe0e8a2c53e5570bf43ed252c Mon Sep 17 00:00:00 2001
From: AKP <abi@tdpain.net>
Date: Fri, 11 Oct 2024 15:57:46 +0100
Subject: [PATCH] Basic README.md

---
 README.md | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..a4a61a4
--- /dev/null
+++ b/README.md
@@ -0,0 +1,32 @@
+# Tailscale authentication in Caddy
+
+This is a plugin for the [Caddy webserver](https://caddyserver.com) that enables Tailscale-based authentication. It
+functions similarly to the default `basic_auth` Caddyfile directive except using the local Tailscale daemon and the
+remote address of a connection to authenticate based on if a connection is coming via a Tailnet and if so, who it is.
+
+Optionally, the `Tailscale-User-{Id,Login,Name}` headers are set on the incoming request to allow this to be used as an
+analogue for [`forward_auth`](https://caddyserver.com/docs/caddyfile/directives/forward_auth).
+
+## Limitations
+
+This module requires the Tailscale daemon to be running on the same machine as the Caddy server.
+
+## Example usage
+
+**Require all incoming connections to be from within a Tailnet**
+
+```
+www.example.com {
+  tailscale_auth
+  reverse_proxy localhost:9090
+}
+```
+
+**Require all incoming connections to be from within a Tailnet, setting headers**
+
+```
+www.example.com {
+  tailscale_auth set_headers
+  reverse_proxy localhost:9090
+}
+```