From ac4659bfd994901eee83449c44f1b9ad1f5b7aa3 Mon Sep 17 00:00:00 2001
From: Akkia <AkkiaS7@outlook.com>
Date: Fri, 3 May 2024 08:49:15 +0800
Subject: [PATCH] =?UTF-8?q?cloudflare=20Access=E6=96=87=E6=A1=A3=20(#68)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/.vitepress/config.ts |  6 ++++--
 docs/en_US/guide/q8.md    | 29 +++++++++++++++++++++++++++++
 docs/guide/q8.md          | 29 +++++++++++++++++++++++++++++
 3 files changed, 62 insertions(+), 2 deletions(-)
 create mode 100644 docs/en_US/guide/q8.md
 create mode 100644 docs/guide/q8.md

diff --git a/docs/.vitepress/config.ts b/docs/.vitepress/config.ts
index 3de447b4..737c1eb2 100644
--- a/docs/.vitepress/config.ts
+++ b/docs/.vitepress/config.ts
@@ -115,7 +115,8 @@ function getGuideSidebarZhCN() {
         { text: '实时通道断开/在线终端连接失败', link: '/guide/q4.html' },
         { text: '进行数据迁移、备份和恢复的步骤', link: '/guide/q5.html' },
         { text: '设置每月重置流量统计的步骤', link: '/guide/q6.html' },
-        { text: '自定义 Agent 监控项目的步骤', link: '/guide/q7.html' }
+        { text: '自定义 Agent 监控项目的步骤', link: '/guide/q7.html' },
+        { text: '使用Cloudflare Access作为OAuth2提供方', link: '/guide/q8' },
       ]
     },
     {
@@ -184,7 +185,8 @@ function getGuideSidebarEnUS() {
         { text: 'Real-time channel disconnection/online terminal connection failure', link: '/en_US/guide/q4.html' },
         { text: 'Steps to perform data migration, backup and recovery', link: '/en_US/guide/q5.html' },
         { text: 'Steps to set up monthly reset data statistics', link: '/en_US/guide/q6.html' },
-        { text: 'Steps to customize Agent monitoring items', link: '/en_US/guide/q7.html' }
+        { text: 'Steps to customize Agent monitoring items', link: '/en_US/guide/q7.html' },
+        { text: 'Use Cloudflare Access as OAuth2 provider', link: '/guide/q8' },
       ]
     },
     {
diff --git a/docs/en_US/guide/q8.md b/docs/en_US/guide/q8.md
new file mode 100644
index 00000000..513435ac
--- /dev/null
+++ b/docs/en_US/guide/q8.md
@@ -0,0 +1,29 @@
+## Example Config：
+
+```yaml
+Oauth2:
+  Admin: 701b9ea6-9f56-48cd-af3e-cbb4bfc1475c
+  ClientID: 3516291f53eca9b4901a01337e41be7dc52f565c8657d08a3fddb2178d13c5bf
+  ClientSecret: 0568b67c7b6d0ed51c663e2fe935683007c28f947a27b7bd47a5ad3d8b56fb67
+  Endpoint: "https://akkia.cloudflareaccess.com"
+  Type: cloudflare
+```
+
+## Config Detail：
+
+| Name                  | How to Obtain                                                               |
+|-----------------------|-----------------------------------------------------------------------------|
+| Admin                 | `My Team` -> `Users` -> `<Specific User>` -> `User ID`                      |
+| ClientID/ClientSecret | `Access` -> `Application` -> `Add an Application` <br/> -> `SaaS` -> `OIDC` |
+| Endpoint              | `Access` -> `Application` -> `Application URL` -> `Only Schema&Domain part` |
+
+### Create SaaS-OIDC application
+
+Zero Trust Dashboard: https://one.dash.cloudflare.com
+
+1. `Access` -> `Application` -> `Add an Application`;
+2. Select `SaaS`, Input your custom application name in `Application` field，select `OIDC` and click `Add application`;
+3. Select `openid`, `email`, `profile`, `groups` in `Scopes` field;
+4. Input your CallBack URL in `Redirect URLs` field (e.g. `https://monitor.example.com/oauth2/callback`);
+5. Record `Client ID`, `Client Secret` and Schemas&Domain part in `Issuer` (e.g. `https://akkia.cloudflareaccess.com`);
+6. Modify Dashboard Config ( location: `/opt/nezha/dashboard/data/config.yaml`), and restart Dashboard service;
\ No newline at end of file
diff --git a/docs/guide/q8.md b/docs/guide/q8.md
new file mode 100644
index 00000000..30bcbb9d
--- /dev/null
+++ b/docs/guide/q8.md
@@ -0,0 +1,29 @@
+## 示例配置：
+
+```yaml
+Oauth2:
+  Admin: 701b9ea6-9f56-48cd-af3e-cbb4bfc1475c
+  ClientID: 3516291f53eca9b4901a01337e41be7dc52f565c8657d08a3fddb2178d13c5bf
+  ClientSecret: 0568b67c7b6d0ed51c663e2fe935683007c28f947a27b7bd47a5ad3d8b56fb67
+  Endpoint: "https://akkia.cloudflareaccess.com"
+  Type: cloudflare
+```
+
+## 配置说明：
+
+| 参数                    | 获取方式                                                                        |
+|-----------------------|-----------------------------------------------------------------------------|
+| Admin                 | `My Team` -> `Users` -> `<具体用户>` -> `User ID`                               |
+| ClientID/ClientSecret | `Access` -> `Application` -> `Add an Application` <br/> -> `SaaS` -> `OIDC` |
+| Endpoint              | `Access` -> `Application` -> `Application URL` -> `只保留协议+域名的部分，路径不需要`       |
+
+### 新建SaaS-OIDC应用流程
+
+Zero Trust Dashboard: https://one.dash.cloudflare.com
+
+1. `Access` -> `Application` -> `Add an Application`;
+2. 选择 `SaaS`，在`Application`中输入自定义的应用名称（例如nezha），选择`OIDC`后点击`Add application`;
+3. `Scopes`选择`openid`, `email`, `profile`, `groups`;
+4. `Redirect URLs`填写你的CallBack地址，例如 `https://monitor.example.com/oauth2/callback`;
+5. 记录`Client ID`、`Client Secret`、`Issuer`地址中协议与域名的部分，例如`https://akkia.cloudflareaccess.com`
+6. 编辑Dashboard配置文件(通常在`/opt/nezha/dashboard/data/config.yaml)`，参考示例配置修改`Oauth2`配置，并重启Dashboard服务
\ No newline at end of file