KJZH001/nezhahq.github.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cloudflare Access文档 (#68)

Browse Source
This commit is contained in:
Akkia 2024-05-03 08:49:15 +08:00 committed by GitHub
parent d51f0f4ba1
commit ac4659bfd9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 62 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/.vitepress/config.ts
View File

@ -115,7 +115,8 @@ function getGuideSidebarZhCN() {
{ text: '实时通道断开/在线终端连接失败', link: '/guide/q4.html' }, { text: '实时通道断开/在线终端连接失败', link: '/guide/q4.html' },
{ text: '进行数据迁移、备份和恢复的步骤', link: '/guide/q5.html' }, { text: '进行数据迁移、备份和恢复的步骤', link: '/guide/q5.html' },
{ text: '设置每月重置流量统计的步骤', link: '/guide/q6.html' }, { text: '设置每月重置流量统计的步骤', link: '/guide/q6.html' },
{ text: '自定义 Agent 监控项目的步骤', link: '/guide/q7.html' } { text: '自定义 Agent 监控项目的步骤', link: '/guide/q7.html' },
{ text: '使用Cloudflare Access作为OAuth2提供方', link: '/guide/q8' },
] ]
}, },
{ {
@ -184,7 +185,8 @@ function getGuideSidebarEnUS() {
{ text: 'Real-time channel disconnection/online terminal connection failure', link: '/en_US/guide/q4.html' }, { text: 'Real-time channel disconnection/online terminal connection failure', link: '/en_US/guide/q4.html' },
{ text: 'Steps to perform data migration, backup and recovery', link: '/en_US/guide/q5.html' }, { text: 'Steps to perform data migration, backup and recovery', link: '/en_US/guide/q5.html' },
{ text: 'Steps to set up monthly reset data statistics', link: '/en_US/guide/q6.html' }, { text: 'Steps to set up monthly reset data statistics', link: '/en_US/guide/q6.html' },
{ text: 'Steps to customize Agent monitoring items', link: '/en_US/guide/q7.html' } { text: 'Steps to customize Agent monitoring items', link: '/en_US/guide/q7.html' },
{ text: 'Use Cloudflare Access as OAuth2 provider', link: '/guide/q8' },
] ]
}, },
{ {

29
docs/en_US/guide/q8.md Normal file
View File

@ -0,0 +1,29 @@
## Example Config
```yaml
Oauth2:
Admin: 701b9ea6-9f56-48cd-af3e-cbb4bfc1475c
ClientID: 3516291f53eca9b4901a01337e41be7dc52f565c8657d08a3fddb2178d13c5bf
ClientSecret: 0568b67c7b6d0ed51c663e2fe935683007c28f947a27b7bd47a5ad3d8b56fb67
Endpoint: "https://akkia.cloudflareaccess.com"
Type: cloudflare
```
## Config Detail
| Name | How to Obtain |
|-----------------------|-----------------------------------------------------------------------------|
| Admin | `My Team` -> `Users` -> `<Specific User>` -> `User ID` |
| ClientID/ClientSecret | `Access` -> `Application` -> `Add an Application` <br/> -> `SaaS` -> `OIDC` |
| Endpoint | `Access` -> `Application` -> `Application URL` -> `Only Schema&Domain part` |
### Create SaaS-OIDC application
Zero Trust Dashboard: https://one.dash.cloudflare.com
1. `Access` -> `Application` -> `Add an Application`;
2. Select `SaaS`, Input your custom application name in `Application` fieldselect `OIDC` and click `Add application`;
3. Select `openid`, `email`, `profile`, `groups` in `Scopes` field;
4. Input your CallBack URL in `Redirect URLs` field (e.g. `https://monitor.example.com/oauth2/callback`);
5. Record `Client ID`, `Client Secret` and Schemas&Domain part in `Issuer` (e.g. `https://akkia.cloudflareaccess.com`);
6. Modify Dashboard Config ( location: `/opt/nezha/dashboard/data/config.yaml`), and restart Dashboard service;

29
docs/guide/q8.md Normal file
View File

@ -0,0 +1,29 @@
## 示例配置:
```yaml
Oauth2:
Admin: 701b9ea6-9f56-48cd-af3e-cbb4bfc1475c
ClientID: 3516291f53eca9b4901a01337e41be7dc52f565c8657d08a3fddb2178d13c5bf
ClientSecret: 0568b67c7b6d0ed51c663e2fe935683007c28f947a27b7bd47a5ad3d8b56fb67
Endpoint: "https://akkia.cloudflareaccess.com"
Type: cloudflare
```
## 配置说明:
| 参数 | 获取方式 |
|-----------------------|-----------------------------------------------------------------------------|
| Admin | `My Team` -> `Users` -> `<具体用户>` -> `User ID` |
| ClientID/ClientSecret | `Access` -> `Application` -> `Add an Application` <br/> -> `SaaS` -> `OIDC` |
| Endpoint | `Access` -> `Application` -> `Application URL` -> `只保留协议+域名的部分,路径不需要` |
### 新建SaaS-OIDC应用流程
Zero Trust Dashboard: https://one.dash.cloudflare.com
1. `Access` -> `Application` -> `Add an Application`;
2. 选择 `SaaS`,在`Application`中输入自定义的应用名称例如nezha选择`OIDC`后点击`Add application`;
3. `Scopes`选择`openid`, `email`, `profile`, `groups`;
4. `Redirect URLs`填写你的CallBack地址例如 `https://monitor.example.com/oauth2/callback`;
5. 记录`Client ID``Client Secret``Issuer`地址中协议与域名的部分,例如`https://akkia.cloudflareaccess.com`
6. 编辑Dashboard配置文件(通常在`/opt/nezha/dashboard/data/config.yaml)`,参考示例配置修改`Oauth2`配置并重启Dashboard服务