cloudflare Access文档 (#68)

2024-05-03 08:49:15 +08:00 · 2024-05-03 08:49:15 +08:00 · ac4659bfd9
commit ac4659bfd9
parent d51f0f4ba1
3 changed files with 62 additions and 2 deletions
--- a/docs/.vitepress/config.ts
+++ b/docs/.vitepress/config.ts
@ -115,7 +115,8 @@ function getGuideSidebarZhCN() {
        { text: '实时通道断开/在线终端连接失败', link: '/guide/q4.html' },
        { text: '进行数据迁移、备份和恢复的步骤', link: '/guide/q5.html' },
        { text: '设置每月重置流量统计的步骤', link: '/guide/q6.html' },
-        { text: '自定义 Agent 监控项目的步骤', link: '/guide/q7.html' }
+        { text: '自定义 Agent 监控项目的步骤', link: '/guide/q7.html' },
+        { text: '使用Cloudflare Access作为OAuth2提供方', link: '/guide/q8' },
      ]
    },
    {
@ -184,7 +185,8 @@ function getGuideSidebarEnUS() {
        { text: 'Real-time channel disconnection/online terminal connection failure', link: '/en_US/guide/q4.html' },
        { text: 'Steps to perform data migration, backup and recovery', link: '/en_US/guide/q5.html' },
        { text: 'Steps to set up monthly reset data statistics', link: '/en_US/guide/q6.html' },
-        { text: 'Steps to customize Agent monitoring items', link: '/en_US/guide/q7.html' }
+        { text: 'Steps to customize Agent monitoring items', link: '/en_US/guide/q7.html' },
+        { text: 'Use Cloudflare Access as OAuth2 provider', link: '/guide/q8' },
      ]
    },
    {
--- a/docs/en_US/guide/q8.md
+++ b/docs/en_US/guide/q8.md
@ -0,0 +1,29 @@
+## Example Config：
+
+```yaml
+Oauth2:
+  Admin: 701b9ea6-9f56-48cd-af3e-cbb4bfc1475c
+  ClientID: 3516291f53eca9b4901a01337e41be7dc52f565c8657d08a3fddb2178d13c5bf
+  ClientSecret: 0568b67c7b6d0ed51c663e2fe935683007c28f947a27b7bd47a5ad3d8b56fb67
+  Endpoint: "https://akkia.cloudflareaccess.com"
+  Type: cloudflare
+```
+
+## Config Detail：
+
+| Name                  | How to Obtain                                                               |
+|-----------------------|-----------------------------------------------------------------------------|
+| Admin                 | `My Team` -> `Users` -> `<Specific User>` -> `User ID`                      |
+| ClientID/ClientSecret | `Access` -> `Application` -> `Add an Application` <br/> -> `SaaS` -> `OIDC` |
+| Endpoint              | `Access` -> `Application` -> `Application URL` -> `Only Schema&Domain part` |
+
+### Create SaaS-OIDC application
+
+Zero Trust Dashboard: https://one.dash.cloudflare.com
+
+1. `Access` -> `Application` -> `Add an Application`;
+2. Select `SaaS`, Input your custom application name in `Application` field，select `OIDC` and click `Add application`;
+3. Select `openid`, `email`, `profile`, `groups` in `Scopes` field;
+4. Input your CallBack URL in `Redirect URLs` field (e.g. `https://monitor.example.com/oauth2/callback`);
+5. Record `Client ID`, `Client Secret` and Schemas&Domain part in `Issuer` (e.g. `https://akkia.cloudflareaccess.com`);
+6. Modify Dashboard Config ( location: `/opt/nezha/dashboard/data/config.yaml`), and restart Dashboard service;
--- a/docs/guide/q8.md
+++ b/docs/guide/q8.md
@ -0,0 +1,29 @@
+## 示例配置：
+
+```yaml
+Oauth2:
+  Admin: 701b9ea6-9f56-48cd-af3e-cbb4bfc1475c
+  ClientID: 3516291f53eca9b4901a01337e41be7dc52f565c8657d08a3fddb2178d13c5bf
+  ClientSecret: 0568b67c7b6d0ed51c663e2fe935683007c28f947a27b7bd47a5ad3d8b56fb67
+  Endpoint: "https://akkia.cloudflareaccess.com"
+  Type: cloudflare
+```
+
+## 配置说明：
+
+| 参数                    | 获取方式                                                                        |
+|-----------------------|-----------------------------------------------------------------------------|
+| Admin                 | `My Team` -> `Users` -> `<具体用户>` -> `User ID`                               |
+| ClientID/ClientSecret | `Access` -> `Application` -> `Add an Application` <br/> -> `SaaS` -> `OIDC` |
+| Endpoint              | `Access` -> `Application` -> `Application URL` -> `只保留协议+域名的部分，路径不需要`       |
+
+### 新建SaaS-OIDC应用流程
+
+Zero Trust Dashboard: https://one.dash.cloudflare.com
+
+1. `Access` -> `Application` -> `Add an Application`;
+2. 选择 `SaaS`，在`Application`中输入自定义的应用名称（例如nezha），选择`OIDC`后点击`Add application`;
+3. `Scopes`选择`openid`, `email`, `profile`, `groups`;
+4. `Redirect URLs`填写你的CallBack地址，例如 `https://monitor.example.com/oauth2/callback`;
+5. 记录`Client ID`、`Client Secret`、`Issuer`地址中协议与域名的部分，例如`https://akkia.cloudflareaccess.com`
+6. 编辑Dashboard配置文件(通常在`/opt/nezha/dashboard/data/config.yaml)`，参考示例配置修改`Oauth2`配置，并重启Dashboard服务