KJZH001/nezhahq.github.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nezhahq.github.io/docs/en_US/guide/q8.md
Kris 5910fd7319
更新标题
2024-05-15 04:32:59 +02:00

2.4 KiB
Raw Blame History

Cloudflare Access OAuth2 Configuration

If you encounter issues logging in as an administrator using Github, Gitlab, or Gitee, you may consider switching to Cloudflare Access as the OAuth2 provider.

Example Configuration:

Oauth2:
  Admin: 701b9ea6-9f56-48cd-af3e-cbb4bfc1475c
  ClientID: 3516291f53eca9b4901a01337e41be7dc52f565c8657d08a3fddb2178d13c5bf
  ClientSecret: 0568b67c7b6d0ed51c663e2fe935683007c28f947a27b7bd47a5ad3d8b56fb67
  Endpoint: "https://xxxxx.cloudflareaccess.com"
  Type: cloudflare

Configuration Description:

Parameter Retrieval Method
Admin My Team -> Users -> <specific user> -> User ID
ClientID/ClientSecret Access -> Application -> Add an Application
-> SaaS -> OIDC
Endpoint Access -> Application -> Application URL -> Only keep the protocol and domain, no path

Creating a SaaS-OIDC Application

Go to Zero Trust Dashboard: https://one.dash.cloudflare.com

  1. My Team -> Users -> <specific user> -> Get User ID and save it;
  2. Access -> Application -> Add an Application;
  3. Select SaaS, enter a custom application name (e.g., nezha) in Application, select OIDC, and click Add application;
  4. In Scopes, select openid, email, profile, groups;
  5. Fill in your CallBack URL in Redirect URLs, such as https://dashboard.example.com/oauth2/callback;
  6. Record the Client ID, Client Secret, and the protocol and domain part of the Issuer URL, such as https://xxxxx.cloudflareaccess.com;
  7. Edit the Dashboard configuration file (usually located at /opt/nezha/dashboard/data/config.yaml), modify the Oauth2 configuration according to the example configuration, and restart the Dashboard service.

Authentication Policy Configuration

After completing the Dashboard setup, you also need to configure the authentication policy in the Zero Trust Dashboard: Access -> Applications -> <application name> -> Policies. You can choose from over ten SSO authentication methods, including email OTP verification, hardware key verification, etc. For detailed configuration, please refer to the Cloudflare Zero Trust documentation.