KJZH001/nezhahq.github.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nezhahq.github.io/docs/en_US/guide/q8.md

36 lines
2.4 KiB
Markdown
Raw Blame History

If you encounter issues logging in as an administrator using Github, Gitlab, or Gitee, you may consider switching to Cloudflare Access as the OAuth2 provider.
## Example Configuration:
```yaml
Oauth2:
Admin: 701b9ea6-9f56-48cd-af3e-cbb4bfc1475c
ClientID: 3516291f53eca9b4901a01337e41be7dc52f565c8657d08a3fddb2178d13c5bf
ClientSecret: 0568b67c7b6d0ed51c663e2fe935683007c28f947a27b7bd47a5ad3d8b56fb67
Endpoint: "https://xxxxx.cloudflareaccess.com"
Type: cloudflare
```
## Configuration Description:
| Parameter | Retrieval Method |
|-----------------------|---------------------------------------------------------------------------------|
| Admin | `My Team` -> `Users` -> `<specific user>` -> `User ID` |
| ClientID/ClientSecret | `Access` -> `Application` -> `Add an Application` <br/> -> `SaaS` -> `OIDC` |
| Endpoint | `Access` -> `Application` -> `Application URL` -> `Only keep the protocol and domain, no path` |
### Creating a SaaS-OIDC Application
Go to Zero Trust Dashboard: https://one.dash.cloudflare.com
1. `My Team` -> `Users` -> `<specific user>` -> Get `User ID` and save it;
2. `Access` -> `Application` -> `Add an Application`;
3. Select `SaaS`, enter a custom application name (e.g., nezha) in `Application`, select `OIDC`, and click `Add application`;
4. In `Scopes`, select `openid`, `email`, `profile`, `groups`;
5. Fill in your CallBack URL in `Redirect URLs`, such as `https://dashboard.example.com/oauth2/callback`;
6. Record the `Client ID`, `Client Secret`, and the protocol and domain part of the `Issuer` URL, such as `https://xxxxx.cloudflareaccess.com`;
7. Edit the Dashboard configuration file (usually located at `/opt/nezha/dashboard/data/config.yaml`), modify the `Oauth2` configuration according to the example configuration, and restart the Dashboard service.
### Authentication Policy Configuration
After completing the Dashboard setup, you also need to configure the authentication policy in the Zero Trust Dashboard: `Access` -> `Applications` -> `<application name>` -> `Policies`. You can choose from over ten SSO authentication methods, including email OTP verification, hardware key verification, etc. For detailed configuration, please refer to the [Cloudflare Zero Trust documentation](https://developers.cloudflare.com/cloudflare-one/).
Reference in New Issue View Git Blame Copy Permalink