KJZH001/nezhahq.github.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nezhahq.github.io/assets/guide_q8.md.C7TI6lji.js

7 lines
5.7 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

import{_ as e,c as a,o as s,a4 as t}from"./chunks/framework.BmdFiWrL.js";const g=JSON.parse('{"title":"使用 Cloudflare Access 作为 OAuth2 提供方","description":"","frontmatter":{},"headers":[],"relativePath":"guide/q8.md","filePath":"guide/q8.md","lastUpdated":1720181150000}'),d={name:"guide/q8.md"},c=t(`<h1 id="使用-cloudflare-access-作为-oauth2-提供方" tabindex="-1">使用 Cloudflare Access 作为 OAuth2 提供方 <a class="header-anchor" href="#使用-cloudflare-access-作为-oauth2-提供方" aria-label="Permalink to &quot;使用 Cloudflare Access 作为 OAuth2 提供方&quot;"></a></h1><p>相较于 GithubCloudflare Access 对于中国大陆用户更加友好。如您当前使用 Github、Gitlab、Gitee 作为管理员账户登录时遇到问题,您可以考虑切换 Cloudflare Access 作为 OAuth2 提供方</p><h2 id="示例配置" tabindex="-1">示例配置: <a class="header-anchor" href="#示例配置" aria-label="Permalink to &quot;示例配置:&quot;"></a></h2><div class="language-yaml vp-adaptive-theme"><button title="Copy Code" class="copy"></button><span class="lang">yaml</span><pre class="shiki shiki-themes github-light github-dark vp-code" tabindex="0"><code><span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">Oauth2</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">:</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> Admin</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">701b9ea6-9f56-48cd-af3e-cbb4bfc1475c</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> ClientID</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">3516291f53eca9b4901a01337e41be7dc52f565c8657d08a3fddb2178d13c5bf</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> ClientSecret</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">0568b67c7b6d0ed51c663e2fe935683007c28f947a27b7bd47a5ad3d8b56fb67</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> Endpoint</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">&quot;https://xxxxx.cloudflareaccess.com&quot;</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> Type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">cloudflare</span></span></code></pre></div><h2 id="配置说明" tabindex="-1">配置说明: <a class="header-anchor" href="#配置说明" aria-label="Permalink to &quot;配置说明:&quot;"></a></h2><table tabindex="0"><thead><tr><th>参数</th><th>获取方式</th></tr></thead><tbody><tr><td>Admin</td><td><code>My Team</code> -&gt; <code>Users</code> -&gt; <code>&lt;具体用户&gt;</code> -&gt; <code>User ID</code></td></tr><tr><td>ClientID/ClientSecret</td><td><code>Access</code> -&gt; <code>Application</code> -&gt; <code>Add an Application</code> <br> -&gt; <code>SaaS</code> -&gt; <code>OIDC</code></td></tr><tr><td>Endpoint</td><td><code>Access</code> -&gt; <code>Application</code> -&gt; <code>Application URL</code> -&gt; <code>只保留协议+域名的部分,路径不需要</code></td></tr></tbody></table><h3 id="新建-saas-oidc-应用流程" tabindex="-1">新建 SaaS-OIDC 应用流程 <a class="header-anchor" href="#新建-saas-oidc-应用流程" aria-label="Permalink to &quot;新建 SaaS-OIDC 应用流程&quot;"></a></h3><p>前往 Zero Trust Dashboard: <a href="https://one.dash.cloudflare.com" target="_blank" rel="noreferrer">https://one.dash.cloudflare.com</a></p><ol><li><code>My Team</code> -&gt; <code>Users</code> -&gt; <code>&lt;具体用户&gt;</code> -&gt; 获取 <code>User ID</code> 并保存;</li><li><code>Access</code> -&gt; <code>Application</code> -&gt; <code>Add an Application</code>;</li><li>选择 <code>SaaS</code>,在 <code>Application</code> 中输入自定义的应用名称(例如 nezha选择 <code>OIDC</code>后点击 <code>Add application</code>;</li><li><code>Scopes</code> 选择 <code>openid</code>, <code>email</code>, <code>profile</code>, <code>groups</code>;</li><li><code>Redirect URLs</code> 填写你的 CallBack 地址,例如 <code>https://dashboard.example.com/oauth2/callback</code>;</li><li>记录 <code>Client ID</code>、<code>Client Secret</code>、<code>Issuer</code> 地址中协议与域名的部分,例如 <code>https://xxxxx.cloudflareaccess.com</code></li><li>编辑 Dashboard 配置文件(通常在<code>/opt/nezha/dashboard/data/config.yaml)</code>,参考示例配置修改 <code>Oauth2</code> 配置,并重启 Dashboard 服务 <br></li></ol><h3 id="身份验证策略配置" tabindex="-1">身份验证策略配置 <a class="header-anchor" href="#身份验证策略配置" aria-label="Permalink to &quot;身份验证策略配置&quot;"></a></h3><p>在完成 Dashboard 的设置后,您还需要在 Zero Trust Dashboard 中 <code>Access</code>-&gt; <code>Applications</code> -&gt; <code>&lt;应用名&gt;</code> -&gt; <code>Policies</code> 配置验证策略。您可以选择包括邮件OTP验证、硬件密钥验证、等十多种 SSO 验证方式,详细配置请参考 <a href="https://developers.cloudflare.com/cloudflare-one/" target="_blank" rel="noreferrer">Cloudflare Zero Trust 文档</a></p>`,11),o=[c];function i(l,n,r,h,p,k){return s(),a("div",null,o)}const b=e(d,[["render",i]]);export{g as __pageData,b as default};
Reference in New Issue View Git Blame Copy Permalink