Adguardhome: Support for Auth proxy
Prerequisites
- [x] I am running the latest version
- [x] I checked the documentation and found no answer
- [x] I checked to make sure that this issue has not already been filed
Problem Description
I'm running pomerium.io as the reverse proxy to Adguard Home's web UI. It would be great if Adguard Home web UI can support identity-aware proxy like Pomerium.
Proposed Solution
When the incoming HTTP request contains an X-Foo-Bar: username header, Adguard Home web UI should treat it as an authenticated HTTP request as if username is logged in.
The header X-Foo-Bar should be configurable.
(See the doc on Grafana's auth proxy support: https://grafana.com/docs/grafana/latest/auth/auth-proxy/)
Alternatives Considered
An option to disable authentication completely, and relying on the reverse proxy to authenticate the access to the web UI.
Additional Information
yegle
All 2 comments
Thanks for the feature request, it makes sense indeed!
An option to disable authentication completely, and relying on the reverse proxy to authenticate the access to the web UI.
This is possible, removing all users from AdGuardHome.yaml disables authentication. So you can simply replace users with users: []
ameshkov
on 27 May 2020
Thanks for the workaround! Disabling authentication makes sense if you already have a reverse proxy restricting access.
Now think about it I think supporting auth proxy may not make a lot of sense. From what I can see, logged in user doesn't have a way to configure per-user settings. Supporting auth proxy only makes sense if most people would have more than 1 users, otherwise one may just disable authentication and use auth proxy and not passing the username to AdGuard Home's web UI.
yegle
on 27 May 2020
Related issues
xiaofengcod
·
3Comments
ammnt
·
3Comments
ameshkov
·
3Comments
ammnt
·
3Comments
ameshkov
·
3Comments
Most helpful comment
Thanks for the workaround! Disabling authentication makes sense if you already have a reverse proxy restricting access.
Now think about it I think supporting auth proxy may not make a lot of sense. From what I can see, logged in user doesn't have a way to configure per-user settings. Supporting auth proxy only makes sense if most people would have more than 1 users, otherwise one may just disable authentication and use auth proxy and not passing the username to AdGuard Home's web UI.