From c9ea3b0b0abc0c4725bdeed408a4d8cb5f748997 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Fri, 6 Dec 2024 22:15:30 +0000
Subject: [PATCH] Add a README

---
 README.md | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..9cb3f07
--- /dev/null
+++ b/README.md
@@ -0,0 +1,38 @@
+Small server for the
+[ngx_http_auth_request](https://nginx.org/en/docs/http/ngx_http_auth_request_module.html)
+NGINX module: authenticates users based on a static password file.
+
+The tool supports both Basic authentication (username and password)
+and "bearer token" authentication where a single secret API key is
+used.
+
+The password file must be JSON-encoded as a list of users, each with
+the following attributes:
+
+* *name* - username
+* *password* - encrypted password
+* *api_tokens* (optional) - list of API secret tokens for bearer
+  authentication
+
+The Debian package installs a NGINX configuration snippet that should
+be included in your virtual host configuration. The hard-coded
+location for the http_auth_request module is */__auth*. An example
+configuration that protects an API at localhost:1234 would look
+something like the following:
+
+```
+server {
+  listen 443 ssl;
+  server_name my.server;
+  ssl_certificate ...;
+  ssl_certificate_key ...;
+
+  include /etc/nginx/snippets/ula_auth.snippet;
+
+  location / {
+    auth_request /__auth;
+    include /etc/nginx/proxy_params;
+    proxy_pass http://localhost:1234;
+  }
+}
+```
-- 
GitLab