Authentication proxy for Acrobits application.
This application acts as a middleware to authenticate users. It validates incoming POST requests containing a username, password, and a shared secret token. If the token matches the configured secret, it attempts to authenticate the user against a remote service.
Authentication Endpoint: POST to root path /
Each request must be a POST request containing a JSON object with the following fields:
usernamepasswordtoken: it's a SHA256 hash, it must be the same passed to the application at startup
Examples:
# HTTP (redirects to HTTPS)
curl -d '{"username": "myuser@demo.example.com", "password": "mypass", "token": "11223344"}' \
http://localhost:8080
# HTTPS with self-signed certificate
curl -k -d '{"username": "myuser@demo.example.com", "password": "mypass", "token": "11223344"}' \
https://localhost:8443
# HTTPS production example
curl -d '{"username": "myuser@demo.example.com", "password": "mypass", "token": "11223344"}' \
https://ctiapp-authproxy.example.comHealth Check: GET /index.php/healthcheck
curl http://localhost:8080/index.php/healthcheck
curl -k https://localhost:8443/index.php/healthcheck
curl https://ctiapp-authproxy.example.com/index.php/healthcheckThe application is configured using environment variables. You can create a
.env file based on .env.example.
| Variable | Description | Default / Example |
|---|---|---|
APP_HOSTNAME |
The hostname where the application is reachable. | app.example.com |
TOKEN |
A shared secret token (SHA256 hash) used to validate requests. | your_token_here |
DEBUG |
Enable debug logging. | false |
VALIDATE_LK_URL |
URL used to validate the license key/token. | https://example.com/validate |
This project uses just as a command runner to simplify development tasks.
justinstalled (see just installation guide)podmanpodman-composepodletinstalled (see podlet installation guide)git
-
Start Development Environment:
just dev-start
Starts the application and Traefik reverse proxy in the background.
-
Stop Development Environment:
just dev-stop
Stops and removes the running containers.
-
View Logs:
just dev-logs
Follows the logs of the application and Traefik.
-
Rebuild and Restart:
just dev-rebuild
Rebuilds the container images without cache and restarts the environment.
-
Run Checks:
just check
Runs configuration and dependency checks.
Deployment is automated using Ansible and Podman Quadlet, targeting Rocky Linux systems.
ansibleinstalled on the deployment machine.ansible-lint(optional)- SSH access to the target Rocky Linux server.
- Configure settings Ensure the
.envfile is properly set up with your desired configuration. - Run Deployment:
This command executes the
just deploy
deploy/deploy.ymlplaybook which:- Host Setup: Prepares the Rocky Linux host (updates packages, installs Podman).
- App Deploy: Deploys the application using Podman Quadlet files located in the
quadlet/directory.
- Verify Deployment:
After deployment, the service runs as a systemd user service.
- Check status:
systemctl --user status app.service - View logs:
journalctl --user -u app.service -f
- Check status:
The deployment includes an automatic update mechanism for the application containers using Podman's auto-update feature.
- Configuration: The
app.containeris configured withAutoUpdate=registry, which means Podman will check the container registry for newer images. - Timer: A systemd timer (
podman-auto-update.timer) is enabled for the application user. It triggers the update check daily (or as configured). - Process: When the timer fires, Podman checks if a new image is available in the registry. If an update is found, Podman pulls the new image and restarts the container automatically.
- Manual Trigger: You can manually trigger an update check by running as
the application user:
podman auto-update