docs: add readme and example docker compose

2025-10-28 04:35:40 +00:00 · 2025-01-19 16:34:16 +02:00
parent edf703b720
commit fd2e7d847a
19 changed files with 73 additions and 17 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,5 @@
 # dist
-internal/assets/dist
+internal/assets/dist
 # binaries
 tinyauth
--- a/README.md
+++ b/README.md
@@ -0,0 +1,58 @@
 # Tinyauth - The easiest way to secure your traefik apps with a login screen
 Tinyauth is an extremely simple traefik forward auth proxy that adds a login screen to all of your apps that are using the traefik reverse proxy. Tinyauth is configurable through environment variables and it is only 20MB in size.
 ## Screenshots
 Talk is cheap, here are some screenshots:
 |                                         |                                           |
 | --------------------------------------- | ----------------------------------------- |
 | ![Login](./screenshots/login.png)       | ![Logout](./screenshots/logout.png)       |
 | ![Continue](./screenshots/continue.png) | ![Not Found](./screenshots/not-found.png) |
 ## Getting started
 Tinyauth is extremely easy to run since it's shipped as a docker container. I chose to bundle it with busybox so as you can easily debug the API (e.g. using curl) and have some simple linux tools. If you want to get started with an example just check the example docker compose file [here](./docker-compose.example.yml)
 ## Environment variables
 Tinyauth accepts the following environment variables:
 | Name       | Description                                             | Default | Required |
 | ---------- | ------------------------------------------------------- | ------- | -------- |
 | `PORT`     | The port the API listens on.                            | 3000    | no       |
 | `ADDRESS`  | The address the API binds on.                           | 0.0.0.0 | no       |
 | `SECRET`   | A 32 character long string used for the sessions.       | -       | yes      |
 | `ROOT_URL` | The base URL of your domain. (e.g. https://example.com) | -       | yes      |
 | `APP_URL`  | The Tinyauth URL. (e.g. https://tinyauth.example.com)   | -       | yes      |
 | `USERS`    | Comma seperated list of `user:bcrypt-password-hash`.    | -       | yes      |
 ## FAQ
 ### Why?
 Why make this project? Well we all know that more powerful alternatives like authentik and authelia exist but when I tried to use them I felt overwhelmed with all the configration options and environment variables I had to configure in order for them to work, so, I decided to make a small alternative in Go to both test my skills and cover my simple login screen needs.
 ## Is this secure?
 Probably, the sessions are managed with the gin sessions package so it should be very secure. It is definitely not made for production but it could easily serve as a simple login screen to all of your homelab apps.
 ## Do I need to login every time?
 No, when you login tinyauth sets a `tinyauth` cookie in your browser that applies to all of the subdomains of the root URL you set.
 ## License
 Tinyauth is licensed under the GNU General Public License v3.0. TL;DR — You may copy, distribute and modify the software as long as you track changes/dates in source files. Any modifications to or software including (via compiler) GPL-licensed code must also be made available under the GPL along with build & install instructions.
 ## Contributing
 Any contributions to the codebase are welcome! I am not a cybersecurity person so my code may have some vulnerability, if you find something that could be used to exploit and bypass tinyauth please tell me as soon as possible so I can fix it.
 ## Acknowledgements
 Credits for the logo go to:
 - Freepik for providing the hat and police badge.
 - Renee French for making the gopher logo.
--- a/assets/logo.xcf
+++ b/assets/logo.xcf
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -62,7 +62,7 @@ func HandleError(err error, msg string) {
 func init() {
 	viper.AutomaticEnv()
-	rootCmd.Flags().IntP("port", "p", 8080, "Port to run the server on.")
+	rootCmd.Flags().IntP("port", "p", 3000, "Port to run the server on.")
 	rootCmd.Flags().String("address", "0.0.0.0", "Address to bind the server to.")
 	rootCmd.Flags().String("secret", "", "Secret to use for the cookie.")
 	rootCmd.Flags().String("root-url", "", "Root URL of traefik.")
--- a/docker-compose.example.yml
+++ b/docker-compose.example.yml
@@ -5,7 +5,6 @@ services:
    command: --api.insecure=true --providers.docker
    ports:
      - 80:80
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
@@ -14,8 +13,6 @@ services:
  nginx:
    container_name: nginx
    image: nginx:latest
    ports:
      - 8000:80
    labels:
      traefik.enable: true
      traefik.http.routers.nginx.rule: Host(`nginx.dev.local`)
@@ -24,18 +21,12 @@ services:
  tinyauth:
    container_name: tinyauth
-    build:
+    image: ghcr.io/steveiliop56/tinyauth:latest
      context: .
      dockerfile: Dockerfile
    ports:
      - 3000:3000
    environment:
-      - PORT=3000
+      - SECRET=some-random-32-chars-string
-      - ADDRESS=0.0.0.0
+      - ROOT_URL=https://example.com
-      - SECRET=ghDaPuDFjvlBuF93zcacFrDiHFHTZhUh
+      - APP_URL=https://tinyauth.example.com
-      - ROOT_URL=http://dev.local
+      - USERS=user:$$2a$$10$$UdLYoJ5lgPsC0RKqYH/jMua7zIn0g9kPqWmhYayJYLaZQ/FTmH2/u (user:password)
      - APP_URL=http://tinyauth.dev.local
      - USERS=user:$$2a$$10$$UdLYoJ5lgPsC0RKqYH/jMua7zIn0g9kPqWmhYayJYLaZQ/FTmH2/u
    labels:
      traefik.enable: true
      traefik.http.routers.tinyauth.rule: Host(`tinyauth.dev.local`)
--- a/screenshots/continue.png
+++ b/screenshots/continue.png
--- a/screenshots/login.png
+++ b/screenshots/login.png
--- a/screenshots/logout.png
+++ b/screenshots/logout.png
--- a/screenshots/not-found.png
+++ b/screenshots/not-found.png
--- a/site/index.html
+++ b/site/index.html
@@ -2,8 +2,11 @@
 <html lang="en">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
    <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
    <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
    <link rel="manifest" href="/site.webmanifest" />
    <title>Tinyauth</title>
  </head>
  <body>
--- a/site/public/.gitkeep
+++ b/site/public/.gitkeep
--- a/site/public/android-chrome-192x192.png
+++ b/site/public/android-chrome-192x192.png
--- a/site/public/android-chrome-512x512.png
+++ b/site/public/android-chrome-512x512.png
--- a/site/public/apple-touch-icon.png
+++ b/site/public/apple-touch-icon.png
--- a/site/public/favicon-16x16.png
+++ b/site/public/favicon-16x16.png
--- a/site/public/favicon-32x32.png
+++ b/site/public/favicon-32x32.png
--- a/site/public/favicon.ico
+++ b/site/public/favicon.ico
--- a/site/public/logo.png
+++ b/site/public/logo.png
--- a/site/public/site.webmanifest
+++ b/site/public/site.webmanifest
@@ -0,0 +1 @@
 {"name":"","short_name":"","icons":[{"src":"/android-chrome-192x192.png","sizes":"192x192","type":"image/png"},{"src":"/android-chrome-512x512.png","sizes":"512x512","type":"image/png"}],"theme_color":"#ffffff","background_color":"#ffffff","display":"standalone"}
		`@@ -0,0 +1 @@`
							`{"name":"","short_name":"","icons":[{"src":"/android-chrome-192x192.png","sizes":"192x192","type":"image/png"},{"src":"/android-chrome-512x512.png","sizes":"512x512","type":"image/png"}],"theme_color":"#ffffff","background_color":"#ffffff","display":"standalone"}`