Download the PHP package macfly/yii2-webserver-auth without Composer
On this page you can find all versions of the php package macfly/yii2-webserver-auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download macfly/yii2-webserver-auth
More information about macfly/yii2-webserver-auth
Files in macfly/yii2-webserver-auth
Package yii2-webserver-auth
Short Description Module for Yii framwork to enable Nginx authentification
License BSD-3-Clause
Homepage https://github.com/marty-macfly/yii2-webserver-auth
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package yii2-webserver-auth
yii2-webserver-auth
The module allow you to restrict access to any website behind an Nginx or htaccess file can do.
Some useful usage:
- Shared login and password on multiple web-server (you don't need to update the htaccess every where to update a password), it's can be directly done on your Yii site.
- If the site behind HTTPD or Nginx is not in HTTPS, authentication is based on access Token (by default), if your token life is not too long and random it can be acceptable for a security purpose (it's always good to use ssl).
- On Nginx you've got the Single Sign-On feature, if you're already logged on your Yii website, you won't see any login page (only work if all the sites are sharing the parent domain for cookie access).
- Permission management a same account can have different access to different web-site, can access to site1 and not to site2.
Test
There is a complete docker-compose example for Apache HTTPD and Nginx in the example directory, just do :
The yii site is just the yii basic template with the extension installed
You can access the following components:
- Yii: http://127.0.0.1:8080
- Nginx: http://127.0.0.1:8888
- Httpd: http://127.0.0.1:8889
There is 2 users :
- admin/admin => acess token: 100-token
- demo/demo => acess token: 101-token
The login and password is used only for SSO on Nginx when you're redirect to http://127.0.0.1:8080/site/login.
If you're directly prompt by your browser for login and password you should use login: x-sso-token (name define in the module configuration for token_name) and the access token has the password (for admin user 100-token).
Yii setup
Installation
The preferred way to install this extension is through composer.
Either run
or add
to the require section of your composer.json file.
Configure
Configure config/web.php as follows
The module bootstrap will attached on user component handler macfly\yii\webserver\events\NginxAuthEvent->setTokenCookie on afterLogin and macfly\yii\webserver\events\NginxAuthEvent->unsetTokenCookie on afterLogout.
Nginx setup
Installation
You need to have Nginx Auth Request Module installed ngx_http_auth_request_module
- On Debian the module is provide in
nginx-extrasso to install you just need to do :
Configure
You need to update the configuration of your Nginx for the site you want to restrict be adding the following elements :
You'll find in the example/nginx/ directory a more advanced configuration.
Usage
From a browser
When you will go to http://www.website.com, if you don't have the cookie defined by token_name (default: x-sso-token) or the identityCookie, you browser will be redirect to http://yii.website.com/site/login. After login you can go again to http://www.website.com and you will get acces to site (if your user has got the right permission).
From a cli
You can also do authentication with cli tool, like wget or curl, in that case you can use two methods:
- Provide the access token via HTTP Bearer Tokens:
With an invalid token:
If you don't have permission to access the location (only in sso mode, if you're testing with no-sso return code will be 401):
- Provide the access token has a login/password, the access token is sent as the username:
Apache Httpd setup
Installation
You need to install and enable the module mod_authnz_external.
- On Debian the module is provide in
libapache2-mod-authnz-externalso to install you just need to do :
Because we're using a shell script to do the request you also need to install curl.
You need to put the script apache-auth.sh, on your server which will launch the proper curl command :
Configure
You need to update the configuration of your Httpd server for the site you want to restrict be adding the following elements :
You'll find in the example/httpd/ directory a more advanced configuration.
From a cli
You can also do authentication with cli tool, like wget or curl, in that case you can use following method:
- Provide the access token has a login/password, the access token is sent as the username:
With an invalid token:
