phlox ===== a simple, authenticated reverse-proxy server. this is intended for simple use cases, like if you have a weird little web app that may have some security concerns that you'd still like to be able to access on the public internet. configuration ------------- phlox uses a json file for configuration. a config file should contain an object with the following keys: * `ListenAddress`: a string containing the address to bind the server on * `AssetDirectory`: a path to a directory containing various assets, described in more detail below * `LoginTimeout`: the time in seconds that a user can be idle before being logged out * `Users`: an array of objects, which should be generated by calling phlox with the `--passwd` flag * `Endpoints`: an array of objects defining a reverse-proxy endpoint. they should contain: * `Path`: the path to access the proxied resource * `Address`: the remote address of the proxied resource ### assets files under the `AssetDirectory` will be accessible at `/phlox/asset/`. you should be careful: if `AssetDirectory` is an empty string, then phlox's current working directory will be served! if you want *nothing* to be accessible, set it to `/dev/null` or similar. some files in this directory are treated specially, if they exist: * `login.html` will replace the default `/phlox/login` page. it should contain a form that POSTs a username and password field to `/phlox/login` or you will probably break things. * `logged_in.html` will replace the default `/phlox/login` page for users who are logged in. * `404.html` will replace the default 404 error page * `500.html` will replace the default 500 error page if you load any assets on these pages, they should be loaded from `/phlox/asset/` and NOT via relative paths, because they won't work otherwise (and indeed that's the whole point of `/phlox/asset/`). organization ------------ ``` |-- README.md this file |-- main.go the program entry point |-- login.go login & logout http handler logic |-- proxy.go proxy http handler code |-- auth/ | |-- auth.go password handling & hashing | |-- session.go session creation & management (inc. a fake in-memory session db) |-- config/ | |-- config.go config structures & loading |-- page/ |-- page.go page loading from AssetDirectory and container structure |-- default.go definitions for the default pages when AssetDirectory ones are unavailable ```