added full example

README.md

@@ -26,25 +26,24 @@
 
 ### Docker Compose
 
-_Full example soon._
-
 ```yaml
-  auth:
-    image: marvinjwendt/traefik-guardian
+  traefik-guardian: # Your traefik-guardian service
+    image: marvinjwendt/traefik-guardian:latest
     environment:
-      - AUTH_HOST=auth.example.com
-      - PASSWORDS=plaintext:test1234|test1337
-      # - PASSWORDS=bcrypt:$$2a$$12$$/n4Bb2g0YsW6rL9d0f2VquHkhl.iSaV88FOGiu5FEYXCEPW2Sl9yy|$$2a$$12$$UoUJQcz5W5wm9A98N4GC7.X.7x398zMl6Y/T5Vjycc.gel/xBzSGm
+      - AUTH_HOST=auth.test.localhost # Replace with your auth host (e.g.: auth.example.com).
+      - PASSWORDS=plaintext:test1234|test1337 # Replace with your passwords. See the docs for more info at: https://github.com/MarvinJWendt/traefik-guardian#password-management
     networks:
-      - proxy # your traefik network
+      - proxy
     labels:
       - traefik.enable=true
-      - traefik.docker.network=proxy # your traefik proxy
+      - traefik.docker.network=proxy
       - traefik.http.routers.auth.entrypoints=web
-      - traefik.http.routers.auth.rule=Host(`auth.example.com`) || Path(`/traefik-guardian-session-share`)
-      - traefik.http.middlewares.traefik-guardian.forwardauth.address=http://auth/check # Make sure the domain is the service name
+      - traefik.http.routers.auth.rule=Host(`auth.test.localhost`) || Path(`/traefik-guardian-session-share`) # Replace auth.test.localhost with your auth host defined above.
+      - traefik.http.middlewares.traefik-guardian.forwardauth.address=http://traefik-guardian/auth
 ```
 
+You can find a full example, including Traefik and a demo service, here: [_examples/full](./_examples/full)
+
 ## Configuration
 
 > Environment variables are used to configure Traefik Guardian.
@@ -74,8 +73,6 @@ Example: `plaintext:pass1|pass2|pass3`
 | `md5`       | You can use [Cyber Chef](https://gchq.github.io/CyberChef/#recipe=MD5()) to generate your md5 hash.                                                               |
 | `sha512`    | You can use [Cyber Chef](https://gchq.github.io/CyberChef/#recipe=SHA2('512',64,1)) to generate your md5 hash.                                                    |
 
-more to come...
-
 ## Authorization via Header
 
 > You can authorize requests by passing a password in a header, to make guarded API connections possible.

_examples/full/README.md

@@ -0,0 +1,51 @@
+# Full example of using Traefik Guardian
+
+This is an example `docker-compose.yml` that uses Traefik Guardian to protect a service (`whoami`) that is behind the Traefik reverse proxy.
+
+```yaml
+version: '3'
+
+services:
+  traefik: # Your traefik service
+    image: "traefik:latest"
+    container_name: "traefik"
+    networks:
+      - proxy
+    command:
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+    ports:
+      - "80:80"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+  traefik-guardian: # Your traefik-guardian service
+    image: marvinjwendt/traefik-guardian:latest
+    environment:
+      - AUTH_HOST=auth.test.localhost # Replace with your auth host (e.g.: auth.example.com).
+      - PASSWORDS=plaintext:test1234|test1337 # Replace with your passwords. See the docs for more info at: https://github.com/MarvinJWendt/traefik-guardian#password-management
+    networks:
+      - proxy
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=proxy
+      - traefik.http.routers.auth.entrypoints=web
+      - traefik.http.routers.auth.rule=Host(`auth.test.localhost`) || Path(`/traefik-guardian-session-share`) # Replace auth.test.localhost with your auth host defined above.
+      - traefik.http.middlewares.traefik-guardian.forwardauth.address=http://traefik-guardian/auth
+
+  whoami: # A demo whoami service that is protected with traefik-guaridan
+    image: containous/whoami
+    container_name: "whoami"
+    networks:
+      - proxy
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=proxy
+      - traefik.http.routers.whoami.entrypoints=web
+      - traefik.http.routers.whoami.rule=Host(`whoami.test.localhost`)
+      - traefik.http.routers.whoami.middlewares=traefik-guardian # Add this to services that you want to guard
+
+networks:
+  proxy:
+```

_examples/full/docker-compose.yml

@@ -0,0 +1,45 @@
+version: '3'
+
+services:
+  traefik: # Your traefik service
+    image: "traefik:latest"
+    container_name: "traefik"
+    networks:
+      - proxy
+    command:
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+    ports:
+      - "80:80"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+  traefik-guardian: # Your traefik-guardian service
+    image: marvinjwendt/traefik-guardian:latest
+    environment:
+      - AUTH_HOST=auth.test.localhost # Replace with your auth host (e.g.: auth.example.com).
+      - PASSWORDS=plaintext:test1234|test1337 # Replace with your passwords. See the docs for more info at: https://github.com/MarvinJWendt/traefik-guardian#password-management
+    networks:
+      - proxy
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=proxy
+      - traefik.http.routers.auth.entrypoints=web
+      - traefik.http.routers.auth.rule=Host(`auth.test.localhost`) || Path(`/traefik-guardian-session-share`) # Replace auth.test.localhost with your auth host defined above.
+      - traefik.http.middlewares.traefik-guardian.forwardauth.address=http://traefik-guardian/auth
+
+  whoami: # A demo whoami service that is protected with traefik-guaridan
+    image: containous/whoami
+    container_name: "whoami"
+    networks:
+      - proxy
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=proxy
+      - traefik.http.routers.whoami.entrypoints=web
+      - traefik.http.routers.whoami.rule=Host(`whoami.test.localhost`)
+      - traefik.http.routers.whoami.middlewares=traefik-guardian # Add this to services that you want to guard
+
+networks:
+  proxy:

docker-compose.yml

@@ -7,7 +7,7 @@ services:
     networks:
       - proxy
     command:
-      # - "--log.level=DEBUG"
+      - "--log.level=DEBUG"
       - "--api.insecure=true"
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
@@ -18,22 +18,22 @@ services:
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
 
-  auth:
+  traefik-guardian:
     build:
-        context: .
+      context: .
     environment:
+      - DEBUG=true
       - AUTH_HOST=auth.test.localhost
       - PASSWORDS=plaintext:test1234|test1337
       # - PASSWORDS=bcrypt:$$2a$$12$$/n4Bb2g0YsW6rL9d0f2VquHkhl.iSaV88FOGiu5FEYXCEPW2Sl9yy|$$2a$$12$$UoUJQcz5W5wm9A98N4GC7.X.7x398zMl6Y/T5Vjycc.gel/xBzSGm
-      - DEBUG=true
     networks:
       - proxy
     labels:
       - traefik.enable=true
       - traefik.docker.network=proxy
       - traefik.http.routers.auth.rule=Host(`auth.test.localhost`) || Path(`/traefik-guardian-session-share`)
       - traefik.http.routers.auth.entrypoints=web
-      - traefik.http.middlewares.traefik-guardian.forwardauth.address=http://auth/check
+      - traefik.http.middlewares.traefik-guardian.forwardauth.address=http://traefik-guardian/auth
 
   whoami:
     image: containous/whoami

src/cmd/app.go

@@ -76,7 +76,7 @@ func main() {
 	app.Post("/login", handlers.LoginAPI(store))
 	app.Get("/logout", handlers.LogoutRoute(store))
 	app.Get("/traefik-guardian-session-share", handlers.SessionShareRoute())
-	app.Get("/check", handlers.CheckRoute(store))
+	app.Get("/auth", handlers.CheckRoute(store))
 
 	logrus.Debug("registering static file server for assets")
 	app.Static("/assets", "./html/assets")