mirrors/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2025-05-11 02:15:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

docs: update documentation about webauthn passkey

Browse source
This commit is contained in:
Jacky 2024-09-17 08:42:49 +08:00
parent 2f51b5612b
commit 45048315cd
No known key found for this signature in database
GPG key ID: 215C21B10DF38B4D
11 changed files with 736 additions and 301 deletions
Download patch file Download diff file Expand all files Collapse all files

3
docs/.vitepress/config/en.ts
View file

@ -41,7 +41,8 @@ export const enConfig: LocaleSpecificConfig<DefaultTheme.Config> = {
{text: 'Logrotate', link: '/guide/config-logrotate'}, {text: 'Logrotate', link: '/guide/config-logrotate'},
{text: 'Cluster', link: '/guide/config-cluster'}, {text: 'Cluster', link: '/guide/config-cluster'},
{text: 'Auth', link: '/guide/config-auth'}, {text: 'Auth', link: '/guide/config-auth'},
{text: 'Crypto', link: '/guide/config-crypto'} {text: 'Crypto', link: '/guide/config-crypto'},
{text: 'Webauthn', link: '/guide/config-webauthn'}
] ]
}, },
{ {

3
docs/.vitepress/config/zh_CN.ts
View file

@ -46,7 +46,8 @@ export const zhCNConfig: LocaleSpecificConfig<DefaultTheme.Config> = {
{text: 'Logrotate', link: '/zh_CN/guide/config-logrotate'}, {text: 'Logrotate', link: '/zh_CN/guide/config-logrotate'},
{text: '集群', link: '/zh_CN/guide/config-cluster'}, {text: '集群', link: '/zh_CN/guide/config-cluster'},
{text: '认证', link: '/zh_CN/guide/config-auth'}, {text: '认证', link: '/zh_CN/guide/config-auth'},
{text: '加密', link: '/zh_CN/guide/config-crypto'} {text: '加密', link: '/zh_CN/guide/config-crypto'},
{text: 'Webauthn', link: '/zh_CN/guide/config-webauthn'},
] ]
}, },
{ {

3
docs/.vitepress/config/zh_TW.ts
View file

@ -45,7 +45,8 @@ export const zhTWConfig: LocaleSpecificConfig<DefaultTheme.Config> = {
{text: 'Logrotate', link: '/zh_TW/guide/config-logrotate'}, {text: 'Logrotate', link: '/zh_TW/guide/config-logrotate'},
{text: '集群', link: '/zh_TW/guide/config-cluster'}, {text: '集群', link: '/zh_TW/guide/config-cluster'},
{text: '認證', link: '/zh_TW/guide/config-auth'}, {text: '認證', link: '/zh_TW/guide/config-auth'},
{text: '加密', link: '/zh_TW/guide/config-crypto'} {text: '加密', link: '/zh_TW/guide/config-crypto'},
{text: 'Webauthn', link: '/zh_TW/guide/config-webauthn'},
] ]
}, },
{ {

41
docs/guide/config-webauthn.md Normal file
View file

@ -0,0 +1,41 @@
# Webauthn
Webauthn is a web standard for secure authentication. It allows users to log in to websites using biometrics, mobile devices, and FIDO security keys.
Webauthn is a passwordless authentication method that provides a secure and easy-to-use alternative to passwords.
Since `v2.0.0-beta.34`, Nginx UI has supported Webauthn passkey as a login and 2FA method.
## Passkey
Passkeys are webauthn credentials that validate your identity using touch, facial recognition, a device password, or a PIN. They can be used as a password replacement or as a 2FA method.
## Configurations
To ensure security, Webauthn configuration cannot be added through the UI.
Please manually configure the following in the app.ini configuration file and restart Nginx UI.
### RPDisplayName
- Type: `string`
This option is used to set the display name of the relying party (RP) when registering a new credential.
### RPID
- Type: `string`
This option is used to set the ID of the relying party (RP) when registering a new credential.
### RPOrigins
- Type: `[]string`
This option is used to set the origins of the relying party (RP) when registering a new credential.
Afterward, refresh this page and click add passkey again.
Due to the security policies of some browsers, you cannot use passkeys on non-HTTPS websites, except when running on `localhost`.
## Detail
1. **Automatic 2FA with Passkey:**
When you log in using a passkey, all subsequent actions requiring 2FA will automatically use the passkey. This means you wont need to manually click “Authenticate with a passkey” in the 2FA dialog box.
2. **Passkey Deletion:**
If you log in using a passkey and then navigate to Settings > Authentication and delete the current passkey, the passkey will no longer be used for subsequent 2FA challenges during the current session. If Time-based One-Time Password (TOTP) is configured, it will be used instead; if not, 2FA will not be triggered.
3. **Adding a New Passkey:**
If you log in without using a passkey and then add a new passkey via Settings > Authentication, the newly added passkey will be prioritized for all subsequent 2FA actions during the current session.

73
docs/guide/env.md
View file

@ -1,4 +1,5 @@
# Environment Variables # Environment Variables
Applicable for version v2.0.0-beta.23 and above. Applicable for version v2.0.0-beta.23 and above.
## Server ## Server
@ -25,50 +26,58 @@ Applicable for version v2.0.0-beta.23 and above.
## Nginx ## Nginx
| Configuration Setting | Environment Variable | | Configuration Setting | Environment Variable |
| ----------------------------- | ------------------------------------- | |-----------------------|--------------------------------|
| AccessLogPath | NGINX_UI_NGINX_ACCESS_LOG_PATH | | AccessLogPath | NGINX_UI_NGINX_ACCESS_LOG_PATH |
| ErrorLogPath | NGINX_UI_NGINX_ERROR_LOG_PATH | | ErrorLogPath | NGINX_UI_NGINX_ERROR_LOG_PATH |
| ConfigDir | NGINX_UI_NGINX_CONFIG_DIR | | ConfigDir | NGINX_UI_NGINX_CONFIG_DIR |
| PIDPath | NGINX_UI_NGINX_PID_PATH | | PIDPath | NGINX_UI_NGINX_PID_PATH |
| TestConfigCmd | NGINX_UI_NGINX_TEST_CONFIG_CMD | | TestConfigCmd | NGINX_UI_NGINX_TEST_CONFIG_CMD |
| ReloadCmd | NGINX_UI_NGINX_RELOAD_CMD | | ReloadCmd | NGINX_UI_NGINX_RELOAD_CMD |
| RestartCmd | NGINX_UI_NGINX_RESTART_CMD | | RestartCmd | NGINX_UI_NGINX_RESTART_CMD |
## OpenAI ## OpenAI
| Configuration Setting | Environment Variable | | Configuration Setting | Environment Variable |
| ----------------------------- | ------------------------------------- | |-----------------------|--------------------------|
| Model | NGINX_UI_OPENAI_MODEL | | Model | NGINX_UI_OPENAI_MODEL |
| BaseUrl | NGINX_UI_OPENAI_BASE_URL | | BaseUrl | NGINX_UI_OPENAI_BASE_URL |
| Proxy | NGINX_UI_OPENAI_PROXY | | Proxy | NGINX_UI_OPENAI_PROXY |
| Token | NGINX_UI_OPENAI_TOKEN | | Token | NGINX_UI_OPENAI_TOKEN |
## Casdoor ## Casdoor
| Configuration Setting | Environment Variable | | Configuration Setting | Environment Variable |
| ----------------------------- | ------------------------------------- | |-----------------------|--------------------------------|
| Endpoint | NGINX_UI_CASDOOR_ENDPOINT | | Endpoint | NGINX_UI_CASDOOR_ENDPOINT |
| ClientId | NGINX_UI_CASDOOR_CLIENT_ID | | ClientId | NGINX_UI_CASDOOR_CLIENT_ID |
| ClientSecret | NGINX_UI_CASDOOR_CLIENT_SECRET | | ClientSecret | NGINX_UI_CASDOOR_CLIENT_SECRET |
| Certificate | NGINX_UI_CASDOOR_CERTIFICATE | | Certificate | NGINX_UI_CASDOOR_CERTIFICATE |
| Organization | NGINX_UI_CASDOOR_ORGANIZATION | | Organization | NGINX_UI_CASDOOR_ORGANIZATION |
| Application | NGINX_UI_CASDOOR_APPLICATION | | Application | NGINX_UI_CASDOOR_APPLICATION |
| RedirectUri | NGINX_UI_CASDOOR_REDIRECT_URI | | RedirectUri | NGINX_UI_CASDOOR_REDIRECT_URI |
## Logrotate ## Logrotate
| Configuration Setting | Environment Variable | | Configuration Setting | Environment Variable |
| ----------------------------- | ------------------------------------- | |-----------------------|-----------------------------|
| Enabled | NGINX_UI_LOGROTATE_ENABLED | | Enabled | NGINX_UI_LOGROTATE_ENABLED |
| CMD | NGINX_UI_LOGROTATE_CMD | | CMD | NGINX_UI_LOGROTATE_CMD |
| Interval | NGINX_UI_LOGROTATE_INTERVAL | | Interval | NGINX_UI_LOGROTATE_INTERVAL |
## Auth ## Auth
| Configuration Setting | Environment Variable | | Configuration Setting | Environment Variable |
|-----------------------|-----------------------------| |-----------------------|---------------------------|
| IPWhiteList | NGINX_UI_AUTH_IPWhiteList | | IPWhiteList | NGINX_UI_AUTH_IPWhiteList |
## Webauthn
| Configuration Setting | Environment Variable |
|-----------------------|-----------------------------------|
| RPDisplayName | NGINX_UI_WEBAUTHN_RP_DISPLAY_NAME |
| RPID | NGINX_UI_WEBAUTHN_RPID |
| RPOrigins | NGINX_UI_WEBAUTHN_RP_ORIGINS |
## Predefined User ## Predefined User

6
docs/package.json
View file

@ -7,11 +7,11 @@
"docs:preview": "vitepress preview" "docs:preview": "vitepress preview"
}, },
"dependencies": { "dependencies": {
"vitepress": "^1.3.1", "vitepress": "^1.3.4",
"vue": "^3.4.33" "vue": "^3.5.6"
}, },
"devDependencies": { "devDependencies": {
"@types/node": "^20.14.11", "@types/node": "^20.16.5",
"less": "^4.2.0" "less": "^4.2.0"
}, },
"license": "AGPL-3.0", "license": "AGPL-3.0",

784
docs/pnpm-lock.yaml generated
View file

File diff suppressed because it is too large Load diff

53
docs/zh_CN/guide/config-webauthn.md Normal file
View file

@ -0,0 +1,53 @@
# Webauthn
Webauthn 是一种用于安全身份验证的网络标准。它允许用户使用生物识别、移动设备和 FIDO 安全密钥登录网站。
Webauthn 是一种无密码的身份验证方法,提供了比传统密码更安全、易用的替代方案。
`v2.0.0-beta.34` 版本开始Nginx UI 支持将 Webauthn Passkey 作为登录和双因素认证2FA方法。
## Passkey
Passkey 是使用触摸、面部识别、设备密码或 PIN 验证您身份的 Webauthn 凭证。它们可用作密码替代品或作为 2FA 方法。
## 配置
为确保安全性,不能通过 UI 添加 Webauthn 配置。
请在 app.ini 配置文件中手动添加以下内容,并重新启动 Nginx UI。
### RPDisplayName
- 类型:`string`
用于在注册新凭证时设置依赖方RP的显示名称。
### RPID
- 类型:`string`
用于在注册新凭证时设置依赖方RP的 ID。
### RPOrigins
- 类型:`[]string`
用于在注册新凭证时设置依赖方RP的来源origins
完成后,刷新此页面并再次点击添加 Passkey。
由于某些浏览器的安全策略,除非在 `localhost` 上运行,否则无法在非 HTTPS 网站上使用 Passkey。
## 详细说明
1. **使用 Passkey 的自动 2FA**
当您使用 Passkey 登录时,所有后续需要 2FA 的操作将自动使用 Passkey。这意味着您无需在 2FA 对话框中手动点击 “通过 Passkey 进行认证”。
2. **删除 Passkey**
如果您使用 Passkey 登录后,前往“设置 > 认证”并删除当前的 Passkey那么在当前会话中Passkey 将不再用于后续的 2FA 验证。如果已配置基于时间的一次性密码TOTP则将改为使用它如果未配置则将关闭 2FA。
3. **添加新 Passkey**
如果您在未使用 Passkey 的情况下登录,然后通过 “设置 > 认证” 添加新的 Passkey那么在当前会话中新增的 Passkey 将优先用于后续所有的 2FA 验证。

9
docs/zh_CN/guide/env.md
View file

@ -70,6 +70,15 @@
|-----------------------|-----------------------------| |-----------------------|-----------------------------|
| IPWhiteList | NGINX_UI_AUTH_IPWhiteList | | IPWhiteList | NGINX_UI_AUTH_IPWhiteList |
## Webauthn
| Configuration Setting | Environment Variable |
|-----------------------|-----------------------------------|
| RPDisplayName | NGINX_UI_WEBAUTHN_RP_DISPLAY_NAME |
| RPID | NGINX_UI_WEBAUTHN_RPID |
| RPOrigins | NGINX_UI_WEBAUTHN_RP_ORIGINS |
## 预定义用户 ## 预定义用户
在跳过安装模式下,您可以设置以下环境变量以创建预定义用户: 在跳过安装模式下,您可以设置以下环境变量以创建预定义用户:

53
docs/zh_TW/guide/config-webauthn.md Normal file
View file

@ -0,0 +1,53 @@
# Webauthn
Webauthn 是一種用於安全身份驗證的網路標準。它允許使用者使用生物識別、行動裝置和 FIDO 安全金鑰登入網站。
Webauthn 是一種無密碼的身份驗證方法,提供了比傳統密碼更安全、易用的替代方案。
`v2.0.0-beta.34` 版本開始Nginx UI 支援將 Webauthn Passkey 作為登入和雙因素認證2FA方法。
## Passkey
Passkey 是使用觸控、面部識別、裝置密碼或 PIN 驗證您身份的 Webauthn 憑證。它們可用作密碼替代品或作為 2FA 方法。
## 配置
為確保安全性,不能透過 UI 添加 Webauthn 配置。
請在 app.ini 配置檔中手動添加以下內容,並重新啟動 Nginx UI。
### RPDDisplayName
- 類型:`string`
用於在註冊新憑證時設定依賴方RP的顯示名稱。
### RPDID
- 類型:`string`
用於在註冊新憑證時設定依賴方RP的 ID。
### RPOrigins
- 類型:`[]string`
用於在註冊新憑證時設定依賴方RP的來源origins
完成後,刷新此頁面並再次點擊添加 Passkey。
由於某些瀏覽器的安全策略,除非在 `localhost` 上運行,否則無法在非 HTTPS 網站上使用 Passkey。
## 詳細說明
1. **使用 Passkey 的自動 2FA**
當您使用 Passkey 登入時,所有後續需要 2FA 的操作將自動使用 Passkey。這意味著您無需在 2FA 對話框中手動點擊「通過 Passkey 進行認證」。
2. **刪除 Passkey**
如果您使用 Passkey 登入後,前往「設定 > 認證」並刪除當前的 Passkey那麼在當前會話中Passkey 將不再用於後續的 2FA 驗證。如果已配置基於時間的一次性密碼TOTP則將改為使用它如果未配置則將關閉 2FA。
3. **添加新 Passkey**
如果您在未使用 Passkey 的情況下登入,然後透過「設定 > 認證」添加新的 Passkey那麼在當前會話中新增的 Passkey 將優先用於後續所有的 2FA 驗證。

9
docs/zh_TW/guide/env.md
View file

@ -70,6 +70,15 @@
|-----------------------|-----------------------------| |-----------------------|-----------------------------|
| IPWhiteList | NGINX_UI_AUTH_IPWhiteList | | IPWhiteList | NGINX_UI_AUTH_IPWhiteList |
## Webauthn
| Configuration Setting | Environment Variable |
|-----------------------|-----------------------------------|
| RPDisplayName | NGINX_UI_WEBAUTHN_RP_DISPLAY_NAME |
| RPID | NGINX_UI_WEBAUTHN_RPID |
| RPOrigins | NGINX_UI_WEBAUTHN_RP_ORIGINS |
## 預定義使用者 ## 預定義使用者
在跳過安裝模式下,您可以設置以下環境變量以創建預定義使用者: 在跳過安裝模式下,您可以設置以下環境變量以創建預定義使用者: