BASIC認証かけるみたいに簡単にGoogle認証を追加できた
公式サイト
https://www.mod-auth-openidc.org/
インストール
apt install libapache2-mod-auth-openidc
設定 /etc/apache2/mods-enabled/auth_openidc.conf
OIDCRedirectURI https://hoge.example.jp/oidc/redirect_uri
OIDCCryptoPassphrase hogehoge-foobar
OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration
OIDCScope "openid email"
OIDCClientID xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
OIDCClientSecret XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
リバースプロキシ的に使う例
/adminかつ、プライベートIP以外の場合はGoogle認証で hogehoge@gmail.com のみ許可
<VirtualHost *:443>
ServerName hoge.example.jp
<Location />
Require all granted
</Location>
<Location /oidc/>
AuthType openid-connect
Require valid-user
</Location>
<Location /admin>
AuthType openid-connect
Require claim email:hogehoge@gmail.com
Require ip 192.168.0.0/24
</Location>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/ keepalive=On
RequestHeader set X-Forwarded-Proto "https"
RequestHeader unset X-Forwarded-For
RequestHeader unset X-Forwarded-Server
RequestHeader unset X-Forwarded-Host
# SSL設定等が続く
...
</VirtualHost>