Reverse proxy header authentication
Cloudbeaver supports authorization and authentication with reverse proxy headers. This option authenticates the user in Cloudbeaver via a HTTP header field.
To enable this feature, you need to
-
add an application parameter supportsReverseProxyAuth: true to your server configuration:
app: { ... anonymousAccessEnabled: false, anonymousUserRole: "user", supportsReverseProxyAuth: true, ... } -
Set up your NGINX configuration to send special header fields to your Cloudbeaver app.
The default values for the HTTP header fields are:
- Header User Name:
X-User; - Header Role Name:
X-Role.
Default roles for user in Cloudbeaver are "user" and "admin". Delimeter for roles is "|".
For example, if you are a user with username "newuser" and your roles are "user" and "admin" and you want to open an app with enabled reverse proxy header auth, you need to set these HTTP headers when you send a request to your CB app:
X-User: newuser
X-Role: user|admin
- Application overview
- Demo Server
- Administration
- Supported databases
- Accessibility
- Keyboard shortcuts
- Features
- Server configuration
- CloudBeaver and Nginx
-
Domain manager
- Configuring HTTPS for Jetty server
- Product configuration parameters
- Command line parameters
- Local Preferences
-
Team Edition Overview
-
Getting started with Team Edition
-
Team Edition Server Configuration
-
Projects in Team Edition
-
Teams in Team Edition
- Team Edition Deployment
-
Roles in Team Edition
-
Git integration in Team Edition
-
Datasets in Team Edition
-
CloudBeaver Community
-
CloudBeaver AWS
-
CloudBeaver Enterprise
-
Deployment options
-
Development