- Server Access (where Chaos Genius is running) to install these:
- Docker
- nginx
- A (sub-)domain name to host Chaos Genius and Vouch proxy with HTTPS. The domain's A record should point to the above server.
- Google API Client ID and Client Secret
Clone this repository:
git clone https://github.com/chaos-genius/chaosgenius-vouch-proxy.git
- Obtain Google API client ID and client secret from here: https://console.cloud.google.com/apis/credentials
- Open
config/config.yml
and replace the following:TODO_YOUR_DOMAIN
: the domain name of email addresses that need to be allowed access. Anyone with an email address in this domain will be able to access Chaos Genius. To only allow a fixed set of emails, add whitelisted ids in thewhiteList
option undervouch
.TODO_CLIENT_ID
andTODO_CLIENT_SECRET
: the credentials obtained in step 1.TODO_YOUR_SUB_DOMAIN
: the subdomain where Chaos Genius and Vouch Proxy will be set up (same as Pre-requisites step 2).
- Change the redirect URI in the google console (found in credentials tab) to the first value in
callback_urls
(after replacingTODO_YOUR_SUB_DOMAIN
) - Start vouch proxy:
./start.sh
- Ensure that it started successfully by checking the logs:
docker logs vouch-proxy
- Open
nginx/site
and replace the following:TODO_YOUR_SUB_DOMAIN
: same as pre-requisites step 2.
- Copy
nginx/site
to/etc/nginx/sites-available/TODO_YOUR_SUB_DOMAIN
and symlink it to/etc/nginx/sites-enabled/TODO_YOUR_SUB_DOMAIN
- Setup SSL/TLS with Certbot
- Install certbot. On Debian or Ubuntu, use
sudo apt install certbot python3-certbot-nginx
- Run certbot:
sudo certbot
- Select the correct subdomain and follow the prompts.
- Install certbot. On Debian or Ubuntu, use
- Check nginx config:
sudo nginx -t
- Restart nginx:
sudo systemctl restart nginx
Visit https://TODO_YOUR_SUB_DOMAIN
. You should see a Google sign-in prompt with only TODO_YOUR_DOMAIN
emails allowed. Sign-in to access Chaos Genius.