Spaces:

darkfire514
/

VPS_Linux

Running

App Files Files Community

darkfire514 commited on 6 days ago

Commit

6af0519

verified ·

1 Parent(s): cf4f9f7

Upload 2 files

Browse files

Files changed (2) hide show

oauth2-proxy.cfg +4 -3
start.sh +16 -6

oauth2-proxy.cfg CHANGED Viewed

@@ -4,11 +4,9 @@
 http_address = "127.0.0.1:4180"
 # Email Domains
-# We restrict access using authenticated_emails_file, so email_domains can be "*"
 email_domains = ["*"]
 # Authenticated Emails File
-# Only emails listed in this file will be allowed to login
 authenticated_emails_file = "/etc/oauth2-proxy/authenticated_emails.txt"
 # Cookie Settings
@@ -22,11 +20,14 @@ cookie_expire = "168h"
 provider = "github"
 # Upstreams
 upstreams = [
-    "http://127.0.0.1:4180/static"
 ]
 # Logging
 request_logging = true
 auth_logging = true
 standard_logging = true

 http_address = "127.0.0.1:4180"
 # Email Domains
 email_domains = ["*"]
 # Authenticated Emails File
 authenticated_emails_file = "/etc/oauth2-proxy/authenticated_emails.txt"
 # Cookie Settings
 provider = "github"
 # Upstreams
+# Point to ttyd, although Nginx handles the actual proxying
+# This prevents startup errors if no upstream is defined
 upstreams = [
+    "http://127.0.0.1:7681"
 ]
 # Logging
 request_logging = true
 auth_logging = true
 standard_logging = true
+show_debug_on_error = true

start.sh CHANGED Viewed

@@ -1,5 +1,8 @@
 #!/bin/bash
 # 确保必要的环境变量已设置
 if [ -z "$OAUTH2_PROXY_CLIENT_ID" ] || [ "$OAUTH2_PROXY_CLIENT_ID" == "your_client_id" ]; then
     echo "Error: OAUTH2_PROXY_CLIENT_ID is not set in Hugging Face Secrets!"
@@ -16,15 +19,12 @@ if [ -z "$OAUTH2_PROXY_COOKIE_SECRET" ]; then
 fi
 # 生成白名单文件
-# 我们从环境变量 ALLOWED_USERS 中读取邮箱列表（逗号分隔）
-# 并将其写入 oauth2-proxy 期望的文件格式（每行一个邮箱）
 mkdir -p /etc/oauth2-proxy
 if [ -n "$ALLOWED_USERS" ]; then
     echo "Generating allowed users list..."
     echo "$ALLOWED_USERS" | tr ',' '\n' > /etc/oauth2-proxy/authenticated_emails.txt
 else
-    echo "Warning: ALLOWED_USERS is not set! Anyone with a GitHub account can login."
-    # 创建一个空文件，或者允许所有（取决于配置，但为了安全建议留空或报错）
     touch /etc/oauth2-proxy/authenticated_emails.txt
 fi
@@ -32,14 +32,24 @@ fi
 echo "Starting ttyd on 127.0.0.1:7681..."
 ttyd -p 7681 -i 127.0.0.1 -W bash &
 # 2. 启动 oauth2-proxy (本地监听)
-# 我们直接在命令行传递 Client ID 和 Secret，确保它们被正确读取
 echo "Starting oauth2-proxy on 127.0.0.1:4180..."
 oauth2-proxy \
     --config=oauth2-proxy.cfg \
     --client-id="$OAUTH2_PROXY_CLIENT_ID" \
     --client-secret="$OAUTH2_PROXY_CLIENT_SECRET" \
-    --cookie-secret="$OAUTH2_PROXY_COOKIE_SECRET" &
 # 3. 启动 Nginx (对外监听 7860)
 echo "Starting Nginx on port 7860..."

 #!/bin/bash
+# 打印所有命令，方便调试
+set -x
 # 确保必要的环境变量已设置
 if [ -z "$OAUTH2_PROXY_CLIENT_ID" ] || [ "$OAUTH2_PROXY_CLIENT_ID" == "your_client_id" ]; then
     echo "Error: OAUTH2_PROXY_CLIENT_ID is not set in Hugging Face Secrets!"
 fi
 # 生成白名单文件
 mkdir -p /etc/oauth2-proxy
 if [ -n "$ALLOWED_USERS" ]; then
     echo "Generating allowed users list..."
     echo "$ALLOWED_USERS" | tr ',' '\n' > /etc/oauth2-proxy/authenticated_emails.txt
 else
+    echo "Warning: ALLOWED_USERS is not set! Creating empty whitelist."
     touch /etc/oauth2-proxy/authenticated_emails.txt
 fi
 echo "Starting ttyd on 127.0.0.1:7681..."
 ttyd -p 7681 -i 127.0.0.1 -W bash &
+# 等待 ttyd 启动
+sleep 2
 # 2. 启动 oauth2-proxy (本地监听)
 echo "Starting oauth2-proxy on 127.0.0.1:4180..."
+# 将日志重定向到标准输出，以便在 Space Logs 中查看
 oauth2-proxy \
     --config=oauth2-proxy.cfg \
     --client-id="$OAUTH2_PROXY_CLIENT_ID" \
     --client-secret="$OAUTH2_PROXY_CLIENT_SECRET" \
+    --cookie-secret="$OAUTH2_PROXY_COOKIE_SECRET" \
+    --email-domain="*" \
+    --upstream="http://127.0.0.1:7681" \
+    --http-address="127.0.0.1:4180" \
+    2>&1 &
+# 等待 oauth2-proxy 启动
+sleep 2
 # 3. 启动 Nginx (对外监听 7860)
 echo "Starting Nginx on port 7860..."