Skip to content

feat: document TINYAUTH_AUTH_STANDALONE option #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jacekkow wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: document TINYAUTH_AUTH_STANDALONE option #70

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions src/content/docs/docs/getting-started.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ Multiple users can be created by repeating this process and separating entries w

## Domain Configuration

Tinyauth sets a cookie for the parent domain of the application URL. For example, if the application URL is `http://tinyauth.example.com`, the cookie is set for `.example.com`, enabling authentication across all subdomains. Below is an example of an ideal domain structure:
Tinyauth sets a cookie for the parent domain of the application URL, unless `TINYAUTH_AUTH_STANDALONE=true` is set. For example, if the application URL is `http://tinyauth.example.com`, the cookie is set for `.example.com`, enabling authentication across all subdomains. Below is an example of an ideal domain structure:

```mermaid
flowchart BR
Expand All @@ -77,9 +77,10 @@ flowchart BR

:::caution
Direct usage with DDNS services (e.g., `tinyauth562.duckdns.org`) is not
supported due to browser cookie restrictions. Subdomains (e.g.,
`tinyauth.mylab562.duckdns.org`) must be used for both Tinyauth and
applications.
supported due to browser cookie restrictions unless
`TINYAUTH_AUTH_STANDALONE=true` is set. Subdomains (e.g.,
`tinyauth.mylab562.duckdns.org`) should be used if securing
both Tinyauth and applications is required.
:::

## Deployment
Expand Down
1 change: 1 addition & 0 deletions src/content/docs/docs/reference/configuration.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ Tinyauth can be configured using environment variables or CLI flags. The table b
| `TINYAUTH_AUTH_IP_BLOCK` | `--auth.ip.block` | List of blocked IPs or CIDR ranges. | `` |
| `TINYAUTH_AUTH_USERS` | `--auth.users` | Comma-separated list of users (username:hashed_password). | `` |
| `TINYAUTH_AUTH_USERSFILE` | `--auth.usersfile` | Path to the users file. | `` |
| `TINYAUTH_AUTH_STANDALONE` | `--auth.standalone` | Run in standalone mode, do not set cookies for subdomains. | `false` |
| `TINYAUTH_AUTH_SECURECOOKIE` | `--auth.securecookie` | Enable secure cookies. | `false` |
| `TINYAUTH_AUTH_SESSIONEXPIRY` | `--auth.sessionexpiry` | Session expiry time in seconds. | `86400` |
| `TINYAUTH_AUTH_SESSIONMAXLIFETIME` | `--auth.sessionmaxlifetime` | Maximum session lifetime in seconds. | `0` |
Expand Down