Skip to content
A secure proxy to safely control ingress to private networks.
C#
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.vscode
src/barbican
.dockerignore
.gitignore
Dockerfile
README.md

README.md

Project Bastion: Barbican

A secure proxy to allow authorised access to internal services without exposing them directly.

Routes

DNS Routing

Specifying the scheme and hostname/port, barbican will simply resolve these itself to relay the service. This will include localhost and private network addresses like the AWS metadata endpoint, so it is important to be aware when deciding where to host barbican.

/proxy/<scheme>/<host_and_port>/<path> ==> <scheme>://<host_and_port>/<path>

e.g.

/proxy/https/www.bbc.co.uk/news ==> https://www.bbc.co.uk/news
/proxy/http/some_api.internal:8080/ ==> http://some_api.internal:8080/

Authentication

If not specified, the default auth provider is Basic Authentication

Basic Access Authentication

As the default auth provider, if no configuration is provided Basic Authentication will generate a username and password logging them to stdout.

Authentication:
  Provider: Basic

---

Using Basic Auth - Username: "LlSO4iBLPlp0vTZk7yx1QL9830I=" Password: "6gEuyvgzLGum6jVnymPKPY+Y1pY="

or

Authentication:
  Provider: Basic
  Username: john.smith
  Password: Password123

Azure AD

Authentication:
  Provider: AzureAd
  Instance: https://login.microsoftonline.com/
  Domain: contoso.onmicrosoft.com # Enter the domain of your tenant
  TenantId: 'da41245a5-11b3-996c-00a8-4d99re19f292' # Enter the Tenant Id (Obtained from the Azure portal. Select 'Endpoints' from the 'App registrations' blade and use the GUID in any of the URLs)
  ClientId: ba74781c2-53c2-442a-97c2-3d60re42f403 # Enter the Client Id (Application ID obtained from the Azure portal) 
  CallbackPath: /signin-oidc

Running in Docker

Build a configuration file:

Authentication:
  Provider: Basic
  Username: john.smith
  Password: Password123

Map the config file in to the container to inject the configuration, and run:

docker run --name barbican -v `pwd`/config.yml:/config.yml uatec/barbican
You can’t perform that action at this time.