publish github pages privately secured by github sso (oauth2)

private-ghp

Serves static sites from private repositories to members with read access (or higher), secured using GitHub OAuth2.
The server is written in Go.

Why

Github forces users to pay for an enterprise license in order to share github pages only with members of an organization.
It is not even included in the paid Team plan.

This repository is a workaround for that - it also works for free tier plans as it doesn't rely on github pages nor public repositories.

Features

  • Supports multiple pages, one per subdomain
  • Define your own branch
  • No need to publish a repository nor use of github pages
  • Works with github free tier
  • Selfhosted

Config

You need to create a Github OAuth2 App.

Check out the sample.config.yaml for more informations.
The callback URL must point to http(s)://domain:publicPort/login/github/callback (not subdomain).

Secure using HTTPs

To protect your site using SSL, we advice to use a reverse proxy like Traefik.

Usage

  • First, build using:
    • make prepare
    • make build+linux or
    • make build+docker (optional)
  • Second, set up a configuration
    • checkout sample.config.yaml for more informations
  • Third, execute the binary or docker image
    • ./prviate-ghp --config=<path_to_config>

localhost as domain does not work

localhost does not work as the app uses cross origin resource sharing which is not applied to localhost.
You need to use a FQDN like local.host to work.

Architecture

This is a high level explanation of how this project works.

For more information of how GitHub OAuth works, see the official documentation.

  • The client requests a resource
    • If the session cookie is present and valid, skip the next two steps
    • Otherwise, redirects to the provider's OAuth page
  • Provider's (e.g. GitHub) OAuth page
    • If successful, redirects to the callback URL (this service)
  • The callback request is received from the OAuth provider
    • Get an OAuth token, then store it client-side in a cookie
  • A call is performed to the Github API using the token the client sends with each request (as cookie) to get the resource, which is then served to the client

Serving from a documentation directory

GitHub Pages allows to serve from a /docs directory, which is supported by private-ghp too, if the hosted page uses /docs as basePath.

For any question, create an issue here on Github.

Similar Resources

JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd

login-service login-service is a standalone minimalistic login server providing a (JWT)[https://jwt.io/] login for multiple login backends. Abstract l

Feb 12, 2022

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH.

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH.

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.

Jan 1, 2023

GoHooks make it easy to send and consume secured web-hooks from a Go application

GoHooks GoHooks make it easy to send and consume secured web-hooks from a Go application. A SHA-256 signature is created with the sent data plus an en

Nov 16, 2022

gproxy is a tiny service/library for creating lets-encrypt/acme secured gRPC and http reverse proxies

gproxy is a tiny service/library for creating lets-encrypt/acme secured gRPC and http reverse proxies

gproxy is a reverse proxy service AND library for creating flexible, expression-based, lets-encrypt/acme secured gRPC/http reverse proxies GProxy as a

Sep 11, 2022

EVM-compatible chain secured by the Lachesis consensus algorithm.

ICICB-Galaxy EVM-compatible chain secured by the Lachesis consensus algorithm. Building the source Building galaxy requires both a Go (version 1.14 or

Oct 7, 2021

minimal implementation of secured encrypted tcp/ip connection without tls / ssl.

go-secure-transport Demo implementation of secured encrypted TCP connection without TLS / SSL. See ./example for server & client using the transport t

Dec 15, 2021

EVM-compatible chain secured by the Lachesis consensus algorithm

ICICB galaxy EVM-compatible chain secured by the Lachesis consensus algorithm. Building the source Building galaxy requires both a Go (version 1.14 or

Jan 8, 2022

Go-chain - EVM-compatible chain secured by the Lachesis consensus algorithm

ICICB galaxy EVM-compatible chain secured by the Lachesis consensus algorithm. B

Jun 8, 2022

Go-opera-test - EVM-compatible chain secured by the Lachesis consensus algorithm

Opera EVM-compatible chain secured by the Lachesis consensus algorithm. Building

Feb 14, 2022

Provides AWS STS credentials based on Google Apps SAML SSO auth with interactive GUI support

Provides AWS STS credentials based on Google Apps SAML SSO auth with interactive GUI support

What's this This command-line tool allows you to acquire AWS temporary (STS) credentials using Google Apps as a federated (Single Sign-On, or SSO) pro

Sep 29, 2022

an SSO and OAuth / OIDC login solution for Nginx using the auth_request module

an SSO and OAuth / OIDC login solution for Nginx using the auth_request module

Vouch Proxy An SSO solution for Nginx using the auth_request module. Vouch Proxy can protect all of your websites at once. Vouch Proxy supports many O

Jan 4, 2023

Casdoor is a UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC.

A UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC

Dec 29, 2022

CLI for SendGrid, which helps in managing SSO users, can install and update users from yaml config

Sendgrid API This script is needed to add new users to SendGrid as SSO teammates. Previously, all users were manually added and manually migrating the

Jul 20, 2022

sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services

sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services

sso See our launch blog post for more information! Please take the SSO Community Survey to let us know how we're doing, and to help us plan our roadma

Jan 5, 2023

Web interface for Wireguard. Supports SSO.

Web interface for Wireguard. Supports SSO.

A simple, easy to use web interface for Wireguard. It supports SSO authentication (currently Google, Github, Gitlab, Okta are supported) and SCIM2.0 protocol (in development).

Apr 6, 2022

CLI tool to update ~/.aws/config with all accounts and permission sets defined in AWS SSO

aws-sso-profiles Generate or update ~/.aws/config with a profile for each SSO account you have access to, by using an existing AWS SSO session. Bootst

Nov 3, 2022

Makes dealing with AWS SSO Logins an ease

go-aws-sso Make working with AWS SSO on local machines an ease. What is it about? Choose and retrieve short-living role credentials from all of your S

Jan 3, 2023

Lightweight SSO Login System

login Lightweight SSO Login System Convention Redirect to login.changkun.de?redirect=origin When login success, login.changkun.de will redirect to ori

Sep 29, 2022
Comments
  • Running private-ghp with localhost

    Running private-ghp with localhost

    I'm testing the code running it in local host for start, setting the OAUTH app's callback URL pointing to http://test.localhost:8080/login/github/callback

    Also I'm building using the following config.yaml:

    port: 8080
    publicPort: 8080
    domain: localhost
    log:
      level: debug
    github:
      client:
        id: (UserID)
        secret:  (UserSecret)
    pages:
      - subdomain: test #the sub-domain part WITHOUT the main domain
        index: index.html
        cache:
          duration: 1800   
        repository:
          owner: kiwicampus
          name: kronos-project-docs
          branch: privpage # eg. gh-pages
    

    After building it, entering test.localhost:8080 and clicking the "Authorize" button; I get redirected to the same authorization path over and over.

    This is the terminal I get by doing so:

    fran@fran:~/Desktop/GITREP/private-ghp$ ./bin/linux/private-ghp --config=sample.config.yaml
    DEBU[2022-04-28 13:05:33] loaded config file: sample.config.yaml       
    INFO[2022-04-28 13:05:33] listening on 0.0.0.0:8080                    
    DEBU[2022-04-28 14:09:41] token recevied from github, redirecting to http://test.localhost:8080// 
    DEBU[2022-04-28 14:09:42] token recevied from github, redirecting to http://test.localhost:8080// 
    DEBU[2022-04-28 14:09:43] token recevied from github, redirecting to http://test.localhost:8080// 
    DEBU[2022-04-28 14:09:43] token recevied from github, redirecting to http://test.localhost:8080// 
    DEBU[2022-04-28 14:09:44] token recevied from github, redirecting to http://test.localhost:8080// 
    DEBU[2022-04-28 14:09:46] token recevied from github, redirecting to http://test.localhost:8080// 
    DEBU[2022-04-28 14:09:46] token recevied from github, redirecting to http://test.localhost:8080// 
    DEBU[2022-04-28 14:09:47] token recevied from github, redirecting to http://test.localhost:8080// 
    DEBU[2022-04-28 14:09:48] token recevied from github, redirecting to http://test.localhost:8080// 
    

    It seems I'm getting into some kind of loop, can you tell me what I'm doing wrong?

  • Project not working with port 80

    Project not working with port 80

    I tried running using default public port 80, but since this one get's deleted from the URL once you press enter, the project seems to work only if the port si explicit in the URL, so when I changed it for port 9090 it worked fine.

Go-chain - EVM-compatible chain secured by the Lachesis consensus algorithm

ICICB galaxy EVM-compatible chain secured by the Lachesis consensus algorithm. B

Jun 8, 2022
A markov chain for Discord message dumps using https://github.com/fr3fou/polo

discord-markov-chain A markov chain for Discord message dumps using https://github.com/fr3fou/polo Download If you have a go installed, just clone the

Oct 28, 2022
Ethereum-vanity-wallet - A fork of https://github.com/meehow/ethereum-vanity-wallet but the key can be exported to a JSON keystore file

ethereum-vanity-wallet See https://github.com/meehow/ethereum-vanity-wallet This version: doesn't display the private key let's you interactively expo

Jan 2, 2022
A single sign-on solution based on go-oauth2 / oauth2 and gin-gonic/gin

A single sign-on solution based on go-oauth2 / oauth2 and gin-gonic/gin

Nov 17, 2021
Oauth2-golang - Oauth2 Golang Mysql

Oauth2-golang - Oauth2 Golang Mysql

Sep 16, 2022
Hazelcast Storage for go-oauth2/oauth2

Hazelcast Storage for go-oauth2/oauth2

Jan 26, 2022
The cider is a simple tool of building GitHub pages. It's fast and easy to use.
The cider is a simple tool of building GitHub pages. It's fast and easy to use.

The cider is a simple tool of building GitHub pages. It's fast and easy to use. See example: https://www.leyafo.com Install Compiling from source code

Feb 13, 2022
This is my personal website, hosted on GitHub Pages

astrophena.name This is my personal website, hosted on GitHub Pages. Serving locally You need the latest Go and Node.js installed.

Nov 16, 2022
JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..
JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..

loginsrv loginsrv is a standalone minimalistic login server providing a JWT login for multiple login backends. ** Attention: Update to v1.3.0 for Goog

Dec 24, 2022
A Sample Integration of Google and GitHub OAuth2 in Golang (GoFiber) utilising MongoDB

Go Oauth Server This is sample OAuth integration written in GoLang that also uses MongoDB. This is a sample TODO Application where people can Create a

Dec 27, 2022