Merge pull request #4 from lukaszbudnik/documentation-updates

updated documentation

README.md

@@ -1,8 +1,8 @@
-# haproxy-auth-gateway ![Docker Hub](https://img.shields.io/docker/cloud/build/lukasz/haproxy-auth-gateway) ![Docker](https://github.com/lukaszbudnik/haproxy-auth-gateway/workflows/Docker%20Image%20CI/badge.svg)
+# haproxy-auth-gateway ![Docker](https://github.com/lukaszbudnik/haproxy-auth-gateway/workflows/Docker%20Image%20CI/badge.svg)
 
 haproxy-auth-gateway is an authentication and authorization gateway for cloud native apps.
 
-haproxy-auth-gateway features are:
+haproxy-auth-gateway features include:
 
 - parsing JWT token from the HTTP Authorization header
 - Keycloak realm roles support
@@ -22,12 +22,18 @@ haproxy-auth-gateway can be configured with the following env variables:
 haproxy-auth-gateway is available on docker hub:
 
 ```
-lukasz/haproxy-auth-gateway
+docker pull lukasz/haproxy-auth-gateway
+```
+
+or on ghcr.io:
+
+```
+docker pull ghcr.io/lukaszbudnik/haproxy-auth-gateway
 ```
 
 # Example
 
-The below example shows how to deploy & configure `lukasz/haproxy-auth-gateway` in Kubernetes. It also shows how to invoke the Lua verify script and write ACLs using variables set by it.
+The below example shows how to deploy & configure `lukasz/haproxy-auth-gateway` in Kubernetes. It also shows how to invoke the Lua verify script and write ACLs.
 
 > If you are interested in running a complete distributed demo app on Kubernetes check out: [lukaszbudnik/keycloak-kubernetes](https://github.com/lukaszbudnik/keycloak-kubernetes). This demo app uses Keycloak as Identity and Access Management solution and haproxy-auth-gateway for transparent authentication and authorization for backend services.
 
@@ -113,6 +119,40 @@ Then we are ready to deploy haproxy-auth-gateway:
 kubectl apply -f gateway.yaml
 ```
 
+## haproxy ACL
+
+haproxy-auth-gateway will verify passed JWT and will (if all good):
+
+- set `txn.authorized` variable to `true`
+- set `txn.roles` variable to a comma separated list of `realm_access.roles`
+
+Above variables can be used in haproxy ACLs.
+
+For example:
+
+```
+# deny if no Authorization header sent
+http-request deny unless { req.hdr(authorization) -m found }
+# invoke the jwtverify Lua script
+http-request lua.jwtverify
+# check if authorized successfully
+http-request deny unless { var(txn.authorized) -m bool }
+# check roles
+http-request deny if PATH_camarero ! { var(txn.roles) -m sub camarero }
+```
+
+# Troubleshooting
+
+The script outputs many useful debug messages. To enable debug add the following configuration to you `haproxy.cfg`:
+
+```
+global
+    log stdout local0 debug
+
+defaults
+    log global
+```
+
 ## Sample JWT
 
 A sample JWT token generated by Keycloak looks like this:
@@ -174,40 +214,8 @@ ewIDAQAB
 -----END PUBLIC KEY-----
 ```
 
-## haproxy ACL
-
-haproxy-auth-gateway will verify the above JWT correctly and will:
-
-- set `txn.authorized` variable to `true`
-- set `txn.roles` variable to a comma separated list of `realm_access.roles`
-
-Later above variables can be used in haproxy ACLs, for example:
-
-```
-# deny if no Authorization header sent
-http-request deny unless { req.hdr(authorization) -m found }
-# invoke the jwtverify Lua script
-http-request lua.jwtverify
-# check if authorized successfully
-http-request deny unless { var(txn.authorized) -m bool }
-# check roles
-http-request deny if PATH_camarero ! { var(txn.roles) -m sub camarero }
-```
-
-# Troubleshooting
-
-The script outputs many useful debug messages. To enable debug add the following configuration to you `haproxy.cfg`:
-
-```
-global
-    log stdout local0 debug
-
-defaults
-    log global
-```
-
 # Original project
 
-haproxy-auth-gateway is based on great project from haproxytech folks: https://github.com/haproxytech/haproxy-lua-oauth
+haproxy-auth-gateway is based on great project from haproxytech folks: https://github.com/haproxytech/haproxy-lua-oauth.
 
 haproxy-auth-gateway contains changes to support Keycloak realm roles out of the box.