meutel/oauth2_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

indent content in ordered list, fixes 165

Browse Source
This commit is contained in:
Brady Mitchell 2019-08-10 21:46:13 -07:00
parent 14c25c1d8a
commit 18156713e3
1 changed files with 49 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
docs/4_tls.md
View File

@ -11,10 +11,10 @@ There are two recommended configurations.
1. Configure SSL Termination with OAuth2 Proxy by providing a `--tls-cert-file=/path/to/cert.pem` and `--tls-key-file=/path/to/cert.key`. 1. Configure SSL Termination with OAuth2 Proxy by providing a `--tls-cert-file=/path/to/cert.pem` and `--tls-key-file=/path/to/cert.key`.
The command line to run `oauth2_proxy` in this configuration would look like this: The command line to run `oauth2_proxy` in this configuration would look like this:
```bash ```bash
./oauth2_proxy \ ./oauth2_proxy \
--email-domain="yourcompany.com" \ --email-domain="yourcompany.com" \
--upstream=http://127.0.0.1:8080/ \ --upstream=http://127.0.0.1:8080/ \
--tls-cert-file=/path/to/cert.pem \ --tls-cert-file=/path/to/cert.pem \
@ -24,23 +24,23 @@ The command line to run `oauth2_proxy` in this configuration would look like thi
--provider=... \ --provider=... \
--client-id=... \ --client-id=... \
--client-secret=... --client-secret=...
``` ```
2. Configure SSL Termination with [Nginx](http://nginx.org/) (example config below), Amazon ELB, Google Cloud Platform Load Balancing, or .... 2. Configure SSL Termination with [Nginx](http://nginx.org/) (example config below), Amazon ELB, Google Cloud Platform Load Balancing, or ....
Because `oauth2_proxy` listens on `127.0.0.1:4180` by default, to listen on all interfaces (needed when using an Because `oauth2_proxy` listens on `127.0.0.1:4180` by default, to listen on all interfaces (needed when using an
external load balancer like Amazon ELB or Google Platform Load Balancing) use `--http-address="0.0.0.0:4180"` or external load balancer like Amazon ELB or Google Platform Load Balancing) use `--http-address="0.0.0.0:4180"` or
`--http-address="http://:4180"`. `--http-address="http://:4180"`.
Nginx will listen on port `443` and handle SSL connections while proxying to `oauth2_proxy` on port `4180`. Nginx will listen on port `443` and handle SSL connections while proxying to `oauth2_proxy` on port `4180`.
`oauth2_proxy` will then authenticate requests for an upstream application. The external endpoint for this example `oauth2_proxy` will then authenticate requests for an upstream application. The external endpoint for this example
would be `https://internal.yourcompany.com/`. would be `https://internal.yourcompany.com/`.
An example Nginx config follows. Note the use of `Strict-Transport-Security` header to pin requests to SSL An example Nginx config follows. Note the use of `Strict-Transport-Security` header to pin requests to SSL
via [HSTS](http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security): via [HSTS](http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security):
``` ```
server { server {
listen 443 default ssl; listen 443 default ssl;
server_name internal.yourcompany.com; server_name internal.yourcompany.com;
ssl_certificate /path/to/cert.pem; ssl_certificate /path/to/cert.pem;
@ -56,13 +56,13 @@ server {
proxy_send_timeout 30; proxy_send_timeout 30;
proxy_read_timeout 30; proxy_read_timeout 30;
} }
} }
``` ```
The command line to run `oauth2_proxy` in this configuration would look like this: The command line to run `oauth2_proxy` in this configuration would look like this:
```bash ```bash
./oauth2_proxy \ ./oauth2_proxy \
--email-domain="yourcompany.com" \ --email-domain="yourcompany.com" \
--upstream=http://127.0.0.1:8080/ \ --upstream=http://127.0.0.1:8080/ \
--cookie-secret=... \ --cookie-secret=... \
@ -70,4 +70,4 @@ The command line to run `oauth2_proxy` in this configuration would look like thi
--provider=... \ --provider=... \
--client-id=... \ --client-id=... \
--client-secret=... --client-secret=...
``` ```