From 1f4eb9f534c2b783fab7103e45d3ec4d380de995 Mon Sep 17 00:00:00 2001
From: Jehiah Czebotar <jehiah@gmail.com>
Date: Mon, 10 Dec 2012 21:11:24 -0500
Subject: [PATCH] add example nginx config

---
 README.md | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/README.md b/README.md
index 94fdcb3..f5d51c4 100644
--- a/README.md
+++ b/README.md
@@ -44,3 +44,41 @@ Usage of ./google_auth_proxy:
 ```
 
 Unauthenticated requests will be redirected to `/oauth2/sign_in` to start the sign-in process.
+
+
+## Example
+
+To run a proxy on port 4180 authenticating requests for an application running 
+on port 8080 at internal.yourcompany.com you would use
+
+```bash
+./google_auth_proxy \
+   --redirect-url="https://internal.yourcompany.com/oauth2/callback"  \
+   --google-apps-domain="yourcompany.com"  \
+   --upstream=http://127.0.0.1:8080/ \
+   --cookie-secret=... \
+   --client-id=... \
+   --client-secret=...
+```
+
+An example Nginx config to listen on ssl (port 443) and forward requests to port 4180 would be
+
+```
+server {
+    listen 443 default ssl;
+    server_name internal.yourcompany.com;
+    ssl_certificate /path/to/cert.pem;
+    ssl_certificate_key /path/to/cert.key;
+    add_header Strict-Transport-Security max-age=1209600;
+
+    location / {
+        proxy_pass http://127.0.0.1:4180;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Scheme $scheme;
+        proxy_connect_timeout 1;
+        proxy_send_timeout 30;
+        proxy_read_timeout 30;
+    }
+}
+```