From 1f4eb9f534c2b783fab7103e45d3ec4d380de995 Mon Sep 17 00:00:00 2001 From: Jehiah Czebotar Date: Mon, 10 Dec 2012 21:11:24 -0500 Subject: [PATCH] add example nginx config --- README.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/README.md b/README.md index 94fdcb3..f5d51c4 100644 --- a/README.md +++ b/README.md @@ -44,3 +44,41 @@ Usage of ./google_auth_proxy: ``` Unauthenticated requests will be redirected to `/oauth2/sign_in` to start the sign-in process. + + +## Example + +To run a proxy on port 4180 authenticating requests for an application running +on port 8080 at internal.yourcompany.com you would use + +```bash +./google_auth_proxy \ + --redirect-url="https://internal.yourcompany.com/oauth2/callback" \ + --google-apps-domain="yourcompany.com" \ + --upstream=http://127.0.0.1:8080/ \ + --cookie-secret=... \ + --client-id=... \ + --client-secret=... +``` + +An example Nginx config to listen on ssl (port 443) and forward requests to port 4180 would be + +``` +server { + listen 443 default ssl; + server_name internal.yourcompany.com; + ssl_certificate /path/to/cert.pem; + ssl_certificate_key /path/to/cert.key; + add_header Strict-Transport-Security max-age=1209600; + + location / { + proxy_pass http://127.0.0.1:4180; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 1; + proxy_send_timeout 30; + proxy_read_timeout 30; + } +} +```