meutel/oauth2_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

README: simplify nginx auth_request example

Browse Source 
/oauth2/auth is not more sensitive than other /oauth2/ paths,
does not need "internal" protection

"spdy" protocol is obsolete, http2 is the thing to enable now.
But it's orthogonal anyway.

No need for two separate content/upstream location blocks in
this example, reduce to just one, with a comment that it could
be serving files instead of proxying.
This commit is contained in:
Pierce Lopez 2017-04-24 17:56:15 -04:00
parent ea2540bc89
commit 7f5672b433
1 changed files with 3 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@ -350,15 +350,10 @@ The [Nginx `auth_request` directive](http://nginx.org/en/docs/http/ngx_http_auth
```nginx
server {
listen 443 ssl spdy;
listen 443 ssl;
server_name ...;
include ssl/ssl.conf;
location = /oauth2/auth {
internal;
proxy_pass http://127.0.0.1:4180;
}
location /oauth2/ {
proxy_pass http://127.0.0.1:4180;
proxy_set_header Host $host;
@ -367,7 +362,7 @@ server {
proxy_set_header X-Auth-Request-Redirect $request_uri;
}
location /upstream/ {
location / {
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
@ -379,13 +374,7 @@ server {
proxy_set_header X-Email $email;
proxy_pass http://backend/;
}
location / {
auth_request /oauth2/auth;
error_page 401 = https://example.com/oauth2/sign_in;
root /path/to/the/site;
# or "root /path/to/site;" or "fastcgi_pass ..." etc
}
}
```