From 7f5672b433f70478c79fe4f7294a92cb56a0b64b Mon Sep 17 00:00:00 2001
From: Pierce Lopez <pierce.lopez@gmail.com>
Date: Mon, 24 Apr 2017 17:56:15 -0400
Subject: [PATCH] README: simplify nginx auth_request example

/oauth2/auth is not more sensitive than other /oauth2/ paths,
does not need "internal" protection

"spdy" protocol is obsolete, http2 is the thing to enable now.
But it's orthogonal anyway.

No need for two separate content/upstream location blocks in
this example, reduce to just one, with a comment that it could
be serving files instead of proxying.
---
 README.md | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index be73f36..6ab8de5 100644
--- a/README.md
+++ b/README.md
@@ -350,15 +350,10 @@ The [Nginx `auth_request` directive](http://nginx.org/en/docs/http/ngx_http_auth
 
 ```nginx
 server {
-  listen 443 ssl spdy;
+  listen 443 ssl;
   server_name ...;
   include ssl/ssl.conf;
 
-  location = /oauth2/auth {
-    internal;
-    proxy_pass http://127.0.0.1:4180;
-  }
-
   location /oauth2/ {
     proxy_pass       http://127.0.0.1:4180;
     proxy_set_header Host                    $host;
@@ -367,7 +362,7 @@ server {
     proxy_set_header X-Auth-Request-Redirect $request_uri;
   }
 
-  location /upstream/ {
+  location / {
     auth_request /oauth2/auth;
     error_page 401 = /oauth2/sign_in;
 
@@ -379,13 +374,7 @@ server {
     proxy_set_header X-Email $email;
 
     proxy_pass http://backend/;
-  }
-
-  location / {
-    auth_request /oauth2/auth;
-    error_page 401 = https://example.com/oauth2/sign_in;
-
-    root /path/to/the/site;
+    # or "root /path/to/site;" or "fastcgi_pass ..." etc
   }
 }
 ```