diff --git a/README.md b/README.md index 9860fd0..f9c752f 100644 --- a/README.md +++ b/README.md @@ -62,15 +62,18 @@ Usage of google_auth_proxy: -client-id="": the Google OAuth Client ID: ie: "123456.apps.googleusercontent.com" -client-secret="": the OAuth Client Secret -config="": path to config file - -cookie-domain="": an optional cookie domain to force cookies to (ie: .yourcompany.com) + -cookie-domain="": an optional cookie domain to force cookies to (ie: .yourcompany.com)* -cookie-expire=168h0m0s: expire timeframe for cookie - -cookie-https-only=false: set HTTPS only cookie + -cookie-httponly=true: set HttpOnly cookie + -cookie-https-only=true: set HTTPS only cookie -cookie-secret="": the seed string for secure cookies + -display-htpasswd-form=true: display username / password login form if an htpasswd file is provided -google-apps-domain=: authenticate against the given Google apps domain (may be given multiple times) -htpasswd-file="": additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption - -http-address="127.0.0.1:4180": : to listen on for HTTP clients + -http-address="127.0.0.1:4180": [http://]: or unix:// to listen on for HTTP clients -pass-basic-auth=true: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream -redirect-url="": the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback" + -skip-auth-regex=: bypass authentication for requests path's that match (may be given multiple times) -upstream=: the http url(s) of the upstream endpoint. If multiple, routing is based on path -version=false: print version string ``` diff --git a/main.go b/main.go index 50ae79a..747b7f1 100644 --- a/main.go +++ b/main.go @@ -6,6 +6,7 @@ import ( "log" "net" "net/http" + "net/url" "os" "strings" "time" @@ -24,7 +25,7 @@ func main() { config := flagSet.String("config", "", "path to config file") showVersion := flagSet.Bool("version", false, "print version string") - flagSet.String("http-address", "127.0.0.1:4180", ": to listen on for HTTP clients") + flagSet.String("http-address", "127.0.0.1:4180", "[http://]: or unix:// to listen on for HTTP clients") flagSet.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"") flagSet.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path") flagSet.Bool("pass-basic-auth", true, "pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream") @@ -88,11 +89,25 @@ func main() { } } - listener, err := net.Listen("tcp", opts.HttpAddress) + u, err := url.Parse(opts.HttpAddress) if err != nil { - log.Fatalf("FATAL: listen (%s) failed - %s", opts.HttpAddress, err) + log.Fatalf("FATAL: could not parse %#v: %v", opts.HttpAddress, err) } - log.Printf("listening on %s", opts.HttpAddress) + + var networkType string + switch u.Scheme { + case "", "http": + networkType = "tcp" + default: + networkType = u.Scheme + } + listenAddr := strings.TrimPrefix(u.String(), u.Scheme+"://") + + listener, err := net.Listen(networkType, listenAddr) + if err != nil { + log.Fatalf("FATAL: listen (%s, %s) failed - %s", networkType, listenAddr, err) + } + log.Printf("listening on %s", listenAddr) server := &http.Server{Handler: oauthproxy} err = server.Serve(listener)