Added scheme parsing to http-address param
Can now listen for HTTP clients on unix sockets (and any other Go-supported stream oriented network - see golang.org/pkg/net/#Listen). Default behaviour is unchanged, any http-address without a scheme is given the default of tcp. Amended the README so that the usage output is up to date.
This commit is contained in:
parent
601ae6f4ec
commit
975c7173c2
@ -62,15 +62,18 @@ Usage of google_auth_proxy:
|
|||||||
-client-id="": the Google OAuth Client ID: ie: "123456.apps.googleusercontent.com"
|
-client-id="": the Google OAuth Client ID: ie: "123456.apps.googleusercontent.com"
|
||||||
-client-secret="": the OAuth Client Secret
|
-client-secret="": the OAuth Client Secret
|
||||||
-config="": path to config file
|
-config="": path to config file
|
||||||
-cookie-domain="": an optional cookie domain to force cookies to (ie: .yourcompany.com)
|
-cookie-domain="": an optional cookie domain to force cookies to (ie: .yourcompany.com)*
|
||||||
-cookie-expire=168h0m0s: expire timeframe for cookie
|
-cookie-expire=168h0m0s: expire timeframe for cookie
|
||||||
-cookie-https-only=false: set HTTPS only cookie
|
-cookie-httponly=true: set HttpOnly cookie
|
||||||
|
-cookie-https-only=true: set HTTPS only cookie
|
||||||
-cookie-secret="": the seed string for secure cookies
|
-cookie-secret="": the seed string for secure cookies
|
||||||
|
-display-htpasswd-form=true: display username / password login form if an htpasswd file is provided
|
||||||
-google-apps-domain=: authenticate against the given Google apps domain (may be given multiple times)
|
-google-apps-domain=: authenticate against the given Google apps domain (may be given multiple times)
|
||||||
-htpasswd-file="": additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
|
-htpasswd-file="": additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
|
||||||
-http-address="127.0.0.1:4180": <addr>:<port> to listen on for HTTP clients
|
-http-address="127.0.0.1:4180": [http://]<addr>:<port> or unix://<path> to listen on for HTTP clients
|
||||||
-pass-basic-auth=true: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
|
-pass-basic-auth=true: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
|
||||||
-redirect-url="": the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
|
-redirect-url="": the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
|
||||||
|
-skip-auth-regex=: bypass authentication for requests path's that match (may be given multiple times)
|
||||||
-upstream=: the http url(s) of the upstream endpoint. If multiple, routing is based on path
|
-upstream=: the http url(s) of the upstream endpoint. If multiple, routing is based on path
|
||||||
-version=false: print version string
|
-version=false: print version string
|
||||||
```
|
```
|
||||||
|
23
main.go
23
main.go
@ -6,6 +6,7 @@ import (
|
|||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
@ -24,7 +25,7 @@ func main() {
|
|||||||
config := flagSet.String("config", "", "path to config file")
|
config := flagSet.String("config", "", "path to config file")
|
||||||
showVersion := flagSet.Bool("version", false, "print version string")
|
showVersion := flagSet.Bool("version", false, "print version string")
|
||||||
|
|
||||||
flagSet.String("http-address", "127.0.0.1:4180", "<addr>:<port> to listen on for HTTP clients")
|
flagSet.String("http-address", "127.0.0.1:4180", "[http://]<addr>:<port> or unix://<path> to listen on for HTTP clients")
|
||||||
flagSet.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"")
|
flagSet.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"")
|
||||||
flagSet.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path")
|
flagSet.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path")
|
||||||
flagSet.Bool("pass-basic-auth", true, "pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream")
|
flagSet.Bool("pass-basic-auth", true, "pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream")
|
||||||
@ -88,11 +89,25 @@ func main() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
listener, err := net.Listen("tcp", opts.HttpAddress)
|
u, err := url.Parse(opts.HttpAddress)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("FATAL: listen (%s) failed - %s", opts.HttpAddress, err)
|
log.Fatalf("FATAL: could not parse %#v: %v", opts.HttpAddress, err)
|
||||||
}
|
}
|
||||||
log.Printf("listening on %s", opts.HttpAddress)
|
|
||||||
|
var networkType string
|
||||||
|
switch u.Scheme {
|
||||||
|
case "", "http":
|
||||||
|
networkType = "tcp"
|
||||||
|
default:
|
||||||
|
networkType = u.Scheme
|
||||||
|
}
|
||||||
|
listenAddr := strings.TrimPrefix(u.String(), u.Scheme+"://")
|
||||||
|
|
||||||
|
listener, err := net.Listen(networkType, listenAddr)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("FATAL: listen (%s, %s) failed - %s", networkType, listenAddr, err)
|
||||||
|
}
|
||||||
|
log.Printf("listening on %s", listenAddr)
|
||||||
|
|
||||||
server := &http.Server{Handler: oauthproxy}
|
server := &http.Server{Handler: oauthproxy}
|
||||||
err = server.Serve(listener)
|
err = server.Serve(listener)
|
||||||
|
Loading…
Reference in New Issue
Block a user