diff --git a/docs/configuration/configuration.md b/docs/configuration/configuration.md index 82b45a3..d631eaf 100644 --- a/docs/configuration/configuration.md +++ b/docs/configuration/configuration.md @@ -75,7 +75,10 @@ Usage of oauth2_proxy: -pubjwk-url string: JWK pubkey access endpoint: required by login.gov -redeem-url string: Token redemption endpoint -redirect-url string: the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback" - -redis-connection-url string: URL of redis server for redis session storage type (eg: redis://HOST[:PORT]) + -redis-connection-url string: URL of redis server for redis session storage (eg: redis://HOST[:PORT]) + -redis-sentinel-master-name string: Redis sentinel master name. Used in conjuction with --redis-use-sentinel + -redis-sentinel-connection-urls: List of Redis sentinel conneciton URLs (eg redis://HOST[:PORT]). Used in conjuction with --redis-use-sentinel + -redis-use-sentinel: Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-connection-urls to use this feature (default: false) -request-logging: Log requests to stdout (default true) -request-logging-format: Template for request log lines (see "Logging Configuration" paragraph below) -resource string: The resource that is protected (Azure AD only) diff --git a/docs/configuration/sessions.md b/docs/configuration/sessions.md index 103d424..0ffe392 100644 --- a/docs/configuration/sessions.md +++ b/docs/configuration/sessions.md @@ -55,4 +55,13 @@ to which the session is stored. The encoded session is encrypted with the secret in redis via the `SETEX` command. Encrypting every session uniquely protects the refresh/access/id tokens stored in the session from -disclosure. \ No newline at end of file +disclosure. + +#### Usage + +When using the redis store, specify `--session-store-type=redis` as well as the Redis connection URL, via +`--redis-connection-url=redis://host[:port][/db-number]`. + +You may also configure the store for Redis Sentinel. In this case, you will want to use the +`--redis-use-sentinel=true` flag, as well as configure the flags `--redis-sentinel-master-name` +and `--redis-sentinel-connection-urls` appropriately. diff --git a/main.go b/main.go index 7f230f4..a66c4fc 100644 --- a/main.go +++ b/main.go @@ -78,9 +78,9 @@ func main() { flagSet.String("session-store-type", "cookie", "the session storage provider to use") flagSet.String("redis-connection-url", "", "URL of redis server for redis session storage (eg: redis://HOST[:PORT])") - flagSet.Bool("redis-use-sentinel", false, "Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-conneciton-urls to use this feature") + flagSet.Bool("redis-use-sentinel", false, "Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-connection-urls to use this feature") flagSet.String("redis-sentinel-master-name", "", "Redis sentinel master name. Used in conjuction with --redis-use-sentinel") - flagSet.Var(&redisSentinelConnectionURLs, "redis-sentinel-connection-urls", "List of Redis sentinel conneciton URLs (eg redis://HOST[:PORT]). Used in conjuction with --redis-use-sentinel") + flagSet.Var(&redisSentinelConnectionURLs, "redis-sentinel-connection-urls", "List of Redis sentinel connection URLs (eg redis://HOST[:PORT]). Used in conjuction with --redis-use-sentinel") flagSet.String("logging-filename", "", "File to log requests to, empty for stdout") flagSet.Int("logging-max-size", 100, "Maximum size in megabytes of the log file before rotation")