Documentation updates around Redis and Redis Sentinel use
This commit is contained in:
parent
518c1d3e8e
commit
ae0258a203
@ -75,7 +75,10 @@ Usage of oauth2_proxy:
|
|||||||
-pubjwk-url string: JWK pubkey access endpoint: required by login.gov
|
-pubjwk-url string: JWK pubkey access endpoint: required by login.gov
|
||||||
-redeem-url string: Token redemption endpoint
|
-redeem-url string: Token redemption endpoint
|
||||||
-redirect-url string: the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
|
-redirect-url string: the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
|
||||||
-redis-connection-url string: URL of redis server for redis session storage type (eg: redis://HOST[:PORT])
|
-redis-connection-url string: URL of redis server for redis session storage (eg: redis://HOST[:PORT])
|
||||||
|
-redis-sentinel-master-name string: Redis sentinel master name. Used in conjuction with --redis-use-sentinel
|
||||||
|
-redis-sentinel-connection-urls: List of Redis sentinel conneciton URLs (eg redis://HOST[:PORT]). Used in conjuction with --redis-use-sentinel
|
||||||
|
-redis-use-sentinel: Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-connection-urls to use this feature (default: false)
|
||||||
-request-logging: Log requests to stdout (default true)
|
-request-logging: Log requests to stdout (default true)
|
||||||
-request-logging-format: Template for request log lines (see "Logging Configuration" paragraph below)
|
-request-logging-format: Template for request log lines (see "Logging Configuration" paragraph below)
|
||||||
-resource string: The resource that is protected (Azure AD only)
|
-resource string: The resource that is protected (Azure AD only)
|
||||||
|
@ -55,4 +55,13 @@ to which the session is stored. The encoded session is encrypted with the secret
|
|||||||
in redis via the `SETEX` command.
|
in redis via the `SETEX` command.
|
||||||
|
|
||||||
Encrypting every session uniquely protects the refresh/access/id tokens stored in the session from
|
Encrypting every session uniquely protects the refresh/access/id tokens stored in the session from
|
||||||
disclosure.
|
disclosure.
|
||||||
|
|
||||||
|
#### Usage
|
||||||
|
|
||||||
|
When using the redis store, specify `--session-store-type=redis` as well as the Redis connection URL, via
|
||||||
|
`--redis-connection-url=redis://host[:port][/db-number]`.
|
||||||
|
|
||||||
|
You may also configure the store for Redis Sentinel. In this case, you will want to use the
|
||||||
|
`--redis-use-sentinel=true` flag, as well as configure the flags `--redis-sentinel-master-name`
|
||||||
|
and `--redis-sentinel-connection-urls` appropriately.
|
||||||
|
4
main.go
4
main.go
@ -78,9 +78,9 @@ func main() {
|
|||||||
|
|
||||||
flagSet.String("session-store-type", "cookie", "the session storage provider to use")
|
flagSet.String("session-store-type", "cookie", "the session storage provider to use")
|
||||||
flagSet.String("redis-connection-url", "", "URL of redis server for redis session storage (eg: redis://HOST[:PORT])")
|
flagSet.String("redis-connection-url", "", "URL of redis server for redis session storage (eg: redis://HOST[:PORT])")
|
||||||
flagSet.Bool("redis-use-sentinel", false, "Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-conneciton-urls to use this feature")
|
flagSet.Bool("redis-use-sentinel", false, "Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-connection-urls to use this feature")
|
||||||
flagSet.String("redis-sentinel-master-name", "", "Redis sentinel master name. Used in conjuction with --redis-use-sentinel")
|
flagSet.String("redis-sentinel-master-name", "", "Redis sentinel master name. Used in conjuction with --redis-use-sentinel")
|
||||||
flagSet.Var(&redisSentinelConnectionURLs, "redis-sentinel-connection-urls", "List of Redis sentinel conneciton URLs (eg redis://HOST[:PORT]). Used in conjuction with --redis-use-sentinel")
|
flagSet.Var(&redisSentinelConnectionURLs, "redis-sentinel-connection-urls", "List of Redis sentinel connection URLs (eg redis://HOST[:PORT]). Used in conjuction with --redis-use-sentinel")
|
||||||
|
|
||||||
flagSet.String("logging-filename", "", "File to log requests to, empty for stdout")
|
flagSet.String("logging-filename", "", "File to log requests to, empty for stdout")
|
||||||
flagSet.Int("logging-max-size", 100, "Maximum size in megabytes of the log file before rotation")
|
flagSet.Int("logging-max-size", 100, "Maximum size in megabytes of the log file before rotation")
|
||||||
|
Loading…
Reference in New Issue
Block a user