Merge pull request #380 from jehiah/release_380

Release v2.2
This commit is contained in:
Jehiah Czebotar 2017-04-24 12:22:11 -04:00 committed by GitHub
commit b90a23473f
3 changed files with 52 additions and 52 deletions

View File

@ -1,7 +1,7 @@
language: go language: go
go: go:
- 1.7.5 - 1.7.5
- 1.8 - 1.8.1
script: script:
- curl -s https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm > gpm - curl -s https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm > gpm
- chmod +x gpm - chmod +x gpm

100
README.md
View File

@ -1,8 +1,6 @@
oauth2_proxy oauth2_proxy
================= =================
<small>(This project was renamed from Google Auth Proxy - May 2015)</small>
A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others)
to validate accounts by email, domain or group. to validate accounts by email, domain or group.
@ -17,7 +15,7 @@ to validate accounts by email, domain or group.
## Installation ## Installation
1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v2.1`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin` 1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v2.2`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin`
2. Select a Provider and Register an OAuth Application with a Provider 2. Select a Provider and Register an OAuth Application with a Provider
3. Configure OAuth2 Proxy using config file, command line options, or environment variables 3. Configure OAuth2 Proxy using config file, command line options, or environment variables
4. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx) 4. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
@ -159,54 +157,56 @@ An example [oauth2_proxy.cfg](contrib/oauth2_proxy.cfg.example) config file is i
``` ```
Usage of oauth2_proxy: Usage of oauth2_proxy:
-approval-prompt="force": Oauth approval_prompt -approval-prompt string: OAuth approval_prompt (default "force")
-authenticated-emails-file="": authenticate against emails via file (one per line) -authenticated-emails-file string: authenticate against emails via file (one per line)
-azure-tenant="common": go to a tenant-specific or common (tenant-independent) endpoint. -azure-tenant string: go to a tenant-specific or common (tenant-independent) endpoint. (default "common")
-basic-auth-password="": the password to set when passing the HTTP Basic Auth header -basic-auth-password string: the password to set when passing the HTTP Basic Auth header
-client-id="": the OAuth Client ID: ie: "123456.apps.googleusercontent.com" -client-id string: the OAuth Client ID: ie: "123456.apps.googleusercontent.com"
-client-secret="": the OAuth Client Secret -client-secret string: the OAuth Client Secret
-config="": path to config file -config string: path to config file
-cookie-domain="": an optional cookie domain to force cookies to (ie: .yourcompany.com)* -cookie-domain string: an optional cookie domain to force cookies to (ie: .yourcompany.com)*
-cookie-expire=168h0m0s: expire timeframe for cookie -cookie-expire duration: expire timeframe for cookie (default 168h0m0s)
-cookie-httponly=true: set HttpOnly cookie flag -cookie-httponly: set HttpOnly cookie flag (default true)
-cookie-name="_oauth2_proxy": the name of the cookie that the oauth_proxy creates -cookie-name string: the name of the cookie that the oauth_proxy creates (default "_oauth2_proxy")
-cookie-refresh=0: refresh the cookie after this duration; 0 to disable -cookie-refresh duration: refresh the cookie after this duration; 0 to disable
-cookie-secret="": the seed string for secure cookies -cookie-secret string: the seed string for secure cookies (optionally base64 encoded)
-cookie-secure=true: set secure (HTTPS) cookie flag -cookie-secure: set secure (HTTPS) cookie flag (default true)
-custom-templates-dir="": path to custom html templates -custom-templates-dir string: path to custom html templates
-display-htpasswd-form=true: display username / password login form if an htpasswd file is provided -display-htpasswd-form: display username / password login form if an htpasswd file is provided (default true)
-email-domain=: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email -email-domain value: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email
-github-org="": restrict logins to members of this organisation -footer string: custom footer string. Use "-" to disable default footer.
-github-team="": restrict logins to members of this team -github-org string: restrict logins to members of this organisation
-google-admin-email="": the google admin to impersonate for api calls -github-team string: restrict logins to members of this team
-google-group=: restrict logins to members of this google group (may be given multiple times). -google-admin-email string: the google admin to impersonate for api calls
-google-service-account-json="": the path to the service account json credentials -google-group value: restrict logins to members of this google group (may be given multiple times).
-htpasswd-file="": additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption -google-service-account-json string: the path to the service account json credentials
-http-address="127.0.0.1:4180": [http://]<addr>:<port> or unix://<path> to listen on for HTTP clients -htpasswd-file string: additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
-https-address=":443": <addr>:<port> to listen on for HTTPS clients -http-address string: [http://]<addr>:<port> or unix://<path> to listen on for HTTP clients (default "127.0.0.1:4180")
-login-url="": Authentication endpoint -https-address string: <addr>:<port> to listen on for HTTPS clients (default ":443")
-pass-access-token=false: pass OAuth access_token to upstream via X-Forwarded-Access-Token header -login-url string: Authentication endpoint
-pass-basic-auth=true: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream -pass-access-token: pass OAuth access_token to upstream via X-Forwarded-Access-Token header
-pass-user-headers=true: pass X-Forwarded-User and X-Forwarded-Email information to upstream -pass-basic-auth: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream (default true)
-pass-host-header=true: pass the request Host Header to upstream -pass-host-header: pass the request Host Header to upstream (default true)
-profile-url="": Profile access endpoint -pass-user-headers: pass X-Forwarded-User and X-Forwarded-Email information to upstream (default true)
-provider="google": OAuth provider -profile-url string: Profile access endpoint
-proxy-prefix="/oauth2": the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in) -provider string: OAuth provider (default "google")
-redeem-url="": Token redemption endpoint -proxy-prefix string: the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in) (default "/oauth2")
-redirect-url="": the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback" -redeem-url string: Token redemption endpoint
-resource="": the resource that is being protected. ie: "https://graph.windows.net". Currently only used in the Azure provider. -redirect-url string: the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
-request-logging=true: Log requests to stdout -request-logging: Log requests to stdout (default true)
-scope="": Oauth scope specification -resource string: The resource that is protected (Azure AD only)
-signature-key="": GAP-Signature request signature key (algorithm:secretkey) -scope string: OAuth scope specification
-skip-auth-regex=: bypass authentication for requests path's that match (may be given multiple times) -set-xauthrequest: set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)
-skip-auth-preflight=false: bypass authentication for OPTIONAL requests so preflight requests could succeed when using CORS -signature-key string: GAP-Signature request signature key (algorithm:secretkey)
-skip-provider-button=false: will skip sign-in-page to directly reach the next step: oauth/start -skip-auth-preflight: will skip authentication for OPTIONS requests
-skip-auth-regex value: bypass authentication for requests path's that match (may be given multiple times)
-skip-provider-button: will skip sign-in-page to directly reach the next step: oauth/start
-ssl-insecure-skip-verify: skip validation of certificates presented when using HTTPS -ssl-insecure-skip-verify: skip validation of certificates presented when using HTTPS
-tls-cert="": path to certificate file -tls-cert string: path to certificate file
-tls-key="": path to private key file -tls-key string: path to private key file
-upstream=: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path -upstream value: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path
-validate-url="": Access token validation endpoint -validate-url string: Access token validation endpoint
-version=false: print version string -version: print version string
``` ```
See below for provider specific options See below for provider specific options

View File

@ -1,3 +1,3 @@
package main package main
const VERSION = "2.2.0-alpha" const VERSION = "2.2.0"