readme example updates

This commit is contained in:
Jehiah Czebotar 2012-12-26 21:53:02 +00:00
parent 4fd712566a
commit e3002667fc
2 changed files with 21 additions and 15 deletions

View File

@ -47,7 +47,7 @@ Usage of ./google_auth_proxy:
-cookie-secret="": the seed string for secure cookies -cookie-secret="": the seed string for secure cookies
-google-apps-domain="": authenticate against the given google apps domain -google-apps-domain="": authenticate against the given google apps domain
-htpasswd-file="": additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption -htpasswd-file="": additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
-http-address="0.0.0.0:4180": <addr>:<port> to listen on for HTTP clients -http-address="127.0.0.1:4180": <addr>:<port> to listen on for HTTP clients
-pass-basic-auth=true: pass HTTP Basic Auth information to upstream -pass-basic-auth=true: pass HTTP Basic Auth information to upstream
-redirect-url="": the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback" -redirect-url="": the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
-upstream=[]: the http url(s) of the upstream endpoint. If multiple, routing is based on path -upstream=[]: the http url(s) of the upstream endpoint. If multiple, routing is based on path
@ -57,20 +57,12 @@ Usage of ./google_auth_proxy:
## Example Configuration ## Example Configuration
To run `google_auth_proxy` as a reverse proxy on port `4180` authenticating requests for an application running This example has a [Nginx](http://nginx.org/) SSL endpoint proxying to `google_auth_proxy` on port `4180`.
on port `8080` at `http://internal.yourcompany.com/` you would use `google_auth_proxy` then authenticates requests for an upstream application running on port `8080`. The external
endpoint for this example would be `https://internal.yourcompany.com/`.
```bash An example Nginx config follows. Note the use of `Strict-Transport-Security` header to pin requests to SSL
./google_auth_proxy \ via [HSTS](http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security):
--redirect-url="https://internal.yourcompany.com/oauth2/callback" \
--google-apps-domain="yourcompany.com" \
--upstream=http://127.0.0.1:8080/ \
--cookie-secret=... \
--client-id=... \
--client-secret=...
```
An example Nginx config to listen on ssl (port 443) and forward requests to port google_auth_proxy on port 4180 would be
``` ```
server { server {
@ -92,6 +84,20 @@ server {
} }
``` ```
The command line to run `google_auth_proxy` would look like this:
```bash
./google_auth_proxy \
--redirect-url="https://internal.yourcompany.com/oauth2/callback" \
--google-apps-domain="yourcompany.com" \
--upstream=http://127.0.0.1:8080/ \
--cookie-secret=... \
--client-id=... \
--client-secret=...
```
## Endpoint Documentation ## Endpoint Documentation
Google auth proxy responds directly to the following endpoints. All other endpoints will be authenticated. Google auth proxy responds directly to the following endpoints. All other endpoints will be authenticated.

View File

@ -14,7 +14,7 @@ const VERSION = "0.0.1"
var ( var (
showVersion = flag.Bool("version", false, "print version string") showVersion = flag.Bool("version", false, "print version string")
httpAddr = flag.String("http-address", "0.0.0.0:4180", "<addr>:<port> to listen on for HTTP clients") httpAddr = flag.String("http-address", "127.0.0.1:4180", "<addr>:<port> to listen on for HTTP clients")
redirectUrl = flag.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"") redirectUrl = flag.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"")
clientID = flag.String("client-id", "", "the Google OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"") clientID = flag.String("client-id", "", "the Google OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"")
clientSecret = flag.String("client-secret", "", "the OAuth Client Secret") clientSecret = flag.String("client-secret", "", "the OAuth Client Secret")