Readme: update --help usage
This commit is contained in:
parent
3fa5635d6c
commit
f457a9042a
96
README.md
96
README.md
@ -157,54 +157,56 @@ An example [oauth2_proxy.cfg](contrib/oauth2_proxy.cfg.example) config file is i
|
|||||||
|
|
||||||
```
|
```
|
||||||
Usage of oauth2_proxy:
|
Usage of oauth2_proxy:
|
||||||
-approval-prompt="force": Oauth approval_prompt
|
-approval-prompt string: OAuth approval_prompt (default "force")
|
||||||
-authenticated-emails-file="": authenticate against emails via file (one per line)
|
-authenticated-emails-file string: authenticate against emails via file (one per line)
|
||||||
-azure-tenant="common": go to a tenant-specific or common (tenant-independent) endpoint.
|
-azure-tenant string: go to a tenant-specific or common (tenant-independent) endpoint. (default "common")
|
||||||
-basic-auth-password="": the password to set when passing the HTTP Basic Auth header
|
-basic-auth-password string: the password to set when passing the HTTP Basic Auth header
|
||||||
-client-id="": the OAuth Client ID: ie: "123456.apps.googleusercontent.com"
|
-client-id string: the OAuth Client ID: ie: "123456.apps.googleusercontent.com"
|
||||||
-client-secret="": the OAuth Client Secret
|
-client-secret string: the OAuth Client Secret
|
||||||
-config="": path to config file
|
-config string: path to config file
|
||||||
-cookie-domain="": an optional cookie domain to force cookies to (ie: .yourcompany.com)*
|
-cookie-domain string: an optional cookie domain to force cookies to (ie: .yourcompany.com)*
|
||||||
-cookie-expire=168h0m0s: expire timeframe for cookie
|
-cookie-expire duration: expire timeframe for cookie (default 168h0m0s)
|
||||||
-cookie-httponly=true: set HttpOnly cookie flag
|
-cookie-httponly: set HttpOnly cookie flag (default true)
|
||||||
-cookie-name="_oauth2_proxy": the name of the cookie that the oauth_proxy creates
|
-cookie-name string: the name of the cookie that the oauth_proxy creates (default "_oauth2_proxy")
|
||||||
-cookie-refresh=0: refresh the cookie after this duration; 0 to disable
|
-cookie-refresh duration: refresh the cookie after this duration; 0 to disable
|
||||||
-cookie-secret="": the seed string for secure cookies
|
-cookie-secret string: the seed string for secure cookies (optionally base64 encoded)
|
||||||
-cookie-secure=true: set secure (HTTPS) cookie flag
|
-cookie-secure: set secure (HTTPS) cookie flag (default true)
|
||||||
-custom-templates-dir="": path to custom html templates
|
-custom-templates-dir string: path to custom html templates
|
||||||
-display-htpasswd-form=true: display username / password login form if an htpasswd file is provided
|
-display-htpasswd-form: display username / password login form if an htpasswd file is provided (default true)
|
||||||
-email-domain=: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email
|
-email-domain value: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email
|
||||||
-github-org="": restrict logins to members of this organisation
|
-footer string: custom footer string. Use "-" to disable default footer.
|
||||||
-github-team="": restrict logins to members of this team
|
-github-org string: restrict logins to members of this organisation
|
||||||
-google-admin-email="": the google admin to impersonate for api calls
|
-github-team string: restrict logins to members of this team
|
||||||
-google-group=: restrict logins to members of this google group (may be given multiple times).
|
-google-admin-email string: the google admin to impersonate for api calls
|
||||||
-google-service-account-json="": the path to the service account json credentials
|
-google-group value: restrict logins to members of this google group (may be given multiple times).
|
||||||
-htpasswd-file="": additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
|
-google-service-account-json string: the path to the service account json credentials
|
||||||
-http-address="127.0.0.1:4180": [http://]<addr>:<port> or unix://<path> to listen on for HTTP clients
|
-htpasswd-file string: additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
|
||||||
-https-address=":443": <addr>:<port> to listen on for HTTPS clients
|
-http-address string: [http://]<addr>:<port> or unix://<path> to listen on for HTTP clients (default "127.0.0.1:4180")
|
||||||
-login-url="": Authentication endpoint
|
-https-address string: <addr>:<port> to listen on for HTTPS clients (default ":443")
|
||||||
-pass-access-token=false: pass OAuth access_token to upstream via X-Forwarded-Access-Token header
|
-login-url string: Authentication endpoint
|
||||||
-pass-basic-auth=true: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
|
-pass-access-token: pass OAuth access_token to upstream via X-Forwarded-Access-Token header
|
||||||
-pass-user-headers=true: pass X-Forwarded-User and X-Forwarded-Email information to upstream
|
-pass-basic-auth: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream (default true)
|
||||||
-pass-host-header=true: pass the request Host Header to upstream
|
-pass-host-header: pass the request Host Header to upstream (default true)
|
||||||
-profile-url="": Profile access endpoint
|
-pass-user-headers: pass X-Forwarded-User and X-Forwarded-Email information to upstream (default true)
|
||||||
-provider="google": OAuth provider
|
-profile-url string: Profile access endpoint
|
||||||
-proxy-prefix="/oauth2": the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in)
|
-provider string: OAuth provider (default "google")
|
||||||
-redeem-url="": Token redemption endpoint
|
-proxy-prefix string: the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in) (default "/oauth2")
|
||||||
-redirect-url="": the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
|
-redeem-url string: Token redemption endpoint
|
||||||
-resource="": the resource that is being protected. ie: "https://graph.windows.net". Currently only used in the Azure provider.
|
-redirect-url string: the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
|
||||||
-request-logging=true: Log requests to stdout
|
-request-logging: Log requests to stdout (default true)
|
||||||
-scope="": Oauth scope specification
|
-resource string: The resource that is protected (Azure AD only)
|
||||||
-signature-key="": GAP-Signature request signature key (algorithm:secretkey)
|
-scope string: OAuth scope specification
|
||||||
-skip-auth-regex=: bypass authentication for requests path's that match (may be given multiple times)
|
-set-xauthrequest: set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)
|
||||||
-skip-auth-preflight=false: bypass authentication for OPTIONAL requests so preflight requests could succeed when using CORS
|
-signature-key string: GAP-Signature request signature key (algorithm:secretkey)
|
||||||
-skip-provider-button=false: will skip sign-in-page to directly reach the next step: oauth/start
|
-skip-auth-preflight: will skip authentication for OPTIONS requests
|
||||||
|
-skip-auth-regex value: bypass authentication for requests path's that match (may be given multiple times)
|
||||||
|
-skip-provider-button: will skip sign-in-page to directly reach the next step: oauth/start
|
||||||
-ssl-insecure-skip-verify: skip validation of certificates presented when using HTTPS
|
-ssl-insecure-skip-verify: skip validation of certificates presented when using HTTPS
|
||||||
-tls-cert="": path to certificate file
|
-tls-cert string: path to certificate file
|
||||||
-tls-key="": path to private key file
|
-tls-key string: path to private key file
|
||||||
-upstream=: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path
|
-upstream value: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path
|
||||||
-validate-url="": Access token validation endpoint
|
-validate-url string: Access token validation endpoint
|
||||||
-version=false: print version string
|
-version: print version string
|
||||||
```
|
```
|
||||||
|
|
||||||
See below for provider specific options
|
See below for provider specific options
|
||||||
|
Loading…
Reference in New Issue
Block a user