## OAuth2 Proxy Config File ## https://github.com/bitly/oauth2_proxy ## : to listen on for HTTP/HTTPS clients # http_address = "127.0.0.1:4180" # https_address = ":443" ## TLS Settings # tls_cert_file = "" # tls_key_file = "" ## the OAuth Redirect URL. # defaults to the "https://" + requested host header + "/oauth2/callback" # redirect_url = "https://internalapp.yourcompany.com/oauth2/callback" ## the http url(s) of the upstream endpoint. If multiple, routing is based on path # upstreams = [ # "http://127.0.0.1:8080/" # ] ## Log requests to stdout # request_logging = true ## pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream # pass_basic_auth = true ## pass the request Host Header to upstream ## when disabled the upstream Host is used as the Host Header # pass_host_header = true ## Email Domains to allow authentication for (this authorizes any email on this domain) ## for more granular authorization use `authenticated_emails_file` ## To authorize any email addresses use "*" # email_domains = [ # "yourcompany.com" # ] ## The OAuth Client ID, Secret # client_id = "123456.apps.googleusercontent.com" # client_secret = "" ## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token" # pass_access_token = false ## Authenticated Email Addresses File (one email per line) # authenticated_emails_file = "" ## Htpasswd File (optional) ## Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption ## enabling exposes a username/login signin form # htpasswd_file = "" ## Templates ## optional directory with custom sign_in.html and error.html # custom_templates_dir = "" ## Cookie Settings ## Key - the cookie name ## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes ## for use with an AES cipher when cookie_refresh or pass_access_token ## is set ## Domain - (optional) cookie domain to force cookies to (ie: .yourcompany.com) ## Expire - (duration) expire timeframe for cookie ## Refresh - (duration) refresh the cookie when less than this much time remains before ## expiration; should be less than cookie_expire; set to 0 to disable. ## Refresh revalidated the OAuth token to ensure it is still valid. ie: 24h ## Secure - secure cookies are only sent by the browser of a HTTPS connection (recommended) ## HttpOnly - httponly cookies are not readable by javascript (recommended) # cookie_key = "_oauth2proxy" # cookie_secret = "" # cookie_domain = "" # cookie_expire = "168h" # cookie_refresh = "" # cookie_secure = true # cookie_httponly = true