Created
February 27, 2018 02:00
-
-
Save jmcarbo/9365693cde0a301bfdf863ee0fc961cf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
go get github.com/bitly/oauth2_proxy | |
htpasswd -c -b -s htpasswd bla blabla |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## OAuth2 Proxy Config File | |
## https://github.com/bitly/oauth2_proxy | |
## <addr>:<port> to listen on for HTTP/HTTPS clients | |
# http_address = "127.0.0.1:4180" | |
# https_address = ":443" | |
## TLS Settings | |
# tls_cert_file = "" | |
# tls_key_file = "" | |
## the OAuth Redirect URL. | |
# defaults to the "https://" + requested host header + "/oauth2/callback" | |
# redirect_url = "https://internalapp.yourcompany.com/oauth2/callback" | |
## the http url(s) of the upstream endpoint. If multiple, routing is based on path | |
upstreams = [ | |
"https://www.imim.cat" | |
] | |
## Log requests to stdout | |
# request_logging = true | |
## pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream | |
# pass_basic_auth = true | |
pass_user_headers = true | |
## pass the request Host Header to upstream | |
## when disabled the upstream Host is used as the Host Header | |
pass_host_header = false | |
## Email Domains to allow authentication for (this authorizes any email on this domain) | |
## for more granular authorization use `authenticated_emails_file` | |
## To authorize any email addresses use "*" | |
email_domains = [ | |
"yourcompany.com" | |
] | |
## The OAuth Client ID, Secret | |
client_id = "123456.apps.googleusercontent.com" | |
client_secret = "AAA" | |
## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token" | |
# pass_access_token = false | |
## Authenticated Email Addresses File (one email per line) | |
authenticated_emails_file = "emails.txt" | |
## Htpasswd File (optional) | |
## Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption | |
## enabling exposes a username/login signin form | |
htpasswd_file = "htpasswd" | |
## Templates | |
## optional directory with custom sign_in.html and error.html | |
# custom_templates_dir = "" | |
## skip SSL checking for HTTPS requests | |
# ssl_insecure_skip_verify = false | |
## Cookie Settings | |
## Name - the cookie name | |
## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes | |
## for use with an AES cipher when cookie_refresh or pass_access_token | |
## is set | |
## Domain - (optional) cookie domain to force cookies to (ie: .yourcompany.com) | |
## Expire - (duration) expire timeframe for cookie | |
## Refresh - (duration) refresh the cookie when duration has elapsed after cookie was initially set. | |
## Should be less than cookie_expire; set to 0 to disable. | |
## On refresh, OAuth token is re-validated. | |
## (ie: 1h means tokens are refreshed on request 1hr+ after it was set) | |
## Secure - secure cookies are only sent by the browser of a HTTPS connection (recommended) | |
## HttpOnly - httponly cookies are not readable by javascript (recommended) | |
cookie_name = "_oauth2_proxy" | |
cookie_secret = "AAAAAAAAAAAAAAAA" | |
# cookie_domain = "localhost" | |
# cookie_expire = "168h" | |
# cookie_refresh = "" | |
# cookie_secure = true | |
cookie_secure = false | |
# cookie_httponly = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
./oauth2_proxy -config oauth2.cfg |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment