github.com/pusher/oauth2_proxy@v3.2.0+incompatible/contrib/oauth2_proxy.cfg.example

github.com/pusher/oauth2_proxy@v3.2.0+incompatible/contrib/oauth2_proxy.cfg.example (about)

     1  ## OAuth2 Proxy Config File
     2  ## https://github.com/bitly/oauth2_proxy
     3  
     4  ## <addr>:<port> to listen on for HTTP/HTTPS clients
     5  # http_address = "127.0.0.1:4180"
     6  # https_address = ":443"
     7  
     8  ## TLS Settings
     9  # tls_cert_file = ""
    10  # tls_key_file = ""
    11  
    12  ## the OAuth Redirect URL.
    13  # defaults to the "https://" + requested host header + "/oauth2/callback"
    14  # redirect_url = "https://internalapp.yourcompany.com/oauth2/callback"
    15  
    16  ## the http url(s) of the upstream endpoint. If multiple, routing is based on path
    17  # upstreams = [
    18  #     "http://127.0.0.1:8080/"
    19  # ]
    20  
    21  ## Log requests to stdout
    22  # request_logging = true
    23  
    24  ## pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
    25  # pass_basic_auth = true
    26  # pass_user_headers = true
    27  ## pass the request Host Header to upstream
    28  ## when disabled the upstream Host is used as the Host Header
    29  # pass_host_header = true 
    30  
    31  ## Email Domains to allow authentication for (this authorizes any email on this domain)
    32  ## for more granular authorization use `authenticated_emails_file`
    33  ## To authorize any email addresses use "*"
    34  # email_domains = [
    35  #     "yourcompany.com"
    36  # ]
    37  
    38  ## The OAuth Client ID, Secret
    39  # client_id = "123456.apps.googleusercontent.com"
    40  # client_secret = ""
    41  
    42  ## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token"
    43  # pass_access_token = false
    44  
    45  ## Authenticated Email Addresses File (one email per line)
    46  # authenticated_emails_file = ""
    47  
    48  ## Htpasswd File (optional)
    49  ## Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
    50  ## enabling exposes a username/login signin form
    51  # htpasswd_file = ""
    52  
    53  ## Templates
    54  ## optional directory with custom sign_in.html and error.html
    55  # custom_templates_dir = ""
    56  
    57  ## skip SSL checking for HTTPS requests
    58  # ssl_insecure_skip_verify = false
    59  
    60  
    61  ## Cookie Settings
    62  ## Name     - the cookie name
    63  ## Secret   - the seed string for secure cookies; should be 16, 24, or 32 bytes
    64  ##            for use with an AES cipher when cookie_refresh or pass_access_token
    65  ##            is set
    66  ## Domain   - (optional) cookie domain to force cookies to (ie: .yourcompany.com)
    67  ## Expire   - (duration) expire timeframe for cookie
    68  ## Refresh  - (duration) refresh the cookie when duration has elapsed after cookie was initially set.
    69  ##            Should be less than cookie_expire; set to 0 to disable.
    70  ##            On refresh, OAuth token is re-validated. 
    71  ##            (ie: 1h means tokens are refreshed on request 1hr+ after it was set)
    72  ## Secure   - secure cookies are only sent by the browser of a HTTPS connection (recommended)
    73  ## HttpOnly - httponly cookies are not readable by javascript (recommended)
    74  # cookie_name = "_oauth2_proxy"
    75  # cookie_secret = ""
    76  # cookie_domain = ""
    77  # cookie_expire = "168h"
    78  # cookie_refresh = ""
    79  # cookie_secure = true
    80  # cookie_httponly = true