github.com/pusher/oauth2_proxy@v3.2.0+incompatible/contrib/oauth2_proxy.cfg.example (about) 1 ## OAuth2 Proxy Config File 2 ## https://github.com/bitly/oauth2_proxy 3 4 ## <addr>:<port> to listen on for HTTP/HTTPS clients 5 # http_address = "127.0.0.1:4180" 6 # https_address = ":443" 7 8 ## TLS Settings 9 # tls_cert_file = "" 10 # tls_key_file = "" 11 12 ## the OAuth Redirect URL. 13 # defaults to the "https://" + requested host header + "/oauth2/callback" 14 # redirect_url = "https://internalapp.yourcompany.com/oauth2/callback" 15 16 ## the http url(s) of the upstream endpoint. If multiple, routing is based on path 17 # upstreams = [ 18 # "http://127.0.0.1:8080/" 19 # ] 20 21 ## Log requests to stdout 22 # request_logging = true 23 24 ## pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream 25 # pass_basic_auth = true 26 # pass_user_headers = true 27 ## pass the request Host Header to upstream 28 ## when disabled the upstream Host is used as the Host Header 29 # pass_host_header = true 30 31 ## Email Domains to allow authentication for (this authorizes any email on this domain) 32 ## for more granular authorization use `authenticated_emails_file` 33 ## To authorize any email addresses use "*" 34 # email_domains = [ 35 # "yourcompany.com" 36 # ] 37 38 ## The OAuth Client ID, Secret 39 # client_id = "123456.apps.googleusercontent.com" 40 # client_secret = "" 41 42 ## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token" 43 # pass_access_token = false 44 45 ## Authenticated Email Addresses File (one email per line) 46 # authenticated_emails_file = "" 47 48 ## Htpasswd File (optional) 49 ## Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption 50 ## enabling exposes a username/login signin form 51 # htpasswd_file = "" 52 53 ## Templates 54 ## optional directory with custom sign_in.html and error.html 55 # custom_templates_dir = "" 56 57 ## skip SSL checking for HTTPS requests 58 # ssl_insecure_skip_verify = false 59 60 61 ## Cookie Settings 62 ## Name - the cookie name 63 ## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes 64 ## for use with an AES cipher when cookie_refresh or pass_access_token 65 ## is set 66 ## Domain - (optional) cookie domain to force cookies to (ie: .yourcompany.com) 67 ## Expire - (duration) expire timeframe for cookie 68 ## Refresh - (duration) refresh the cookie when duration has elapsed after cookie was initially set. 69 ## Should be less than cookie_expire; set to 0 to disable. 70 ## On refresh, OAuth token is re-validated. 71 ## (ie: 1h means tokens are refreshed on request 1hr+ after it was set) 72 ## Secure - secure cookies are only sent by the browser of a HTTPS connection (recommended) 73 ## HttpOnly - httponly cookies are not readable by javascript (recommended) 74 # cookie_name = "_oauth2_proxy" 75 # cookie_secret = "" 76 # cookie_domain = "" 77 # cookie_expire = "168h" 78 # cookie_refresh = "" 79 # cookie_secure = true 80 # cookie_httponly = true