go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-06 22:42:56 +02:00
Code Issues Releases Activity

Merge pull request #1985 from isodude/systemd-socket

Browse Source 
Add support for systemd socket
This commit is contained in:
Joel Speed
2024-10-28 03:56:05 +07:00
committed by GitHub
parent 5ec03ab0e9 6743a9cc89
commit 4d2b5c30a1
10 changed files with 435 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/docs/configuration/overview.md
View File

@ -219,7 +219,7 @@ Provider specific options can be found on their respective subpages.
| Flag / Config Field | Type | Description | Default |
| ------------------------------------------------------------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
| flag: `--http-address`<br/>toml: `http_address` | string | `[http://]<addr>:<port>` or `unix://<path>` to listen on for HTTP clients. Square brackets are required for ipv6 address, e.g. `http://[::1]:4180` | `"127.0.0.1:4180"` |
| flag: `--http-address`<br/>toml: `http_address` | string | `[http://]<addr>:<port>` or `unix://<path>` or `fd:<int>` (case insensitive) to listen on for HTTP clients. Square brackets are required for ipv6 address, e.g. `http://[::1]:4180` | `"127.0.0.1:4180"` |
| flag: `--https-address`<br/>toml: `https_address` | string | `[https://]<addr>:<port>` to listen on for HTTPS clients. Square brackets are required for ipv6 address, e.g. `https://[::1]:443` | `":443"` |
| flag: `--metrics-address`<br/>toml: `metrics_address` | string | the address prometheus metrics will be scraped from | `""` |
| flag: `--metrics-secure-address`<br/>toml: `metrics_secure_address` | string | the address prometheus metrics will be scraped from if using HTTPS | `""` |

43
docs/docs/configuration/systemd_socket.md Normal file
View File

@ -0,0 +1,43 @@
---
id: systemd_socket
title: Systemd Socket Activation
---
Pass an existing listener created by systemd.socket to oauth2-proxy.
To do this create a socket:
oauth2-proxy.socket
```
[Socket]
ListenStream=%t/oauth2.sock
SocketGroup=www-data
SocketMode=0660
```
Now it's possible to call this socket from e.g. nginx:
```
server {
location /oauth2/ {
proxy_pass http://unix:/run/oauth2-proxy/oauth2.sock;
}
```
The oauth2-proxy should have `--http-address=fd:3` as a parameter.
Here fd is case insensitive and means file descriptor. The number 3 refers to the first non-stdin/stdout/stderr file descriptor,
systemd-socket-activate (which is what systemd.socket uses), listens to what it is told and passes
the listener it created onto the process, starting with file descriptor 3.
```
./oauth2-proxy \
--http-address="fd:3" \
--email-domain="yourcompany.com" \
--upstream=http://127.0.0.1:8080/ \
--cookie-secret=... \
--cookie-secure=true \
--provider=... \
--client-id=... \
--client-secret=...
```
Currently TLS is not supported (but it's doable).

1
docs/docs/installation.md
View File

@ -29,3 +29,4 @@ title: Installation
2. [Select a Provider and Register an OAuth Application with a Provider](configuration/providers/index.md)
3. [Configure OAuth2 Proxy using config file, command line options, or environment variables](configuration/overview.md)
4. [Configure SSL or Deploy behind an SSL endpoint](configuration/tls.md) (example provided for Nginx)
5. [Configure OAuth2 Proxy using systemd.socket](configuration/systemd_socket.md) (example provided for Nginx/Systemd)