go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-07-17 01:52:30 +02:00
Code Issues Releases Activity

Add support for systemd.socket

Browse Source 
When using sockets to pass data between e.g. nginx and oauth2-proxy it's
simpler to use sockets. Systemd can even facilitate this and pass the
actual socket directly.

This also means that only the socket runs with the same group as nginx
while the service runs with DynamicUser.

Does not support TLS yet.

nginx
```
server {
    location /oauth2/ {
      proxy_pass http://unix:/run/oauth2-proxy/oauth2.sock;
}
```

oauth2-proxy.socket
```
[Socket]
ListenStream=%t/oauth2.sock
SocketGroup=www-data
SocketMode=0660
```

Start oauth2-proxy with the parameter `--http-address=fd:3`.

Signed-off-by: Josef Johansson <josef@oderland.se>
This commit is contained in:
Josef Johansson
2024-02-25 12:31:33 +01:00
committed by Josef Johansson
parent bc8e7162db
commit 6743a9cc89
9 changed files with 432 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/apis/options/legacy_options.go
View File

@ -470,7 +470,7 @@ func legacyServerFlagset() *pflag.FlagSet {
flagSet.String("metrics-secure-address", "", "the address /metrics will be served on for HTTPS clients (e.g. \":9100\")")
flagSet.String("metrics-tls-cert-file", "", "path to certificate file for secure metrics server")
flagSet.String("metrics-tls-key-file", "", "path to private key file for secure metrics server")
flagSet.String("http-address", "127.0.0.1:4180", "[http://]<addr>:<port> or unix://<path> to listen on for HTTP clients")
flagSet.String("http-address", "127.0.0.1:4180", "[http://]<addr>:<port> or unix://<path> or fd:<int> (case insensitive) to listen on for HTTP clients")
flagSet.String("https-address", ":443", "<addr>:<port> to listen on for HTTPS clients")
flagSet.String("tls-cert-file", "", "path to certificate file")
flagSet.String("tls-key-file", "", "path to private key file")