1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-11-29 22:48:19 +02:00

Documentation updates around Redis and Redis Sentinel use

This commit is contained in:
Brian Van Klaveren
2019-05-28 13:26:40 -07:00
parent 518c1d3e8e
commit ae0258a203
3 changed files with 16 additions and 4 deletions

View File

@@ -75,7 +75,10 @@ Usage of oauth2_proxy:
-pubjwk-url string: JWK pubkey access endpoint: required by login.gov
-redeem-url string: Token redemption endpoint
-redirect-url string: the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
-redis-connection-url string: URL of redis server for redis session storage type (eg: redis://HOST[:PORT])
-redis-connection-url string: URL of redis server for redis session storage (eg: redis://HOST[:PORT])
-redis-sentinel-master-name string: Redis sentinel master name. Used in conjuction with --redis-use-sentinel
-redis-sentinel-connection-urls: List of Redis sentinel conneciton URLs (eg redis://HOST[:PORT]). Used in conjuction with --redis-use-sentinel
-redis-use-sentinel: Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-connection-urls to use this feature (default: false)
-request-logging: Log requests to stdout (default true)
-request-logging-format: Template for request log lines (see "Logging Configuration" paragraph below)
-resource string: The resource that is protected (Azure AD only)

View File

@@ -55,4 +55,13 @@ to which the session is stored. The encoded session is encrypted with the secret
in redis via the `SETEX` command.
Encrypting every session uniquely protects the refresh/access/id tokens stored in the session from
disclosure.
disclosure.
#### Usage
When using the redis store, specify `--session-store-type=redis` as well as the Redis connection URL, via
`--redis-connection-url=redis://host[:port][/db-number]`.
You may also configure the store for Redis Sentinel. In this case, you will want to use the
`--redis-use-sentinel=true` flag, as well as configure the flags `--redis-sentinel-master-name`
and `--redis-sentinel-connection-urls` appropriately.