The original example only protected the root (`/`) path, leaving other routes unsecured.
* docs: add syntax highlighting for nginx config
* docs: fix headings in `configuration/integration` page
* docs: fix redirect in caddy configuraion example
* new readme structure
* add adopters file
* add microsoft sponsorship
* add reference to adopter file
* add gopher slack invite link
* slightly rephrase nightly image section
* add sponsor request for action
* better formatting for contributor wall
* add longer wait time for stale PRs and issues and allow for exemption through bug and high-priority labels
* apply review suggestion
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
---------
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
When using sockets to pass data between e.g. nginx and oauth2-proxy it's
simpler to use sockets. Systemd can even facilitate this and pass the
actual socket directly.
This also means that only the socket runs with the same group as nginx
while the service runs with DynamicUser.
Does not support TLS yet.
nginx
```
server {
location /oauth2/ {
proxy_pass http://unix:/run/oauth2-proxy/oauth2.sock;
}
```
oauth2-proxy.socket
```
[Socket]
ListenStream=%t/oauth2.sock
SocketGroup=www-data
SocketMode=0660
```
Start oauth2-proxy with the parameter `--http-address=fd:3`.
Signed-off-by: Josef Johansson <josef@oderland.se>
When listening to a unix socket there is no RemoteAddr for http.Request.
Instead of setting nil, Go sets it to '@'. Marking the IP as trusted if
RemoteAddr allows rest of the settings for parsing remote address in
headers to be applied.
Signed-off-by: Josef Johansson <josef@oderland.se>
* Issue 2311: runtime error: index out of range [0] with length 0 while extracting state of of the csrf
---------
Co-authored-by: tuunit <jan@larwig.com>
* Remove trailing whitespaces in contribution.md
They make the pre-commit hook "trailing-whitespace" fail.
* Correct Go version in DevContainer and Contibution guide
