c7bfbdecef
* feature: Implement graceful shutdown Propagate the request context to the Redis client. It is possible to propagate a context cancel to Redis client if the connection is closed by the HTTP client. The redis.Cmdable cannot use WithContext, so added the Client interface to handle redis.Client and redis.ClusterClient transparently. Added handling of Unix signals to http server. Upgrade go-redis/redis to v7. * Update dependencies - Upgrade golang/x/* and google-api-go - Migrate fsnotify import from gopkg.in to github.com - Replace bmizerany/assert with stretchr/testify/assert * add doc for wrapper interface * Update CHANGELOG.md * fix: upgrade fsnotify to v1.4.9 * fix: remove unnessary logging * fix: wait until all connections have been closed * refactor: move chan to main for testing * add assert to check if stop chan is empty * add an idiomatic for sync.WaitGroup with timeout |
||
---|---|---|
.github | ||
contrib | ||
docs | ||
pkg | ||
providers | ||
.dockerignore | ||
.gitignore | ||
.golangci.yml | ||
.travis.yml | ||
CHANGELOG.md | ||
configure | ||
CONTRIBUTING.md | ||
dist.sh | ||
Dockerfile | ||
Dockerfile.arm64 | ||
Dockerfile.armv6 | ||
env_options_test.go | ||
env_options.go | ||
go.mod | ||
go.sum | ||
htpasswd_test.go | ||
htpasswd.go | ||
http_test.go | ||
http.go | ||
LICENSE | ||
logging_handler_test.go | ||
logging_handler.go | ||
main.go | ||
MAINTAINERS | ||
Makefile | ||
nsswitch.conf | ||
oauthproxy_test.go | ||
oauthproxy.go | ||
options_test.go | ||
options.go | ||
README.md | ||
RELEASE.md | ||
string_array.go | ||
templates_test.go | ||
templates.go | ||
validator_test.go | ||
validator.go | ||
version.go | ||
watcher_unsupported.go | ||
watcher.go |
A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.
Note: This repository was forked from bitly/OAuth2_Proxy on 27/11/2018. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.
Note: This project was formerly hosted as pusher/oauth2_proxy
but has been renamed as of 29/03/2020 to oauth2-proxy/oauth2-proxy
.
Going forward, all images shall be available at quay.io/oauth2-proxy/oauth2-proxy
and binaries wiil been named oauth2-proxy
.
Installation
-
Choose how to deploy:
a. Download Prebuilt Binary (current release is
v5.1.0
)b. Build with
$ go get github.com/oauth2-proxy/oauth2-proxy
which will put the binary in$GOROOT/bin
c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available)
Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt
checksum file provided for each release starting with version v3.0.0
.
sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2-proxy-x.y.z.linux-amd64: OK
- Select a Provider and Register an OAuth Application with a Provider
- Configure OAuth2 Proxy using config file, command line options, or environment variables
- Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
Security
If you are running a version older than v5.0.0 we strongly recommend you please update to a current version. RE: open redirect vulnverability
Docs
Read the docs on our Docs site.
Getting Involved
If you would like to reach out to the maintainers, come talk to us in the #oauth2_proxy
channel in the Gophers slack.
Contributing
Please see our Contributing guidelines. For releasing see our release creation guide.