flagSet.Bool("set-xauthrequest",false,"set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)")
flagSet.Var(&upstreams,"upstream","the http url(s) of the upstream endpoint, file:// paths for static files or static://<status_code> for static response. Routing is based on the path")
flagSet.StringSlice("upstream",[]string{},"the http url(s) of the upstream endpoint, file:// paths for static files or static://<status_code> for static response. Routing is based on the path")
flagSet.Bool("pass-basic-auth",true,"pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream")
flagSet.Bool("set-basic-auth",false,"set HTTP Basic Auth information in response (useful in Nginx auth_request mode)")
flagSet.Bool("prefer-email-to-user",false,"Prefer to use the Email address as the Username when passing information to upstream. Will only use Username if Email is unavailable, eg. htaccess authentication. Used in conjunction with -pass-basic-auth and -pass-user-headers")
...
...
@@ -52,17 +41,17 @@ func main() {
flagSet.Bool("pass-host-header",true,"pass the request Host Header to upstream")
flagSet.Bool("pass-authorization-header",false,"pass the Authorization Header to upstream")
flagSet.Bool("set-authorization-header",false,"set Authorization response headers (useful in Nginx auth_request mode)")
flagSet.Var(&skipAuthRegex,"skip-auth-regex","bypass authentication for requests path's that match (may be given multiple times)")
flagSet.StringSlice("skip-auth-regex",[]string{},"bypass authentication for requests path's that match (may be given multiple times)")
flagSet.Bool("skip-provider-button",false,"will skip sign-in-page to directly reach the next step: oauth/start")
flagSet.Bool("skip-auth-preflight",false,"will skip authentication for OPTIONS requests")
flagSet.Bool("ssl-insecure-skip-verify",false,"skip validation of certificates presented when using HTTPS providers")
flagSet.Bool("ssl-upstream-insecure-skip-verify",false,"skip validation of certificates presented when using HTTPS upstreams")
flagSet.Duration("flush-interval",time.Duration(1)*time.Second,"period between response flushing when streaming responses")
flagSet.Bool("skip-jwt-bearer-tokens",false,"will skip requests that have verified JWT bearer tokens (default false)")
flagSet.Var(&jwtIssuers,"extra-jwt-issuers","if skip-jwt-bearer-tokens is set, a list of extra JWT issuer=audience pairs (where the issuer URL has a .well-known/openid-configuration or a .well-known/jwks.json)")
flagSet.StringSlice("extra-jwt-issuers",[]string{},"if skip-jwt-bearer-tokens is set, a list of extra JWT issuer=audience pairs (where the issuer URL has a .well-known/openid-configuration or a .well-known/jwks.json)")
flagSet.Var(&emailDomains,"email-domain","authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email")
flagSet.Var(&whitelistDomains,"whitelist-domain","allowed domains for redirection after authentication. Prefix domain with a . to allow subdomains (eg .example.com)")
flagSet.StringSlice("email-domain",[]string{},"authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email")
flagSet.StringSlice("whitelist-domain",[]string{},"allowed domains for redirection after authentication. Prefix domain with a . to allow subdomains (eg .example.com)")
flagSet.String("keycloak-group","","restrict login to members of this group.")
flagSet.String("azure-tenant","common","go to a tenant-specific or common (tenant-independent) endpoint.")
flagSet.String("bitbucket-team","","restrict logins to members of this team")
...
...
@@ -70,7 +59,7 @@ func main() {
flagSet.String("github-org","","restrict logins to members of this organisation")
flagSet.String("github-team","","restrict logins to members of this team")
flagSet.String("gitlab-group","","restrict logins to members of this group")
flagSet.Var(&googleGroups,"google-group","restrict logins to members of this google group (may be given multiple times).")
flagSet.StringSlice("google-group",[]string{},"restrict logins to members of this google group (may be given multiple times).")
flagSet.String("google-admin-email","","the google admin to impersonate for api calls")
flagSet.String("google-service-account-json","","the path to the service account json credentials")
flagSet.String("cookie-name","_oauth2_proxy","the name of the cookie that the oauth_proxy creates")
flagSet.String("cookie-secret","","the seed string for secure cookies (optionally base64 encoded)")
flagSet.Var(&cookieDomains,"cookie-domain","Optional cookie domains to force cookies to (ie: `.yourcompany.com`). The longest domain matching the request's host will be used (or the shortest cookie domain if there is no match).")
flagSet.StringSlice("cookie-domain",[]string{},"Optional cookie domains to force cookies to (ie: `.yourcompany.com`). The longest domain matching the request's host will be used (or the shortest cookie domain if there is no match).")
flagSet.String("cookie-path","/","an optional cookie path to force cookies to (ie: /poc/)*")
flagSet.Duration("cookie-expire",time.Duration(168)*time.Hour,"expire timeframe for cookie")
flagSet.Duration("cookie-refresh",time.Duration(0),"refresh the cookie after this duration; 0 to disable")
...
...
@@ -102,9 +91,9 @@ func main() {
flagSet.String("redis-sentinel-master-name","","Redis sentinel master name. Used in conjunction with --redis-use-sentinel")
flagSet.String("redis-ca-path","","Redis custom CA path")
flagSet.Bool("redis-insecure-skip-tls-verify",false,"Use insecure TLS connection to redis")
flagSet.Var(&redisSentinelConnectionURLs,"redis-sentinel-connection-urls","List of Redis sentinel connection URLs (eg redis://HOST[:PORT]). Used in conjunction with --redis-use-sentinel")
flagSet.StringSlice("redis-sentinel-connection-urls",[]string{},"List of Redis sentinel connection URLs (eg redis://HOST[:PORT]). Used in conjunction with --redis-use-sentinel")
flagSet.Bool("redis-use-cluster",false,"Connect to redis cluster. Must set --redis-cluster-connection-urls to use this feature")
flagSet.Var(&redisClusterConnectionURLs,"redis-cluster-connection-urls","List of Redis cluster connection URLs (eg redis://HOST[:PORT]). Used in conjunction with --redis-use-cluster")
flagSet.StringSlice("redis-cluster-connection-urls",[]string{},"List of Redis cluster connection URLs (eg redis://HOST[:PORT]). Used in conjunction with --redis-use-cluster")
flagSet.String("logging-filename","","File to log requests to, empty for stdout")
flagSet.Int("logging-max-size",100,"Maximum size in megabytes of the log file before rotation")
...
...
@@ -149,10 +138,7 @@ func main() {
flagSet.String("user-id-claim","email","which claim contains the user ID")