From 76f62828a076e4a770b6b9de049b3402442321dd Mon Sep 17 00:00:00 2001 From: Eli Bixby Date: Mon, 14 Nov 2016 13:57:33 -0800 Subject: [PATCH] Add example app.yaml and oauth2_proxy.cfg --- example-app.yaml | 12 +++++++ example_oauth2_proxy.cfg | 75 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 example-app.yaml create mode 100644 example_oauth2_proxy.cfg diff --git a/example-app.yaml b/example-app.yaml new file mode 100644 index 0000000..dee1b51 --- /dev/null +++ b/example-app.yaml @@ -0,0 +1,12 @@ +runtime: custom +env: flex +threadsafe: true +resources: + memory_gb: 32 + cpu: 8 +automatic_scaling: + max_num_instances: 1 +env_variables: + EVENT_FILE_PATH: gs://ml-workshop/output/mnist_hptuning10 + RELOAD_INTERVAL: 1 + GCS_PROXY_CONFIG: gs://ml-workshop/oauth2_proxy.cfg diff --git a/example_oauth2_proxy.cfg b/example_oauth2_proxy.cfg new file mode 100644 index 0000000..8ee7d56 --- /dev/null +++ b/example_oauth2_proxy.cfg @@ -0,0 +1,75 @@ +## OAuth2 Proxy Config File +## https://github.com/bitly/oauth2_proxy + +## : to listen on for HTTP/HTTPS clients +# http_address = "127.0.0.1:4180" +# https_address = ":443" + +## TLS Settings +# tls_cert_file = "" +# tls_key_file = "" + +## the OAuth Redirect URL. +# defaults to the "https://" + requested host header + "/oauth2/callback" +# redirect_url = "https://internalapp.yourcompany.com/oauth2/callback" + +## the http url(s) of the upstream endpoint. If multiple, routing is based on path +# upstreams = [ +# "http://127.0.0.1:8080/" +# ] + +## Log requests to stdout +# request_logging = true + +## pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream +# pass_basic_auth = true +## pass the request Host Header to upstream +## when disabled the upstream Host is used as the Host Header +# pass_host_header = true + +## Email Domains to allow authentication for (this authorizes any email on this domain) +## for more granular authorization use `authenticated_emails_file` +## To authorize any email addresses use "*" +email_domains = [ + "google.com" +] + +## The OAuth Client ID, Secret +client_id = "my-client-id" +client_secret = "myclientsecret" + +## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token" +# pass_access_token = false + +## Authenticated Email Addresses File (one email per line) +# authenticated_emails_file = "" + +## Htpasswd File (optional) +## Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption +## enabling exposes a username/login signin form +# htpasswd_file = "" + +## Templates +## optional directory with custom sign_in.html and error.html +# custom_templates_dir = "" + +## Cookie Settings +## Name - the cookie name +## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes +## for use with an AES cipher when cookie_refresh or pass_access_token +## is set +## Domain - (optional) cookie domain to force cookies to (ie: .yourcompany.com) +## Expire - (duration) expire timeframe for cookie +## Refresh - (duration) refresh the cookie when duration has elapsed after cookie was initially set. +## Should be less than cookie_expire; set to 0 to disable. +## On refresh, OAuth token is re-validated. +## (ie: 1h means tokens are refreshed on request 1hr+ after it was set) +## Secure - secure cookies are only sent by the browser of a HTTPS connection (recommended) +## HttpOnly - httponly cookies are not readable by javascript (recommended) +# cookie_name = "_oauth2_proxy" +# cookie_secret = "" +# cookie_domain = "" +# cookie_expire = "168h" +# cookie_refresh = "" +# cookie_secure = true +# cookie_httponly = true