Implement a reverse proxy

1 files changed, 33 insertions, 0 deletions

diff --git a/doc/webid-oidc.texi b/doc/webid-oidc.texi
index 6a0e633..dda97bd 100644
--- a/doc/webid-oidc.texi
+++ b/doc/webid-oidc.texi
@@ -438,6 +438,7 @@ the seed.
 @chapter Running a Resource Server
 
 @menu
+* Running webid-oidc-reverse-proxy::
 * The authenticator::
 @end menu
 
@@ -445,6 +446,38 @@ A Solid server is the server that manages your data. It needs to check
 that the proofs of possession are correct, and the possessed key is
 signed by the identity provider.
 
+@node Running webid-oidc-reverse-proxy
+@section Running webid-oidc-reverse-proxy
+
+The distribution comes with a reverse proxy, aptly named
+@code{webid-oidc-reverse-proxy}, to listen to an interface, take
+requests, authenticate them, and pass them to a backend with an
+additional header containing the webid of the agent, if authenticated.
+
+The reverse proxy is invoked with the following arguments:
+
+@table @asis
+@item @code{-p}@var{PORT}, @code{--port=}@var{PORT}
+the port on which the reverse proxy listens;
+@item @code{-i}@var{INBOUND}, @code{--inbound-uri=}@var{INBOUND}
+the public name of the server;
+@item @code{-o}@var{OUTBOUND}, @code{--outbound-uri=}@var{OUTBOUND}
+the address of the backend;
+@item @code{-H}@var{HEADER}, @code{--header=}@var{HEADER}
+replace the name of the header that will contain the webid of the
+user. Defaults to @code{XXX-Agent}. Please note that this value should
+be ASCII, otherwise it’s not guaranteed that the reverse proxy will
+drop other capitalizations of the header in malicious requests;
+@item @code{-l @var{FILE.log}}, or @code{--log-file=@var{FILE.log}}
+let the server dump all its output to @var{FILE.log}. See the identity
+provider comment;
+@item @code{-e @var{FILE.err}}, or @code{--error-file=@var{FILE.err}}
+let the server dump all its errors to @var{FILE.err}.
+@end table
+
+You can localize the interface by setting the @var{LANG} environment
+variable.
+
 @node The authenticator
 @section The authenticator