1 files changed, 51 insertions, 0 deletions

diff --git a/doc/manual.html b/doc/manual.html
index d010685..f0535c2 100644
--- a/doc/manual.html
+++ b/doc/manual.html
@@ -987,6 +987,57 @@
       check that the proofs of possession are correct, and the
       possessed key is signed by the identity provider.
     </p>
+    <h2>Running webid-oidc-reverse-proxy</h2>
+    <p>
+      The distribution comes with a reverse proxy, aptly named
+      <pre>webid-oidc-reverse-proxy</pre>, to listen to an interface,
+      take requests, authenticate them, and pass them to a backend
+      with an additional header containing the webid of the agent, if
+      authenticated.
+    </p>
+    <p>The reverse proxy is invoked with the following arguments:</p>
+    <ul>
+      <li>
+        <pre>-p</pre> <info:var>PORT</info:var>,
+        <pre>--port=</pre><info:var>PORT</info:var>: the port on which
+        the reverse proxy listens;
+      </li>
+      <li>
+        <pre>-i</pre> <info:var>INBOUND</info:var>,
+        <pre>--inbound-uri=</pre><info:var>INBOUND</info:var>: the
+        public name of the server;
+      </li>
+      <li>
+        <pre>-o</pre> <info:var>OUTBOUND</info:var>,
+        <pre>--outbound-uri=</pre><info:var>OUTBOUND</info:var>: the
+        address of the backend;
+      </li>
+      <li>
+        <pre>-H</pre> <info:var>HEADER</info:var>,
+        <pre>--header=</pre><info:var>HEADER</info:var>: replace the
+        name of the header that will contain the webid of the
+        user. Defaults to <pre>XXX-Agent</pre>. Please note that this
+        value should be ASCII, otherwise it’s not guaranteed that the
+        reverse proxy will drop other capitalizations of the header in
+        malicious requests.
+      </li>
+      <li>
+        <pre>-l <info:var>FILE.log</info:var></pre>, or
+        <pre>--log-file=<info:var>FILE.log</info:var></pre> let the
+        server dump all its output to
+        <info:var>FILE.log</info:var>. See the identity provider
+        comment.
+      </li>
+      <li>
+        <pre>-e <info:var>FILE.err</info:var></pre>, or
+        <pre>--error-file=<info:var>FILE.err</info:var></pre> let the
+        server dump all its errors to <info:var>FILE.err</info:var>.
+      </li>
+    </ul>
+    <p>
+      You can localize the interface by setting the
+      <info:var>LANG</info:var> environment variable.
+    </p>
     <h2>The authenticator</h2>
     <p>
       In <emph>(webid-oidc&#160;jws)</emph>, the following function