Updated Using nginx sso with haproxy and SPOE (markdown)

Using-nginx-sso-with-haproxy-and-SPOE.md

@@ -80,7 +80,7 @@ Configuration of nginx-sso is beyond the scope of this short howto - there's not
 
 The following contains the absolute basics, you should ensure that the rest of the configuration is fleshed out how you need it for your environment. It covers the configuration for SPOE, and how to deal with the redirects to nginx-sso for the login form. It also doesn't have any SSL configuration, that's left up to you.
 
-Note that the filter being applied can be placed in the frontend, but to selectively apply it based on the `Host: ` header takes a little care (to not apply it to the nginx-sso login domain name or path). You'll need to create an acl in the `spoa-server.spoe.conf` file, and then check that acl on the `event` line with an haproxy condition (`unless` or `if`). You will also need to change the event to be `on-frontend-http-request`.
+Note that the filter being applied can be placed in the frontend, but to selectively apply it based on the `Host: ` header will take a little extra care and attention. You don't really want to apply the filter to the nginx-sso login page domain name or path. To do this, you'll need to create an acl in the `spoa-server.spoe.conf` file, and then check that acl on the `event` line with an haproxy condition (`unless` or `if`). You will also need to change the event to be `on-frontend-http-request`. There are some commented examples in the file content below.
 
 #### haproxy.conf
 ```
@@ -136,6 +136,10 @@ spoe-agent spoa-server
 spoe-message check-sso-auth
         args ip=src ff=req.fhdr(x-forwarded-for) host=req.fhdr(host) uri=url cookies=req.fhdr(cookie)
         event on-backend-http-request
+
+# When applying to the frontend, something like this will be needed:
+#        acl is_login hdr(host) -i login.yourdomain.com
+#        event on-frontend-http-request unless is_login
 ```
 
 ### Further reading