docs: restructure navigation and extract configuration examples (#57)

- Change navigation labels from "Tutorial" to "Docs" for clearer semantics
- Extract configuration examples from configuration.md into separate examples.md page
- Improve documentation organization by moving examples to higher priority (position 3)
- Remove Quick Start section from intro.md and add Next Steps with proper links
- Fix incorrect environment variable names (TLS_LISTEN, DATA_PATH)
- Simplify configuration examples to focus on essential use cases

Author: hrntknr

docs/docs/configuration.md

@@ -65,8 +65,8 @@ Complete reference for all MCP Auth Proxy configuration options.
 | Option         | Environment Variable | Default  | Description                  |
 | -------------- | -------------------- | -------- | ---------------------------- |
 | `--listen`     | `LISTEN`             | `:80`    | Address to listen on         |
-| `--listen-tls` | `LISTEN_TLS`         | `:443`   | Address to listen on for TLS |
-| `--data`       | `DATA`               | `./data` | Path to the data directory   |
+| `--listen-tls` | `TLS_LISTEN`         | `:443`   | Address to listen on for TLS |
+| `--data`       | `DATA_PATH`          | `./data` | Path to the data directory   |
 
 ### Proxy Options
 
@@ -75,136 +75,4 @@ Complete reference for all MCP Auth Proxy configuration options.
 | `--proxy-bearer-token` | `PROXY_BEARER_TOKEN` | -       | Bearer token to add to Authorization header when proxying requests                                    |
 | `--proxy-headers`      | `PROXY_HEADERS`      | -       | Comma-separated list of headers to add when proxying requests (format: Header1:Value1,Header2:Value2) |
 
-## Environment Variables
-
-All configuration options can be set via environment variables:
-
-```bash
-# Core settings
-export EXTERNAL_URL="https://{your-domain}"
-export NO_AUTO_TLS="false"
-export TLS_ACCEPT_TOS="true"
-export DATA="./data"
-
-# Authentication
-export PASSWORD="your-secure-password"
-
-# Google OAuth
-export GOOGLE_CLIENT_ID="your-google-client-id"
-export GOOGLE_CLIENT_SECRET="your-google-client-secret"
-export GOOGLE_ALLOWED_USERS="[email protected],[email protected]"
-
-# GitHub OAuth
-export GITHUB_CLIENT_ID="your-github-client-id"
-export GITHUB_CLIENT_SECRET="your-github-client-secret"
-export GITHUB_ALLOWED_USERS="username1,username2"
-
-# OIDC
-export OIDC_CONFIGURATION_URL="https://provider.com/.well-known/openid-configuration"
-export OIDC_CLIENT_ID="your-oidc-client-id"
-export OIDC_CLIENT_SECRET="your-oidc-client-secret"
-export OIDC_ALLOWED_USERS="[email protected],[email protected]"
-
-./mcp-auth-proxy -- your-mcp-command
-```
-
-## Docker Configuration
-
-### Docker Compose
-
-```yaml
-version: "3.8"
-services:
-  mcp-auth-proxy:
-    image: ghcr.io/sigbit/mcp-auth-proxy:latest
-    ports:
-      - "80:80"
-      - "443:443"
-    environment:
-      - EXTERNAL_URL=https://{your-domain}
-      - TLS_ACCEPT_TOS=true
-      - PASSWORD=your-secure-password
-      - GOOGLE_CLIENT_ID=your-google-client-id
-      - GOOGLE_CLIENT_SECRET=your-google-client-secret
-      - [email protected],[email protected]
-    volumes:
-      - ./data:/data
-    command: ["npx", "-y", "@modelcontextprotocol/server-filesystem", "./"]
-    restart: unless-stopped
-```
-
-### Kubernetes Deployment
-
-```yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: mcp-auth-proxy
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: mcp-auth-proxy
-  template:
-    metadata:
-      labels:
-        app: mcp-auth-proxy
-    spec:
-      containers:
-        - name: mcp-auth-proxy
-          image: ghcr.io/sigbit/mcp-auth-proxy:latest
-          ports:
-            - containerPort: 80
-          env:
-            - name: EXTERNAL_URL
-              value: "https://{your-domain}"
-            - name: NO_AUTO_TLS
-              value: "true"
-            - name: PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: mcp-auth-proxy-secrets
-                  key: password
-          volumeMounts:
-            - name: data
-              mountPath: /data
-          args: ["npx", "-y", "@modelcontextprotocol/server-filesystem", "./"]
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: mcp-auth-proxy-data
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: mcp-auth-proxy
-spec:
-  selector:
-    app: mcp-auth-proxy
-  ports:
-    - port: 80
-      targetPort: 80
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: mcp-auth-proxy
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-spec:
-  tls:
-    - hosts:
-        - { your-domain }
-      secretName: mcp-auth-proxy-tls
-  rules:
-    - host: { your-domain }
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: mcp-auth-proxy
-                port:
-                  number: 80
-```
+For practical configuration examples including environment variables, Docker Compose, and Kubernetes deployments, see the [Configuration Examples](./examples.md) page.

docs/docs/examples.md

@@ -0,0 +1,120 @@
+---
+sidebar_position: 3
+---
+
+# Configuration Examples
+
+This page provides practical configuration examples for different deployment scenarios.
+
+For detailed information about each configuration option, see the [Configuration Reference](./configuration.md).
+
+## Binary Usage
+
+```bash
+./mcp-auth-proxy \
+  --external-url "https://your-domain.com" \
+  --password "your-secure-password" \
+  --tls-accept-tos \
+  -- npx -y @modelcontextprotocol/server-filesystem ./
+```
+
+## Docker Configuration
+
+### Docker Compose
+
+```yaml
+version: "3.8"
+services:
+  mcp-auth-proxy:
+    image: ghcr.io/sigbit/mcp-auth-proxy:latest
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      - EXTERNAL_URL=https://{your-domain}
+      - TLS_ACCEPT_TOS=true
+      - PASSWORD=your-secure-password
+      - GOOGLE_CLIENT_ID=your-google-client-id
+      - GOOGLE_CLIENT_SECRET=your-google-client-secret
+      - [email protected],[email protected]
+    volumes:
+      - ./data:/data
+    command: ["npx", "-y", "@modelcontextprotocol/server-filesystem", "./"]
+    restart: unless-stopped
+```
+
+### Kubernetes Deployment
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mcp-auth-proxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mcp-auth-proxy
+  template:
+    metadata:
+      labels:
+        app: mcp-auth-proxy
+    spec:
+      containers:
+        - name: mcp-auth-proxy
+          image: ghcr.io/sigbit/mcp-auth-proxy:latest
+          ports:
+            - containerPort: 80
+          env:
+            - name: EXTERNAL_URL
+              value: "https://{your-domain}"
+            - name: NO_AUTO_TLS
+              value: "true"
+            - name: PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mcp-auth-proxy-secrets
+                  key: password
+          volumeMounts:
+            - name: data
+              mountPath: /data
+          args: ["npx", "-y", "@modelcontextprotocol/server-filesystem", "./"]
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: mcp-auth-proxy-data
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mcp-auth-proxy
+spec:
+  selector:
+    app: mcp-auth-proxy
+  ports:
+    - port: 80
+      targetPort: 80
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: mcp-auth-proxy
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  tls:
+    - hosts:
+        - { your-domain }
+      secretName: mcp-auth-proxy-tls
+  rules:
+    - host: { your-domain }
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: mcp-auth-proxy
+                port:
+                  number: 80
+```

docs/docs/intro.md

@@ -25,16 +25,8 @@ MCP Auth Proxy sits between MCP clients (like Claude, ChatGPT, GitHub Copilot) a
 3. **Authorization**: Access is granted based on configured user allowlists
 4. **Proxying**: Authenticated requests are forwarded to your MCP server
 
-## Quick Start
+## Next Steps
 
-Get started in minutes with a simple command:
-
-```bash
-./mcp-auth-proxy \
-  --external-url https://{your-domain} \
-  --tls-accept-tos \
-  --password changeme \
-  -- npx -y @modelcontextprotocol/server-filesystem ./
-```
-
-Your authenticated MCP endpoint will be available at `https://{your-domain}/mcp`.
+- [Quick Start Guide](./quickstart.md) - Get up and running in minutes
+- [OAuth Setup](./oauth-setup.md) - Configure secure authentication providers
+- [Client Integration](./client-integration.md) - Connect with MCP clients

docs/docusaurus.config.ts

@@ -49,9 +49,9 @@ const config: Config = {
       items: [
         {
           type: "docSidebar",
-          sidebarId: "tutorialSidebar",
+          sidebarId: "docsSidebar",
           position: "left",
-          label: "Tutorial",
+          label: "Docs",
         },
         {
           href: "https://github.com/sigbit/mcp-auth-proxy",
@@ -67,7 +67,7 @@ const config: Config = {
           title: "Docs",
           items: [
             {
-              label: "Tutorial",
+              label: "Docs",
               to: "/docs/intro",
             },
           ],

docs/sidebars.ts

@@ -1,7 +1,7 @@
 import type { SidebarsConfig } from "@docusaurus/plugin-content-docs";
 
 const sidebars: SidebarsConfig = {
-  tutorialSidebar: [{ type: "autogenerated", dirName: "." }],
+  docsSidebar: [{ type: "autogenerated", dirName: "." }],
 };
 
 export default sidebars;