diff --git a/examples/README.md b/examples/README.md
index 3e6a8d19f..69288dd45 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -57,7 +57,7 @@ SNI + TCP | TLS routing based on SNI hostname | nginx | Advanced
 Name | Description | Platform   | Complexity Level
 -----| ----------- | ---------- | ----------------
 Basic auth | password protect your website | nginx | Intermediate
-[External auth plugin](external-auth/README.md) | defer to an external auth service | nginx | Intermediate
+[External auth plugin](external-auth/nginx/README.md) | defer to an external auth service | nginx | Intermediate
 
 ## Protocols
 
diff --git a/examples/external-auth/README.md b/examples/external-auth/README.md
deleted file mode 100644
index 3cd0da91d..000000000
--- a/examples/external-auth/README.md
+++ /dev/null
@@ -1,45 +0,0 @@
-## External Authentication
-
-### Overview
-
-The `auth-url` and `auth-signin` annotations allow you to use an external
-authentication provider to protect your Ingress resources.
-
-(Note, this annotation requires `nginx-ingress-controller v0.9.0` or greater.)
-
-### Key Detail
-
-This functionality is enabled by deploying multiple Ingress objects for a single host.
-One Ingress object has no special annotations and handles authentication.
-
-Other Ingress objects can then be annotated in such a way that require the user to
-authenticate against the first Ingress's endpoint, and can redirect `401`s to the
-same endpoint.
-
-Sample:
-
-```
-...
-metadata:
-  name: application
-  annotations:
-    "ingress.kubernetes.io/auth-url": "https://$host/oauth2/auth"
-    "ingress.kubernetes.io/signin-url": "https://$host/oauth2/sign_in"
-...
-```
-
-### Example: OAuth2 Proxy + Kubernetes-Dashboard
-
-This example will show you how to deploy [`oauth2_proxy`](https://github.com/bitly/oauth2_proxy)
-into a Kubernetes cluster and use it to protect the Kubernetes Dashboard.
-
-#### Prepare:
-
-1. `export DOMAIN="somedomain.io"`
-2. Install `nginx-ingress`. If you haven't already, consider using `helm`: `$ helm install stable/nginx-ingress`
-3. Make sure you have a TLS cert added as a Secret named `ingress-tls` that corresponds to your `$DOMAIN`.
-
-### Deploy: `oauth2_proxy`
-
-This is the Deployment object that runs `oauth2_proxy`.
-
diff --git a/examples/external-auth/dashboard.ingress.yaml b/examples/external-auth/dashboard.ingress.yaml
deleted file mode 100644
index 60ef4df84..000000000
--- a/examples/external-auth/dashboard.ingress.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: dashboard
-  namespace: kube-system
-  annotations:
-    "ingress.kubernetes.io/auth-url": "https://$host/oauth2/auth"
-    "ingress.kubernetes.io/auth-signin": "https://$host/oauth2/sign_in"
-spec:
-  tls:
-  - secretName: 'foo-secret-966'
-    hosts:
-    - 'foo-966.bar.com'
-  rules:
-  - host: 'foo-966.bar.com'
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: kubernetes-dashboard
-          servicePort: 80
-      - parh: /oauth2
-        backend:
-          serviceName: oauth2proxy
-          servicePort: 4180
-     
diff --git a/examples/external-auth/deployment.yaml b/examples/external-auth/deployment.yaml
deleted file mode 100644
index 5329d90eb..000000000
--- a/examples/external-auth/deployment.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: oauth2-proxy
-  labels:
-    k8s-app: oauth2proxy
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        k8s-app: oauth2proxy
-    spec:
-      volumes:
-      - name: oauth2proxy-secret
-        secret:
-          secretName: oauth2proxy
-      containers:
-      - name: oauth2proxy
-        image: docker.io/colemickens/oauth2_proxy:latest
-        imagePullPolicy: Always
-        ports:
-        - containerPort: 4180
-        args:
-        - --provider=github
-        - --email-domain=*
----
-
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    k8s-app: oauth2proxy
-  name: oauth2proxy
-spec:
-  ports:
-  - name: http
-    port: 4180
-    protocol: TCP
-    targetPort: 4180
-  selector:
-    k8s-app: oauth2proxy
diff --git a/examples/external-auth/nginx/README.md b/examples/external-auth/nginx/README.md
new file mode 100644
index 000000000..d61e395d4
--- /dev/null
+++ b/examples/external-auth/nginx/README.md
@@ -0,0 +1,64 @@
+## External Authentication
+
+### Overview
+
+The `auth-url` and `auth-signin` annotations allow you to use an external
+authentication provider to protect your Ingress resources.
+
+(Note, this annotation requires `nginx-ingress-controller v0.9.0` or greater.)
+
+### Key Detail
+
+This functionality is enabled by deploying multiple Ingress objects for a single host.
+One Ingress object has no special annotations and handles authentication.
+
+Other Ingress objects can then be annotated in such a way that require the user to
+authenticate against the first Ingress's endpoint, and can redirect `401`s to the
+same endpoint.
+
+Sample:
+
+```
+...
+metadata:
+  name: application
+  annotations:
+    "ingress.kubernetes.io/auth-url": "https://$host/oauth2/auth"
+    "ingress.kubernetes.io/signin-url": "https://$host/oauth2/sign_in"
+...
+```
+
+### Example: OAuth2 Proxy + Kubernetes-Dashboard
+
+This example will show you how to deploy [`oauth2_proxy`](https://github.com/bitly/oauth2_proxy)
+into a Kubernetes cluster and use it to protect the Kubernetes Dashboard.
+
+#### Prepare:
+
+1. Install the kubernetes dashboard
+
+```console
+kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/kubernetes-dashboard/v1.5.0.yaml
+```
+
+2. Create a custom Github OAuth application https://github.com/settings/applications/new
+
+- Homepage URL is the FQDN in the Ingress rule, like `https://foo.bar.com`
+- Authorization callback URL is the same as the base FQDN plus `/oauth2`, like `https://foo.bar.com/oauth2`
+
+3. Configure oauth2_proxy values in the file oauth2-proxy.yaml with the values:
+
+- OAUTH2_PROXY_CLIENT_ID with the github `<Client ID>`
+- OAUTH2_PROXY_CLIENT_SECRET with the github `<Client Secret>`
+- OAUTH2_PROXY_COOKIE_SECRET with value of `python -c 'import os,base64; print base64.b64encode(os.urandom(16))'`      
+
+4. Customize the contents of the file dashboard-ingress.yaml:
+
+Replace `__INGRESS_HOST__` with a valid FQDN and `__INGRESS_SECRET__` with a Secret with a valid SSL certificate.
+
+5. Deploy the oauth2 proxy and the ingress rules running:
+```console
+$ kubectl create -f oauth2-proxy.yaml,dashboard-ingress.yaml
+```
+
+Test the oauth integration accessing the configured URL, like `https://foo.bar.com`
diff --git a/examples/external-auth/nginx/dashboard-ingress.yaml b/examples/external-auth/nginx/dashboard-ingress.yaml
new file mode 100644
index 000000000..642e38f5b
--- /dev/null
+++ b/examples/external-auth/nginx/dashboard-ingress.yaml
@@ -0,0 +1,38 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/auth-signin: https://$host/oauth2/sign_in
+    ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+  name: external-auth-oauth2
+  namespace: kube-system
+spec:
+  rules:
+  - host: __INGRESS_HOST__
+    http:
+      paths:
+      - backend:
+          serviceName: kubernetes-dashboard
+          servicePort: 80
+        path: /
+
+---
+
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: oauth2-proxy
+  namespace: kube-system
+spec:
+  rules:
+  - host: __INGRESS_HOST__
+    http:
+      paths:
+      - backend:
+          serviceName: oauth2-proxy
+          servicePort: 4180
+        path: /oauth2
+  tls:
+  - hosts:
+    - __INGRESS_HOST__
+    secretName: __INGRESS_SECRET__
diff --git a/examples/external-auth/nginx/oauth2-proxy.yaml b/examples/external-auth/nginx/oauth2-proxy.yaml
new file mode 100644
index 000000000..1735f4690
--- /dev/null
+++ b/examples/external-auth/nginx/oauth2-proxy.yaml
@@ -0,0 +1,56 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    k8s-app: oauth2-proxy
+  name: oauth2-proxy
+  namespace: kube-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      k8s-app: oauth2-proxy
+  template:
+    metadata:
+      labels:
+        k8s-app: oauth2-proxy
+    spec:
+      containers:
+      - args:
+        - --provider=github
+        - --email-domain=*
+        - --upstream=file:///dev/null
+        - --http-address=0.0.0.0:4180
+        # Register a new application
+        # https://github.com/settings/applications/new
+        env:
+        - name: OAUTH2_PROXY_CLIENT_ID
+          value: <Client ID>
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          value: <Client Secret>
+        # python -c 'import os,base64; print base64.b64encode(os.urandom(16))'
+        - name: OAUTH2_PROXY_COOKIE_SECRET
+          value: SECRET
+        image: docker.io/colemickens/oauth2_proxy:latest
+        imagePullPolicy: Always
+        name: oauth2-proxy
+        ports:
+        - containerPort: 4180
+          protocol: TCP
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    k8s-app: oauth2-proxy
+  name: oauth2-proxy
+spec:
+  ports:
+  - name: http
+    port: 4180
+    protocol: TCP
+    targetPort: 4180
+  selector:
+    k8s-app: oauth2-proxy