Documentation for Pages configuration file

doc/administration/pages/source.md

@@ -388,6 +388,11 @@ Each request to view a resource in a private site is authenticated by Pages
 using that token. For each request it receives, it makes a request to the GitLab
 API to check that the user is authorized to read that site.
 
+From [GitLab 12.8](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/3689) onwards,
+Access Control parameters for Pages are set in a configuration file, which
+by convention is named `gitlab-pages-config`. The configuration file is passed to
+pages using the `-config flag` or CONFIG environment variable.
+
 Pages access control is disabled by default. To enable it:
 
 1. Modify your `config/gitlab.yml` file:
@@ -402,13 +407,14 @@ Pages access control is disabled by default. To enable it:
    This should be called `GitLab Pages` and have a `Redirect URL` of
    `https://projects.example.io/auth`. It does not need to be a "trusted"
    application, but it does need the `api` scope.
-1. Start the Pages daemon with the following additional arguments:
+1. Start the Pages daemon by passing a configuration file with the following arguments:
 
    ```shell
-     -auth-client-secret <OAuth code generated by GitLab> \
-     -auth-redirect-uri http://projects.example.io/auth \
-     -auth-secret <40 random hex characters> \
-     -auth-server <URL of the GitLab instance>
+     auth-client-id=<OAuth Application ID generated by GitLab>
+     auth-client-secret=<OAuth code generated by GitLab>
+     auth-redirect-uri='http://projects.example.io/auth'
+     auth-secret=<40 random hex characters>
+     auth-server=<URL of the GitLab instance>
    ```
 
 1. Users can now configure it in their [projects' settings](../../user/project/pages/introduction.md#gitlab-pages-access-control-core).