For anyone who is interested in using the OAuth2 Proxy reverse proxy (https://oauth2-proxy.github.io/oauth2-proxy/) to protect web applications using Duo authentication, below is an example of the config file that I used to get this working for us.  You will first need install the OAuth2 Proxy (see docs on their website). Next setup a "Generic OIDC Relying Party - Single Sign-On" application config in the Duo Admin portal, and then finally use the data from that in the config file below.  I don't claim that this is all 100% correct, but it seems to be working well for us and I thought that others might benefit from being able to use this system.

http_address = "127.0.0.1:4180"
https_address = ":443"
tls_cert_file = "cert.pem"
tls_key_file = "key.pem"
upstreams = [
    "https://yourserver.example.com/"
]
provider = 'oidc'
provider_display_name = 'Duo SSO'
email_domains = *
client_id = "XXXXXXXX" ## copy from Client ID field on Duo Admin Portal
client_secret = "XXXXXXXX" ## copy from Client Secret field on Duo Admin Portal
scope= "openid email profile"
pass_access_token = true
code_challenge_method = 'S256'

## copy from Issuer field on Duo Admin Portal
oidc_issuer_url = 'https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx' 

## copy from JWKS URL field on Duo Admin Portal
oidc_jwks_url = 'https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/jwks' 

## copy from Token Introspection URL field on Duo Admin Portal
validate_url = 'https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/token_introspection' 

## copy from UserInfo field on Duo Admin Portal
profile_url = 'https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/userinfo' 

## copy from Token URL field on Duo Admin Portal
redeem_url = 'https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/token' 

cookie_name = "_oauth2_proxy"
cookie_secret = "xxxxxxxx"  ## seed for encrypting cookies, should be 16, 24, or 32 bytes
cookie_secure = true
cookie_csrf_per_request = false
cookie_csrf_expire = '5m'