2021-05-23 16:14:37 +00:00
<!doctype html> < html lang = en class = no-js > < head > < meta charset = utf-8 > < meta name = viewport content = "width=device-width,initial-scale=1" > < link href = https://kubernetes.github.io/ingress-nginx/examples/auth/external-auth/ rel = canonical > < link rel = "shortcut icon" href = ../../../assets/images/favicon.png > < meta name = generator content = "mkdocs-1.1.2, mkdocs-material-6.2.4" > < title > External Basic Authentication - NGINX Ingress Controller< / title > < link rel = stylesheet href = ../../../assets/stylesheets/main.15aa0b43.min.css > < link rel = stylesheet href = ../../../assets/stylesheets/palette.75751829.min.css > < meta name = theme-color content = #009485 > < link rel = preconnect href = https://fonts.gstatic.com crossorigin > < link rel = stylesheet href = "https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback" > < style > body , input { font-family : "Roboto" , - apple-system , BlinkMacSystemFont , Helvetica , Arial , sans-serif } code , kbd , pre { font-family : "Roboto Mono" , SFMono-Regular , Consolas , Menlo , monospace } < / style > < link rel = stylesheet href = ../../../extra.css > < script > window . ga = window . ga || function ( ) { ( ga . q = ga . q || [ ] ) . push ( arguments ) } , ga . l = + new Date , ga ( "create" , "UA-118407822-1" , "kubernetes.github.io" ) , ga ( "set" , "anonymizeIp" , ! 0 ) , ga ( "send" , "pageview" ) , document . addEventListener ( "DOMContentLoaded" , function ( ) { document . forms . search && document . forms . search . query . addEventListener ( "blur" , function ( ) { if ( this . value ) { var e = document . location . pathname ; ga ( "send" , "pageview" , e + "?q=" + this . value ) } } ) } ) , document . addEventListener ( "DOMContentSwitch" , function ( ) { ga ( "send" , "pageview" , document . location . pathname ) } ) < / script > < script async src = https://www.google-analytics.com/analytics.js > < / script > < / head > < body dir = ltr data-md-color-scheme data-md-color-primary = teal data-md-color-accent = green > < input class = md-toggle data-md-toggle = drawer type = checkbox id = __drawer autocomplete = off > < input class = md-toggle data-md-toggle = search type = checkbox id = __search autocomplete = off > < label class = md-overlay for = __drawer > < / label > < div data-md-component = skip > < a href = #external-basic-authentication class = md-skip > Skip to content < / a > < / div > < div data-md-component = announce > < / div > < header class = md-header data-md-component = header > < nav class = "md-header-nav md-grid" aria-label = Header > < a href = https://kubernetes.github.io/ingress-nginx title = "NGINX Ingress Controller" class = "md-header-nav__button md-logo" aria-label = "NGINX Ingress Controller" > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M12 8a3 3 0 003-3 3 3 0 00-3-3 3 3 0 00-3 3 3 3 0 003 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z" / > < / svg > < / a > < label class = "md-header-nav__button md-icon" for = __drawer > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z" / > < / svg > < / label > < div class = md-header-nav__title data-md-component = header-title > < div class = md-header-nav__ellipsis > < div class = md-header-nav__topic > < span class = md-ellipsis > NGINX Ingress Controller < / span > < / div > < div class = md-header-nav__topic > < span class = md-ellipsis > External Basic Authentication < / span > < / div > < / div > < / div > < label class = "md-header-nav__button md-icon" for = __search > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z" / > < / svg > < / label > < div class = md-search data-md-component = search role = dialog > < label class = md-search__overlay for = __search > < / label > < div class = md-search__inner role = search > < form class = md-search__form name = search > < input type = text class = md-search__input name = query aria-label = Search placeholder = Search autocapitalize = off autocorrect = off autocomplete = off spellcheck = false data-md-component = search-query data-md-state = active required > < label class = "md-search__icon md-icon" for = __search > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M9.5 3A6 . 5 6 . 5 0 0116 9 . 5c0 1 . 61- . 59 3 . 09-1 . 56 4 . 23l . 27 . 27h . 79l5 5-
2020-04-15 17:09:38 +00:00
ingress " external-auth" created
2018-04-27 00:09:55 +00:00
$ kubectl get ing external-auth
NAME HOSTS ADDRESS PORTS AGE
2020-04-15 17:09:38 +00:00
external-auth external-auth-01.sample.com 172.17.4.99 80 13s
2018-04-27 00:09:55 +00:00
$ kubectl get ing external-auth -o yaml
2021-07-29 21:24:20 +00:00
apiVersion: networking.k8s.io/v1beta1
2018-04-27 00:09:55 +00:00
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/auth-url: https://httpbin.org/basic-auth/user/passwd
2020-04-15 17:09:38 +00:00
creationTimestamp: 2016-10-03T13:50:35Z
generation: 1
2018-04-27 00:09:55 +00:00
name: external-auth
namespace: default
2020-04-15 17:09:38 +00:00
resourceVersion: " 2068378"
2021-07-29 21:24:20 +00:00
selfLink: /apis/networking/v1beta1/namespaces/default/ingresses/external-auth
2018-04-27 00:09:55 +00:00
uid: 5c388f1d-8970-11e6-9004-080027d2dc94
spec:
rules:
- host: external-auth-01.sample.com
http:
paths:
- backend:
serviceName: http-svc
2020-04-15 17:09:38 +00:00
servicePort: 80
2018-04-27 00:09:55 +00:00
path: /
status:
loadBalancer:
ingress:
2020-04-15 17:09:38 +00:00
- ip: 172.17.4.99
2018-04-27 00:09:55 +00:00
$
2021-01-11 15:59:14 +00:00
< / code > < / pre > < / div > < p > Test 1: no username/password (expect code 401)< / p > < div class = highlight > < pre > < span > < / span > < code > < span class = gp > $< / span > curl -k http://172.17.4.99 -v -H < span class = s1 > ' Host: external-auth-01.sample.com' < / span >
< span class = go > * Rebuilt URL to: http://172.17.4.99/< / span >
< span class = go > * Trying 172.17.4.99...< / span >
< span class = go > * Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)< / span >
< span class = gp > > < / span > GET / HTTP/1.1
< span class = gp > > < / span > Host: external-auth-01.sample.com
< span class = gp > > < / span > User-Agent: curl/7.50.1
< span class = gp > > < / span > Accept: */*
< span class = gp > > < / span >
< span class = go > < HTTP/1.1 401 Unauthorized< / span >
< span class = go > < Server: nginx/1.11.3< / span >
< span class = go > < Date: Mon, 03 Oct 2016 14:52:08 GMT< / span >
< span class = go > < Content-Type: text/html< / span >
< span class = go > < Content-Length: 195< / span >
< span class = go > < Connection: keep-alive< / span >
< span class = go > < WWW-Authenticate: Basic realm=" Fake Realm" < / span >
< span class = go > < < / span >
< span class = go > < html> < / span >
< span class = go > < head> < title> 401 Authorization Required< /title> < /head> < / span >
< span class = go > < body bgcolor=" white" > < / span >
< span class = go > < center> < h1> 401 Authorization Required< /h1> < /center> < / span >
< span class = go > < hr> < center> nginx/1.11.3< /center> < / span >
< span class = go > < /body> < / span >
< span class = go > < /html> < / span >
< span class = go > * Connection #0 to host 172.17.4.99 left intact< / span >
< / code > < / pre > < / div > < p > Test 2: valid username/password (expect code 200) < div class = highlight > < pre > < span > < / span > < code > $ curl -k http://172.17.4.99 -v -H ' Host: external-auth-01.sample.com' -u ' user:passwd'
2018-04-27 00:09:55 +00:00
* Rebuilt URL to: http://172.17.4.99/
2020-04-15 17:09:38 +00:00
* Trying 172.17.4.99...
* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
* Server auth using Basic with user ' user'
2018-04-27 00:09:55 +00:00
> GET / HTTP/1.1
> Host: external-auth-01.sample.com
2020-04-15 17:09:38 +00:00
> Authorization: Basic dXNlcjpwYXNzd2Q=
2018-04-27 00:09:55 +00:00
> User-Agent: curl/7.50.1
> Accept: */*
>
2020-04-15 17:09:38 +00:00
< HTTP/1.1 200 OK
2018-04-27 00:09:55 +00:00
< Server: nginx/1.11.3
2020-04-15 17:09:38 +00:00
< Date: Mon, 03 Oct 2016 14:52:50 GMT
2018-04-27 00:09:55 +00:00
< Content-Type: text/plain
< Transfer-Encoding: chunked
< Connection: keep-alive
<
CLIENT VALUES:
2020-04-15 17:09:38 +00:00
client_address=10.2.60.2
command=GET
real path=/
query=nil
request_version=1.1
request_uri=http://external-auth-01.sample.com:8080/
2018-04-27 00:09:55 +00:00
SERVER VALUES:
2020-04-15 17:09:38 +00:00
server_version=nginx: 1.9.11 - lua: 10001
2018-04-27 00:09:55 +00:00
HEADERS RECEIVED:
2020-04-15 17:09:38 +00:00
accept=*/*
authorization=Basic dXNlcjpwYXNzd2Q=
connection=close
host=external-auth-01.sample.com
user-agent=curl/7.50.1
x-forwarded-for=10.2.60.1
x-forwarded-host=external-auth-01.sample.com
x-forwarded-port=80
x-forwarded-proto=http
x-real-ip=10.2.60.1
2018-04-27 00:09:55 +00:00
BODY:
2020-04-15 17:09:38 +00:00
* Connection #0 to host 172.17.4.99 left intact
2018-04-27 00:09:55 +00:00
-no body in request-
2021-01-11 15:59:14 +00:00
< / code > < / pre > < / div > < / p > < p > Test 3: invalid username/password (expect code 401) < div class = highlight > < pre > < span > < / span > < code > curl -k http://172.17.4.99 -v -H ' Host: external-auth-01.sample.com' -u ' user:user'
2018-04-27 00:09:55 +00:00
* Rebuilt URL to: http://172.17.4.99/
* Trying 172.17.4.99...
* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
* Server auth using Basic with user ' user'
> GET / HTTP/1.1
> Host: external-auth-01.sample.com
> Authorization: Basic dXNlcjp1c2Vy
> User-Agent: curl/7.50.1
> Accept: */*
>
2020-04-15 17:09:38 +00:00
< HTTP/1.1 401 Unauthorized
< Server: nginx/1.11.3
< Date: Mon, 03 Oct 2016 14:53:04 GMT
< Content-Type: text/html
< Content-Length: 195
< Connection: keep-alive
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm=" Fake Realm"
<
< html>
< head> < title> 401 Authorization Required< /title> < /head>
< body bgcolor=" white" >
< center> < h1> 401 Authorization Required< /h1> < /center>
< hr> < center> nginx/1.11.3< /center>
< /body>
< /html>
2018-04-27 00:09:55 +00:00
* Connection #0 to host 172.17.4.99 left intact
2021-01-11 15:59:14 +00:00
< / code > < / pre > < / div > < / p > < / article > < / div > < / div > < / main > < footer class = md-footer > < div class = md-footer-nav > < nav class = "md-footer-nav__inner md-grid" aria-label = Footer > < a href = ../client-certs/ class = "md-footer-nav__link md-footer-nav__link--prev" rel = prev > < div class = "md-footer-nav__button md-icon" > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z" / > < / svg > < / div > < div class = md-footer-nav__title > < div class = md-ellipsis > < span class = md-footer-nav__direction > Previous < / span > Client Certificate Authentication < / div > < / div > < / a > < a href = ../oauth-external-auth/ class = "md-footer-nav__link md-footer-nav__link--next" rel = next > < div class = md-footer-nav__title > < div class = md-ellipsis > < span class = md-footer-nav__direction > Next < / span > External OAUTH Authentication < / div > < / div > < div class = "md-footer-nav__button md-icon" > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z" / > < / svg > < / div > < / a > < / nav > < / div > < div class = "md-footer-meta md-typeset" > < div class = "md-footer-meta__inner md-grid" > < div class = md-footer-copyright > Made with < a href = https://squidfunk.github.io/mkdocs-material/ target = _blank rel = noopener > Material for MkDocs < / a > < / div > < / div > < / div > < / footer > < / div > < script src = ../../../assets/javascripts/vendor.93c04032.min.js > < / script > < script src = ../../../assets/javascripts/bundle.83e5331e.min.js > < / script > < script id = __lang type = application/json > { "clipboard.copy" : "Copy to clipboard" , "clipboard.copied" : "Copied to clipboard" , "search.config.lang" : "en" , "search.config.pipeline" : "trimmer, stopWordFilter" , "search.config.separator" : "[\\s\\-]+" , "search.placeholder" : "Search" , "search.result.placeholder" : "Type to start searching" , "search.result.none" : "No matching documents" , "search.result.one" : "1 matching document" , "search.result.other" : "# matching documents" , "search.result.more.one" : "1 more on this page" , "search.result.more.other" : "# more on this page" , "search.result.term.missing" : "Missing" } < / script > < script >
2020-04-15 17:09:38 +00:00
app = initialize({
base: "../../..",
2021-01-11 15:59:14 +00:00
features: ['navigation.tabs', 'navigation.tabs.sticky', 'navigation.instant', 'navigation.sections'],
2020-04-15 17:09:38 +00:00
search: Object.assign({
2021-01-11 15:59:14 +00:00
worker: "../../../assets/javascripts/worker/search.8c7e0a7e.min.js"
2020-04-15 17:09:38 +00:00
}, typeof search !== "undefined" & & search)
})
2021-01-11 15:59:14 +00:00
< / script > < / body > < / html >