DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add auth-signin annotation

Browse source
This commit is contained in:
Cole Mickens 2017-02-02 02:22:44 -08:00 committed by Manuel de Brito Fontes
parent 4c0a616f5c
commit 09e6aabce4
8 changed files with 158 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

8
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -244,6 +244,8 @@ http {
{{ end }}
{{ if not (empty $location.ExternalAuth.Method) }}
proxy_method {{ $location.ExternalAuth.Method }};
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
{{ end }}
proxy_set_header Host $host;
proxy_pass_request_headers on;
@ -269,6 +271,10 @@ http {
auth_request {{ $authPath }};
{{ end }}
{{ if not (empty $location.ExternalAuth.SigninURL) }}
error_page 401 = {{ $location.ExternalAuth.SigninURL }};
{{ end }}
{{ if (or $location.Redirect.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect)) }}
# enforce ssl on server side
if ($pass_access_scheme = http) {
@ -315,6 +321,8 @@ http {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/