DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move X-Forwarded-Port variable to the location context

Browse source 
Resolves issue #4038 where the X-Forwarded-Port header would be set to the value of the https listening port if all of the following settings were satisfied:
- The ingress controller was started with a non-default HTTPS port set with the `--https-port` argument
- An ingress is created having:
  - the `nginx.ingress.kubernetes.io/auth-url` annotation set
  - TLS enabled

This commit solves this issue by moving the setting of the `pass_server_port` variable from the server, one level down to the location context.
This commit is contained in:
Jeroen Schutrup 2019-05-15 15:01:48 +02:00
parent 39144bb987
commit 8dd912114e
No known key found for this signature in database
GPG key ID: A706EF3B963ADE22
9 changed files with 208 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -817,10 +817,6 @@ stream {
{{ end }}
{{ end }}
set $proxy_upstream_name "-";
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
{{/* Listen on {{ $all.ListenPorts.SSLProxy }} because port {{ $all.ListenPorts.HTTPS }} is used in the TLS sni server */}}
{{/* This listener must always have proxy_protocol enabled, because the SNI listener forwards on source IP info in it. */}}
@ -1109,6 +1105,10 @@ stream {
set $balancer_ewma_score -1;
set $proxy_upstream_name "{{ buildUpstreamName $location }}";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";