Move X-Forwarded-Port variable to the location context
Resolves issue #4038 where the X-Forwarded-Port header would be set to the value of the https listening port if all of the following settings were satisfied: - The ingress controller was started with a non-default HTTPS port set with the `--https-port` argument - An ingress is created having: - the `nginx.ingress.kubernetes.io/auth-url` annotation set - TLS enabled This commit solves this issue by moving the setting of the `pass_server_port` variable from the server, one level down to the location context.
This commit is contained in:
parent
39144bb987
commit
8dd912114e
9 changed files with 208 additions and 7 deletions
|
|
@ -817,10 +817,6 @@ stream {
|
|||
{{ end }}
|
||||
{{ end }}
|
||||
set $proxy_upstream_name "-";
|
||||
set $pass_access_scheme $scheme;
|
||||
set $pass_server_port $server_port;
|
||||
set $best_http_host $http_host;
|
||||
set $pass_port $pass_server_port;
|
||||
|
||||
{{/* Listen on {{ $all.ListenPorts.SSLProxy }} because port {{ $all.ListenPorts.HTTPS }} is used in the TLS sni server */}}
|
||||
{{/* This listener must always have proxy_protocol enabled, because the SNI listener forwards on source IP info in it. */}}
|
||||
|
|
@ -1109,6 +1105,10 @@ stream {
|
|||
set $balancer_ewma_score -1;
|
||||
set $proxy_upstream_name "{{ buildUpstreamName $location }}";
|
||||
set $proxy_host $proxy_upstream_name;
|
||||
set $pass_access_scheme $scheme;
|
||||
set $pass_server_port $server_port;
|
||||
set $best_http_host $http_host;
|
||||
set $pass_port $pass_server_port;
|
||||
|
||||
set $proxy_alternative_upstream_name "";
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue