DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add header to upstream server for external authentication

Browse source
This commit is contained in:
Manuel de Brito Fontes 2017-09-27 23:51:01 -03:00
parent 7d4cd1ba27
commit 8fc6101d3b
3 changed files with 4 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

5
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -684,7 +684,7 @@ stream {
{{ end }}
{{ if not (empty $location.ExternalAuth.SigninURL) }}
error_page 401 = {{ buildAuthSignURL $location.ExternalAuth.SigninURL }};
error_page 401 = $location.ExternalAuth.SigninURL;
{{ end }}
{{/* if the location contains a rate limit annotation, create one */}}
@ -743,6 +743,9 @@ stream {
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
{{/* This header is used for external authentication */}}
proxy_set_header X-Auth-Request-Redirect $request_uri;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";