DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #410 from aledbf/colemickens-signin-url

Browse source 
Add support for "signin url"
This commit is contained in:
Manuel Alejandro de Brito Fontes 2017-03-09 11:21:42 -03:00 committed by GitHub
commit a5f8af70bf
8 changed files with 201 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

5
controllers/nginx/Makefile
View file

@ -6,6 +6,7 @@ BUILDTAGS=
RELEASE?=0.9.0-beta.2
PREFIX?=gcr.io/google_containers/nginx-ingress-controller
GOOS?=linux
DOCKER?=gcloud docker --
REPO_INFO=$(shell git config --get remote.origin.url)
@ -21,10 +22,10 @@ build: clean
-o rootfs/nginx-ingress-controller ${PKG}/pkg/cmd/controller
container: build
docker build --pull -t $(PREFIX):$(RELEASE) rootfs
$(DOCKER) build --pull -t $(PREFIX):$(RELEASE) rootfs
push: container
gcloud docker -- push $(PREFIX):$(RELEASE)
$(DOCKER) push $(PREFIX):$(RELEASE)
fmt:
@echo "+ $@"

8
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -246,6 +246,8 @@ http {
{{ end }}
{{ if not (empty $location.ExternalAuth.Method) }}
proxy_method {{ $location.ExternalAuth.Method }};
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
{{ end }}
proxy_set_header Host $host;
proxy_pass_request_headers on;
@ -271,6 +273,10 @@ http {
auth_request {{ $authPath }};
{{ end }}
{{ if not (empty $location.ExternalAuth.SigninURL) }}
error_page 401 = {{ $location.ExternalAuth.SigninURL }};
{{ end }}
{{ if (or $location.Redirect.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect)) }}
# enforce ssl on server side
if ($pass_access_scheme = http) {
@ -317,6 +323,8 @@ http {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/