DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enable Customization of Auth Request Redirect (#1993)

Browse source 
Adds the 'nginx.ingress.kubernetes.io/auth-request-redirect'
annotation, which allows the customization of the
'X-Auth-Request-Redirect' Header. Fixes: #1979
This commit is contained in:
Fernando Diaz 2018-01-27 18:32:08 -06:00 committed by Manuel Alejandro de Brito Fontes
parent efec983ed4
commit d1ae7ff29c
7 changed files with 89 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

19
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -316,7 +316,6 @@ http {
{{ end }}
upstream {{ $upstream.Name }} {
{{ if $upstream.UpstreamHashBy }}
hash {{ $upstream.UpstreamHashBy }} consistent;
@ -623,7 +622,6 @@ stream {
more_set_headers "Strict-Transport-Security: max-age={{ $all.Cfg.HSTSMaxAge }}{{ if $all.Cfg.HSTSIncludeSubdomains }}; includeSubDomains{{ end }};{{ if $all.Cfg.HSTSPreload }} preload{{ end }}";
{{ end }}
{{ if not (empty $server.CertificateAuth.CAFileName) }}
# PEM sha: {{ $server.CertificateAuth.PemSHA }}
ssl_client_certificate {{ $server.CertificateAuth.CAFileName }};
@ -648,7 +646,7 @@ stream {
}
{{ end }}
{{ if not (empty $authPath) }}
{{ if $authPath }}
location = {{ $authPath }} {
internal;
set $proxy_upstream_name "external-authentication";
@ -656,7 +654,7 @@ stream {
proxy_pass_request_body off;
proxy_set_header Content-Length "";
{{ if not (empty $location.ExternalAuth.Method) }}
{{ if $location.ExternalAuth.Method }}
proxy_method {{ $location.ExternalAuth.Method }};
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
@ -665,9 +663,14 @@ stream {
proxy_set_header Host {{ $location.ExternalAuth.Host }};
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Auth-Request-Redirect $request_uri;
proxy_set_header X-Sent-From "nginx-ingress-controller";
{{ if $location.ExternalAuth.RequestRedirect }}
proxy_set_header X-Auth-Request-Redirect {{ $location.ExternalAuth.RequestRedirect }};
{{ else }}
proxy_set_header X-Auth-Request-Redirect $request_uri;
{{ end }}
proxy_http_version 1.1;
proxy_ssl_server_name on;
proxy_pass_request_headers on;
@ -726,7 +729,7 @@ stream {
}
{{ end }}
{{ if not (empty $authPath) }}
{{ if $authPath }}
# this location requires authentication
auth_request {{ $authPath }};
auth_request_set $auth_cookie $upstream_http_set_cookie;
@ -736,7 +739,7 @@ stream {
{{- end }}
{{ end }}
{{ if not (empty $location.ExternalAuth.SigninURL) }}
{{ if $location.ExternalAuth.SigninURL }}
error_page 401 = {{ buildAuthSignURL $location.ExternalAuth.SigninURL }};
{{ end }}
@ -778,7 +781,6 @@ stream {
proxy_set_header Host $host;
{{ end }}
# Pass the extracted client certificate to the backend
{{ if not (empty $server.CertificateAuth.CAFileName) }}
{{ if $server.CertificateAuth.PassCertToUpstream }}
@ -861,7 +863,6 @@ stream {
proxy_set_header X-Service-Name $service_name;
{{ end }}
{{ if not (empty $location.Backend) }}
{{ buildProxyPass $server.Hostname $all.Backends $location }}
{{ if (or (eq $location.Proxy.ProxyRedirectFrom "default") (eq $location.Proxy.ProxyRedirectFrom "off")) }}