2024-09-15 15:04:08 +00:00
<!doctype html> < html lang = en class = no-js > < head > < meta charset = utf-8 > < meta name = viewport content = "width=device-width,initial-scale=1" > < link href = https://kubernetes.github.io/ingress-nginx/examples/auth/basic/ rel = canonical > < link href = ../../affinity/cookie/ rel = prev > < link href = ../client-certs/ rel = next > < link rel = icon href = ../../../assets/images/favicon.png > < meta name = generator content = "mkdocs-1.5.3, mkdocs-material-9.4.5" > < title > Basic Authentication - Ingress-Nginx Controller< / title > < link rel = stylesheet href = ../../../assets/stylesheets/main.6a10b989.min.css > < link rel = stylesheet href = ../../../assets/stylesheets/palette.356b1318.min.css > < link rel = preconnect href = https://fonts.gstatic.com crossorigin > < link rel = stylesheet href = "https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback" > < style > : root { --md-text-font : "Roboto" ; --md-code-font : "Roboto Mono" } < / style > < link rel = stylesheet href = ../../../extra.css > < script > _ _md _scope = new URL ( "../../.." , location ) , _ _md _hash = e => [ ... e ] . reduce ( ( e , _ ) => ( e << 5 ) - e + _ . charCodeAt ( 0 ) , 0 ) , _ _md _get = ( e , _ = localStorage , t = _ _md _scope ) => JSON . parse ( _ . getItem ( t . pathname + "." + e ) ) , _ _md _set = ( e , _ , t = localStorage , a = _ _md _scope ) => { try { t . setItem ( a . pathname + "." + e , JSON . stringify ( _ ) ) } catch ( e ) { } } < / script > < / head > < body dir = ltr data-md-color-scheme = default data-md-color-primary = teal data-md-color-accent = green > < input class = md-toggle data-md-toggle = drawer type = checkbox id = __drawer autocomplete = off > < input class = md-toggle data-md-toggle = search type = checkbox id = __search autocomplete = off > < label class = md-overlay for = __drawer > < / label > < div data-md-component = skip > < a href = #basic-authentication class = md-skip > Skip to content < / a > < / div > < div data-md-component = announce > < / div > < header class = "md-header md-header--shadow md-header--lifted" data-md-component = header > < nav class = "md-header__inner md-grid" aria-label = Header > < a href = ../../.. title = "Ingress-Nginx Controller" class = "md-header__button md-logo" aria-label = "Ingress-Nginx Controller" data-md-component = logo > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z" / > < / svg > < / a > < label class = "md-header__button md-icon" for = __drawer > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z" / > < / svg > < / label > < div class = md-header__title data-md-component = header-title > < div class = md-header__ellipsis > < div class = md-header__topic > < span class = md-ellipsis > Ingress-Nginx Controller < / span > < / div > < div class = md-header__topic data-md-component = header-topic > < span class = md-ellipsis > Basic Authentication < / span > < / div > < / div > < / div > < label class = "md-header__button md-icon" for = __search > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z" / > < / svg > < / label > < div class = md-search data-md-component = search role = dialog > < label class = md-search__overlay for = __search > < / label > < div class = md-search__inner role = search > < form class = md-search__form name = search > < input type = text class = md-search__input name = query aria-label = Search placeholder = Search autocapitalize = off autocorrect = off autocomplete = off spellcheck = false data-md-component = search-query required > < label class = "md-search__icon md-icon" for = __search > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z" / > < / svg > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z" / > < / svg > < / label > < nav class = md-search__options aria-label = Search > < butto
2021-01-11 15:59:14 +00:00
< span class = go > New password: < bar> < / span >
< span class = go > New password:< / span >
< span class = go > Re-type new password:< / span >
< span class = go > Adding password for user foo< / span >
2023-10-12 19:31:18 +00:00
< / code > < / pre > < / div > < h2 id = convert-htpasswd-into-a-secret > Convert htpasswd into a secret< a class = headerlink href = #convert-htpasswd-into-a-secret title = "Permanent link" > ¶< / a > < / h2 > < div class = highlight > < pre > < span > < / span > < code > < span class = gp > $ < / span > kubectl< span class = w > < / span > create< span class = w > < / span > secret< span class = w > < / span > generic< span class = w > < / span > basic-auth< span class = w > < / span > --from-file< span class = o > =< / span > auth
2021-01-11 15:59:14 +00:00
< span class = go > secret " basic-auth" created< / span >
2023-10-12 19:31:18 +00:00
< / code > < / pre > < / div > < h2 id = examine-secret > Examine secret< a class = headerlink href = #examine-secret title = "Permanent link" > ¶< / a > < / h2 > < div class = highlight > < pre > < span > < / span > < code > < span class = gp > $ < / span > kubectl< span class = w > < / span > get< span class = w > < / span > secret< span class = w > < / span > basic-auth< span class = w > < / span > -o< span class = w > < / span > yaml
2021-01-11 15:59:14 +00:00
< span class = go > apiVersion: v1< / span >
< span class = go > data:< / span >
< span class = go > auth: Zm9vOiRhcHIxJE9GRzNYeWJwJGNrTDBGSERBa29YWUlsSDkuY3lzVDAK< / span >
< span class = go > kind: Secret< / span >
< span class = go > metadata:< / span >
< span class = go > name: basic-auth< / span >
< span class = go > namespace: default< / span >
< span class = go > type: Opaque< / span >
2023-10-12 19:31:18 +00:00
< / code > < / pre > < / div > < h2 id = using-kubectl-create-an-ingress-tied-to-the-basic-auth-secret > Using kubectl, create an ingress tied to the basic-auth secret< a class = headerlink href = #using-kubectl-create-an-ingress-tied-to-the-basic-auth-secret title = "Permanent link" > ¶< / a > < / h2 > < div class = highlight > < pre > < span > < / span > < code > < span class = gp > $ < / span > < span class = nb > echo< / span > < span class = w > < / span > < span class = s2 > " < / span >
2021-08-21 20:43:04 +00:00
< span class = go > apiVersion: networking.k8s.io/v1< / span >
2021-01-11 15:59:14 +00:00
< span class = go > kind: Ingress< / span >
< span class = go > metadata:< / span >
< span class = go > name: ingress-with-auth< / span >
< span class = go > annotations:< / span >
2023-10-12 19:31:18 +00:00
< span class = gp > # < / span > < span class = nb > type< / span > < span class = w > < / span > of< span class = w > < / span > authentication
2021-01-11 15:59:14 +00:00
< span class = go > nginx.ingress.kubernetes.io/auth-type: basic< / span >
2023-10-12 19:31:18 +00:00
< span class = gp > # < / span > name< span class = w > < / span > of< span class = w > < / span > the< span class = w > < / span > secret< span class = w > < / span > that< span class = w > < / span > contains< span class = w > < / span > the< span class = w > < / span > user/password< span class = w > < / span > definitions
2021-01-11 15:59:14 +00:00
< span class = go > nginx.ingress.kubernetes.io/auth-secret: basic-auth< / span >
2023-10-12 19:31:18 +00:00
< span class = gp > # < / span > message< span class = w > < / span > to< span class = w > < / span > display< span class = w > < / span > with< span class = w > < / span > an< span class = w > < / span > appropriate< span class = w > < / span > context< span class = w > < / span > why< span class = w > < / span > the< span class = w > < / span > authentication< span class = w > < / span > is< span class = w > < / span > required
2021-01-11 15:59:14 +00:00
< span class = go > nginx.ingress.kubernetes.io/auth-realm: ' Authentication Required - foo' < / span >
< span class = go > spec:< / span >
2021-11-09 15:45:04 +00:00
< span class = go > ingressClassName: nginx< / span >
2021-01-11 15:59:14 +00:00
< span class = go > rules:< / span >
< span class = go > - host: foo.bar.com< / span >
< span class = go > http:< / span >
< span class = go > paths:< / span >
< span class = go > - path: /< / span >
2021-11-02 00:13:54 +00:00
< span class = go > pathType: Prefix< / span >
2021-01-11 15:59:14 +00:00
< span class = go > backend:< / span >
2021-11-02 00:13:54 +00:00
< span class = go > service: < / span >
< span class = go > name: http-svc< / span >
< span class = go > port: < / span >
< span class = go > number: 80< / span >
2021-01-11 15:59:14 +00:00
< span class = go > " | kubectl create -f -< / span >
2022-01-17 00:58:25 +00:00
< / code > < / pre > < / div > < h2 id = use-curl-to-confirm-authorization-is-required-by-the-ingress > Use curl to confirm authorization is required by the ingress< a class = headerlink href = #use-curl-to-confirm-authorization-is-required-by-the-ingress title = "Permanent link" > ¶< / a > < / h2 > < div class = highlight > < pre > < span > < / span > < code > $ curl -v http://10.2.29.4/ -H ' Host: foo.bar.com'
2018-04-27 00:09:55 +00:00
* Trying 10.2.29.4...
* Connected to 10.2.29.4 (10.2.29.4) port 80 (#0)
> GET / HTTP/1.1
> Host: foo.bar.com
> User-Agent: curl/7.43.0
> Accept: */*
>
2020-04-15 17:09:38 +00:00
< HTTP/1.1 401 Unauthorized
< Server: nginx/1.10.0
< Date: Wed, 11 May 2016 05:27:23 GMT
< Content-Type: text/html
< Content-Length: 195
< Connection: keep-alive
< WWW-Authenticate: Basic realm=" Authentication Required - foo"
<
< html>
< head> < title> 401 Authorization Required< /title> < /head>
< body bgcolor=" white" >
< center> < h1> 401 Authorization Required< /h1> < /center>
< hr> < center> nginx/1.10.0< /center>
< /body>
< /html>
2018-04-27 00:09:55 +00:00
* Connection #0 to host 10.2.29.4 left intact
2022-01-17 00:58:25 +00:00
< / code > < / pre > < / div > < h2 id = use-curl-with-the-correct-credentials-to-connect-to-the-ingress > Use curl with the correct credentials to connect to the ingress< a class = headerlink href = #use-curl-with-the-correct-credentials-to-connect-to-the-ingress title = "Permanent link" > ¶< / a > < / h2 > < div class = highlight > < pre > < span > < / span > < code > $ curl -v http://10.2.29.4/ -H ' Host: foo.bar.com' -u ' foo:bar'
2020-04-15 17:09:38 +00:00
* Trying 10.2.29.4...
* Connected to 10.2.29.4 (10.2.29.4) port 80 (#0)
* Server auth using Basic with user ' foo'
2018-04-27 00:09:55 +00:00
> GET / HTTP/1.1
> Host: foo.bar.com
2020-04-15 17:09:38 +00:00
> Authorization: Basic Zm9vOmJhcg==
2018-04-27 00:09:55 +00:00
> User-Agent: curl/7.43.0
> Accept: */*
>
2020-04-15 17:09:38 +00:00
< HTTP/1.1 200 OK
2018-04-27 00:09:55 +00:00
< Server: nginx/1.10.0
2020-04-15 17:09:38 +00:00
< Date: Wed, 11 May 2016 06:05:26 GMT
2018-04-27 00:09:55 +00:00
< Content-Type: text/plain
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Accept-Encoding
<
CLIENT VALUES:
2020-04-15 17:09:38 +00:00
client_address=10.2.29.4
command=GET
real path=/
query=nil
request_version=1.1
request_uri=http://foo.bar.com:8080/
2018-04-27 00:09:55 +00:00
SERVER VALUES:
2020-04-15 17:09:38 +00:00
server_version=nginx: 1.9.11 - lua: 10001
2018-04-27 00:09:55 +00:00
HEADERS RECEIVED:
2020-04-15 17:09:38 +00:00
accept=*/*
connection=close
host=foo.bar.com
user-agent=curl/7.43.0
2021-04-07 21:14:09 +00:00
x-request-id=e426c7829ef9f3b18d40730857c3eddb
2020-04-15 17:09:38 +00:00
x-forwarded-for=10.2.29.1
x-forwarded-host=foo.bar.com
x-forwarded-port=80
x-forwarded-proto=http
x-real-ip=10.2.29.1
2021-04-07 21:14:09 +00:00
x-scheme=http
2018-04-27 00:09:55 +00:00
BODY:
2020-04-15 17:09:38 +00:00
* Connection #0 to host 10.2.29.4 left intact
2018-04-27 00:09:55 +00:00
-no body in request-
2023-10-12 19:31:18 +00:00
< / code > < / pre > < / div > < / article > < / div > < / div > < / main > < footer class = md-footer > < div class = "md-footer-meta md-typeset" > < div class = "md-footer-meta__inner md-grid" > < div class = md-copyright > Made with < a href = https://squidfunk.github.io/mkdocs-material/ target = _blank rel = noopener > Material for MkDocs < / a > < / div > < / div > < / div > < / footer > < / div > < div class = md-dialog data-md-component = dialog > < div class = "md-dialog__inner md-typeset" > < / div > < / div > < script id = __config type = application/json > { "base" : "../../.." , "features" : [ "navigation.tabs" , "navigation.tabs.sticky" , "navigation.instant" , "navigation.sections" ] , "search" : "../../../assets/javascripts/workers/search.f886a092.min.js" , "translations" : { "clipboard.copied" : "Copied to clipboard" , "clipboard.copy" : "Copy to clipboard" , "search.result.more.one" : "1 more on this page" , "search.result.more.other" : "# more on this page" , "search.result.none" : "No matching documents" , "search.result.one" : "1 matching document" , "search.result.other" : "# matching documents" , "search.result.placeholder" : "Type to start searching" , "search.result.term.missing" : "Missing" , "select.version" : "Select version" } } < / script > < script src = ../../../assets/javascripts/bundle.aecac24b.min.js > < / script > < / body > < / html >
