2024-09-15 15:04:08 +00:00
<!doctype html> < html lang = en class = no-js > < head > < meta charset = utf-8 > < meta name = viewport content = "width=device-width,initial-scale=1" > < link href = https://kubernetes.github.io/ingress-nginx/examples/auth/external-auth/ rel = canonical > < link href = ../client-certs/ rel = prev > < link href = ../oauth-external-auth/ rel = next > < link rel = icon href = ../../../assets/images/favicon.png > < meta name = generator content = "mkdocs-1.5.3, mkdocs-material-9.4.5" > < title > External Basic Authentication - Ingress-Nginx Controller< / title > < link rel = stylesheet href = ../../../assets/stylesheets/main.6a10b989.min.css > < link rel = stylesheet href = ../../../assets/stylesheets/palette.356b1318.min.css > < link rel = preconnect href = https://fonts.gstatic.com crossorigin > < link rel = stylesheet href = "https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback" > < style > : root { --md-text-font : "Roboto" ; --md-code-font : "Roboto Mono" } < / style > < link rel = stylesheet href = ../../../extra.css > < script > _ _md _scope = new URL ( "../../.." , location ) , _ _md _hash = e => [ ... e ] . reduce ( ( e , _ ) => ( e << 5 ) - e + _ . charCodeAt ( 0 ) , 0 ) , _ _md _get = ( e , _ = localStorage , t = _ _md _scope ) => JSON . parse ( _ . getItem ( t . pathname + "." + e ) ) , _ _md _set = ( e , _ , t = localStorage , a = _ _md _scope ) => { try { t . setItem ( a . pathname + "." + e , JSON . stringify ( _ ) ) } catch ( e ) { } } < / script > < / head > < body dir = ltr data-md-color-scheme = default data-md-color-primary = teal data-md-color-accent = green > < input class = md-toggle data-md-toggle = drawer type = checkbox id = __drawer autocomplete = off > < input class = md-toggle data-md-toggle = search type = checkbox id = __search autocomplete = off > < label class = md-overlay for = __drawer > < / label > < div data-md-component = skip > < a href = #external-basic-authentication class = md-skip > Skip to content < / a > < / div > < div data-md-component = announce > < / div > < header class = "md-header md-header--shadow md-header--lifted" data-md-component = header > < nav class = "md-header__inner md-grid" aria-label = Header > < a href = ../../.. title = "Ingress-Nginx Controller" class = "md-header__button md-logo" aria-label = "Ingress-Nginx Controller" data-md-component = logo > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z" / > < / svg > < / a > < label class = "md-header__button md-icon" for = __drawer > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z" / > < / svg > < / label > < div class = md-header__title data-md-component = header-title > < div class = md-header__ellipsis > < div class = md-header__topic > < span class = md-ellipsis > Ingress-Nginx Controller < / span > < / div > < div class = md-header__topic data-md-component = header-topic > < span class = md-ellipsis > External Basic Authentication < / span > < / div > < / div > < / div > < label class = "md-header__button md-icon" for = __search > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z" / > < / svg > < / label > < div class = md-search data-md-component = search role = dialog > < label class = md-search__overlay for = __search > < / label > < div class = md-search__inner role = search > < form class = md-search__form name = search > < input type = text class = md-search__input name = query aria-label = Search placeholder = Search autocapitalize = off autocorrect = off autocomplete = off spellcheck = false data-md-component = search-query required > < label class = "md-search__icon md-icon" for = __search > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z" / > < / svg > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z" / > < / svg > < / label > < nav class = md-searc
2020-04-15 17:09:38 +00:00
ingress " external-auth" created
2018-04-27 00:09:55 +00:00
$ kubectl get ing external-auth
NAME HOSTS ADDRESS PORTS AGE
2020-04-15 17:09:38 +00:00
external-auth external-auth-01.sample.com 172.17.4.99 80 13s
2018-04-27 00:09:55 +00:00
$ kubectl get ing external-auth -o yaml
2021-08-21 20:43:04 +00:00
apiVersion: networking.k8s.io/v1
2018-04-27 00:09:55 +00:00
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/auth-url: https://httpbin.org/basic-auth/user/passwd
2020-04-15 17:09:38 +00:00
creationTimestamp: 2016-10-03T13:50:35Z
generation: 1
2018-04-27 00:09:55 +00:00
name: external-auth
namespace: default
2020-04-15 17:09:38 +00:00
resourceVersion: " 2068378"
2021-08-21 20:43:04 +00:00
selfLink: /apis/networking/v1/namespaces/default/ingresses/external-auth
2018-04-27 00:09:55 +00:00
uid: 5c388f1d-8970-11e6-9004-080027d2dc94
spec:
rules:
- host: external-auth-01.sample.com
http:
paths:
2021-11-02 00:13:54 +00:00
- path: /
pathType: Prefix
backend:
service:
name: http-svc
port:
number: 80
2018-04-27 00:09:55 +00:00
status:
loadBalancer:
ingress:
2020-04-15 17:09:38 +00:00
- ip: 172.17.4.99
2018-04-27 00:09:55 +00:00
$
2023-10-12 19:31:18 +00:00
< / code > < / pre > < / div > < h2 id = test-1-no-usernamepassword-expect-code-401 > Test 1: no username/password (expect code 401)< a class = headerlink href = #test-1-no-usernamepassword-expect-code-401 title = "Permanent link" > ¶< / a > < / h2 > < div class = highlight > < pre > < span > < / span > < code > < span class = gp > $ < / span > curl< span class = w > < / span > -k< span class = w > < / span > http://172.17.4.99< span class = w > < / span > -v< span class = w > < / span > -H< span class = w > < / span > < span class = s1 > ' Host: external-auth-01.sample.com' < / span >
2021-01-11 15:59:14 +00:00
< span class = go > * Rebuilt URL to: http://172.17.4.99/< / span >
< span class = go > * Trying 172.17.4.99...< / span >
< span class = go > * Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)< / span >
2023-10-12 19:31:18 +00:00
< span class = go > > GET / HTTP/1.1< / span >
< span class = go > > Host: external-auth-01.sample.com< / span >
< span class = go > > User-Agent: curl/7.50.1< / span >
< span class = go > > Accept: */*< / span >
< span class = go > > < / span >
2021-01-11 15:59:14 +00:00
< span class = go > < HTTP/1.1 401 Unauthorized< / span >
< span class = go > < Server: nginx/1.11.3< / span >
< span class = go > < Date: Mon, 03 Oct 2016 14:52:08 GMT< / span >
< span class = go > < Content-Type: text/html< / span >
< span class = go > < Content-Length: 195< / span >
< span class = go > < Connection: keep-alive< / span >
< span class = go > < WWW-Authenticate: Basic realm=" Fake Realm" < / span >
< span class = go > < < / span >
< span class = go > < html> < / span >
< span class = go > < head> < title> 401 Authorization Required< /title> < /head> < / span >
< span class = go > < body bgcolor=" white" > < / span >
< span class = go > < center> < h1> 401 Authorization Required< /h1> < /center> < / span >
< span class = go > < hr> < center> nginx/1.11.3< /center> < / span >
< span class = go > < /body> < / span >
< span class = go > < /html> < / span >
< span class = go > * Connection #0 to host 172.17.4.99 left intact< / span >
2022-01-17 00:58:25 +00:00
< / code > < / pre > < / div > < h2 id = test-2-valid-usernamepassword-expect-code-200 > Test 2: valid username/password (expect code 200)< a class = headerlink href = #test-2-valid-usernamepassword-expect-code-200 title = "Permanent link" > ¶< / a > < / h2 > < div class = highlight > < pre > < span > < / span > < code > $ curl -k http://172.17.4.99 -v -H ' Host: external-auth-01.sample.com' -u ' user:passwd'
2018-04-27 00:09:55 +00:00
* Rebuilt URL to: http://172.17.4.99/
2020-04-15 17:09:38 +00:00
* Trying 172.17.4.99...
* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
* Server auth using Basic with user ' user'
2018-04-27 00:09:55 +00:00
> GET / HTTP/1.1
> Host: external-auth-01.sample.com
2020-04-15 17:09:38 +00:00
> Authorization: Basic dXNlcjpwYXNzd2Q=
2018-04-27 00:09:55 +00:00
> User-Agent: curl/7.50.1
> Accept: */*
>
2020-04-15 17:09:38 +00:00
< HTTP/1.1 200 OK
2018-04-27 00:09:55 +00:00
< Server: nginx/1.11.3
2020-04-15 17:09:38 +00:00
< Date: Mon, 03 Oct 2016 14:52:50 GMT
2018-04-27 00:09:55 +00:00
< Content-Type: text/plain
< Transfer-Encoding: chunked
< Connection: keep-alive
<
CLIENT VALUES:
2020-04-15 17:09:38 +00:00
client_address=10.2.60.2
command=GET
real path=/
query=nil
request_version=1.1
request_uri=http://external-auth-01.sample.com:8080/
2018-04-27 00:09:55 +00:00
SERVER VALUES:
2020-04-15 17:09:38 +00:00
server_version=nginx: 1.9.11 - lua: 10001
2018-04-27 00:09:55 +00:00
HEADERS RECEIVED:
2020-04-15 17:09:38 +00:00
accept=*/*
authorization=Basic dXNlcjpwYXNzd2Q=
connection=close
host=external-auth-01.sample.com
user-agent=curl/7.50.1
x-forwarded-for=10.2.60.1
x-forwarded-host=external-auth-01.sample.com
x-forwarded-port=80
x-forwarded-proto=http
x-real-ip=10.2.60.1
2018-04-27 00:09:55 +00:00
BODY:
2020-04-15 17:09:38 +00:00
* Connection #0 to host 172.17.4.99 left intact
2018-04-27 00:09:55 +00:00
-no body in request-
2022-01-17 00:58:25 +00:00
< / code > < / pre > < / div > < h2 id = test-3-invalid-usernamepassword-expect-code-401 > Test 3: invalid username/password (expect code 401)< a class = headerlink href = #test-3-invalid-usernamepassword-expect-code-401 title = "Permanent link" > ¶< / a > < / h2 > < div class = highlight > < pre > < span > < / span > < code > curl -k http://172.17.4.99 -v -H ' Host: external-auth-01.sample.com' -u ' user:user'
2018-04-27 00:09:55 +00:00
* Rebuilt URL to: http://172.17.4.99/
* Trying 172.17.4.99...
* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
* Server auth using Basic with user ' user'
> GET / HTTP/1.1
> Host: external-auth-01.sample.com
> Authorization: Basic dXNlcjp1c2Vy
> User-Agent: curl/7.50.1
> Accept: */*
>
2020-04-15 17:09:38 +00:00
< HTTP/1.1 401 Unauthorized
< Server: nginx/1.11.3
< Date: Mon, 03 Oct 2016 14:53:04 GMT
< Content-Type: text/html
< Content-Length: 195
< Connection: keep-alive
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm=" Fake Realm"
<
< html>
< head> < title> 401 Authorization Required< /title> < /head>
< body bgcolor=" white" >
< center> < h1> 401 Authorization Required< /h1> < /center>
< hr> < center> nginx/1.11.3< /center>
< /body>
< /html>
2018-04-27 00:09:55 +00:00
* Connection #0 to host 172.17.4.99 left intact
2023-10-12 19:31:18 +00:00
< / code > < / pre > < / div > < / article > < / div > < / div > < / main > < footer class = md-footer > < div class = "md-footer-meta md-typeset" > < div class = "md-footer-meta__inner md-grid" > < div class = md-copyright > Made with < a href = https://squidfunk.github.io/mkdocs-material/ target = _blank rel = noopener > Material for MkDocs < / a > < / div > < / div > < / div > < / footer > < / div > < div class = md-dialog data-md-component = dialog > < div class = "md-dialog__inner md-typeset" > < / div > < / div > < script id = __config type = application/json > { "base" : "../../.." , "features" : [ "navigation.tabs" , "navigation.tabs.sticky" , "navigation.instant" , "navigation.sections" ] , "search" : "../../../assets/javascripts/workers/search.f886a092.min.js" , "translations" : { "clipboard.copied" : "Copied to clipboard" , "clipboard.copy" : "Copy to clipboard" , "search.result.more.one" : "1 more on this page" , "search.result.more.other" : "# more on this page" , "search.result.none" : "No matching documents" , "search.result.one" : "1 matching document" , "search.result.other" : "# matching documents" , "search.result.placeholder" : "Type to start searching" , "search.result.term.missing" : "Missing" , "select.version" : "Select version" } } < / script > < script src = ../../../assets/javascripts/bundle.aecac24b.min.js > < / script > < / body > < / html >
