DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Apply the 'ssl-redirect' redirect per-location

Browse source 
This is needed to avoid ingress definitions with different settings for SSL
redirection conflicting with each other.

NB: This was discussed in the review of #427, but ultimately not addressed.
This commit is contained in:
Andreas Kohn 2017-06-27 15:28:33 +02:00
parent 1468fcb1aa
commit 04346a8ec2
No known key found for this signature in database
GPG key ID: B03FDDBC66E99F92
1 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -313,13 +313,6 @@ http {
ssl_verify_depth {{ $location.CertificateAuth.ValidationDepth }}; ssl_verify_depth {{ $location.CertificateAuth.ValidationDepth }};
{{ end }} {{ end }}
{{ if (or $location.Redirect.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect)) }}
# enforce ssl on server side
if ($pass_access_scheme = http) {
return 301 https://$best_http_host$request_uri;
}
{{ end }}
{{ if not (empty $location.Redirect.AppRoot)}} {{ if not (empty $location.Redirect.AppRoot)}}
if ($uri = /) { if ($uri = /) {
return 302 {{ $location.Redirect.AppRoot }}; return 302 {{ $location.Redirect.AppRoot }};
@ -353,6 +346,14 @@ http {
location {{ $path }} { location {{ $path }} {
set $proxy_upstream_name "{{ buildUpstreamName $server.Hostname $backends $location }}"; set $proxy_upstream_name "{{ buildUpstreamName $server.Hostname $backends $location }}";
{{ if (or $location.Redirect.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect)) }}
# enforce ssl on server side
if ($pass_access_scheme = http) {
return 301 https://$best_http_host$request_uri;
}
{{ end }}
{{ if isLocationAllowed $location }} {{ if isLocationAllowed $location }}
{{ if gt (len $location.Whitelist.CIDR) 0 }} {{ if gt (len $location.Whitelist.CIDR) 0 }}
if ({{ buildDenyVariable (print $server.Hostname "_" $path) }}) { if ({{ buildDenyVariable (print $server.Hostname "_" $path) }}) {