Apply the 'ssl-redirect' redirect per-location
This is needed to avoid ingress definitions with different settings for SSL redirection conflicting with each other. NB: This was discussed in the review of #427, but ultimately not addressed.
This commit is contained in:
parent
1468fcb1aa
commit
04346a8ec2
1 changed files with 8 additions and 7 deletions
|
@ -313,13 +313,6 @@ http {
|
|||
ssl_verify_depth {{ $location.CertificateAuth.ValidationDepth }};
|
||||
{{ end }}
|
||||
|
||||
{{ if (or $location.Redirect.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect)) }}
|
||||
# enforce ssl on server side
|
||||
if ($pass_access_scheme = http) {
|
||||
return 301 https://$best_http_host$request_uri;
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
{{ if not (empty $location.Redirect.AppRoot)}}
|
||||
if ($uri = /) {
|
||||
return 302 {{ $location.Redirect.AppRoot }};
|
||||
|
@ -353,6 +346,14 @@ http {
|
|||
|
||||
location {{ $path }} {
|
||||
set $proxy_upstream_name "{{ buildUpstreamName $server.Hostname $backends $location }}";
|
||||
|
||||
{{ if (or $location.Redirect.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect)) }}
|
||||
# enforce ssl on server side
|
||||
if ($pass_access_scheme = http) {
|
||||
return 301 https://$best_http_host$request_uri;
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
{{ if isLocationAllowed $location }}
|
||||
{{ if gt (len $location.Whitelist.CIDR) 0 }}
|
||||
if ({{ buildDenyVariable (print $server.Hostname "_" $path) }}) {
|
||||
|
|
Loading…
Reference in a new issue