From 29c849f9930b4e24a13d4974b393cf411071d897 Mon Sep 17 00:00:00 2001
From: Manuel de Brito Fontes <aledbf@gmail.com>
Date: Mon, 24 Apr 2017 15:02:45 -0300
Subject: [PATCH] Host header is mandatory

---
 controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl | 5 +++++
 core/pkg/ingress/annotations/authreq/main.go           | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
index 32311055a..c11d26aa9 100644
--- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
+++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@@ -158,6 +158,8 @@ http {
     port_in_redirect        off;
 
     ssl_protocols {{ $cfg.SSLProtocols }};
+    proxy_ssl_protocols {{ $cfg.SSLProtocols }};
+    proxy_ssl_session_reuse on;
 
     # turn on session caching to drastically improve performance
     {{ if $cfg.SSLSessionCache }}
@@ -175,6 +177,7 @@ http {
     # allow configuring custom ssl ciphers
     ssl_ciphers '{{ $cfg.SSLCiphers }}';
     ssl_prefer_server_ciphers on;
+    proxy_ssl_ciphers {{ $cfg.SSLCiphers }};
     {{ end }}
 
     {{ if not (empty $cfg.SSLDHParam) }}
@@ -278,6 +281,8 @@ http {
             proxy_set_header X-Scheme       $pass_access_scheme;
             {{ end }}
             proxy_pass_request_headers  on;
+            proxy_set_header Host {{ $location.ExternalAuth.Host }};
+            proxy_ssl_server_name on;
             set $target {{ $location.ExternalAuth.URL }};
             proxy_pass $target;
         }
diff --git a/core/pkg/ingress/annotations/authreq/main.go b/core/pkg/ingress/annotations/authreq/main.go
index 8c6fce844..8b156766e 100644
--- a/core/pkg/ingress/annotations/authreq/main.go
+++ b/core/pkg/ingress/annotations/authreq/main.go
@@ -38,7 +38,9 @@ const (
 
 // External returns external authentication configuration for an Ingress rule
 type External struct {
-	URL             string   `json:"url"`
+	URL string `json:"url"`
+	// Host contains the hostname defined in the URL
+	Host            string   `json:"host"`
 	SigninURL       string   `json:"signinUrl"`
 	Method          string   `json:"method"`
 	SendBody        bool     `json:"sendBody"`
@@ -129,6 +131,7 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
 
 	return &External{
 		URL:             str,
+		Host:            ur.Hostname(),
 		SigninURL:       signin,
 		Method:          m,
 		SendBody:        sb,