Host header is mandatory

controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl

@@ -158,6 +158,8 @@ http {
     port_in_redirect        off;
 
     ssl_protocols {{ $cfg.SSLProtocols }};
+    proxy_ssl_protocols {{ $cfg.SSLProtocols }};
+    proxy_ssl_session_reuse on;
 
     # turn on session caching to drastically improve performance
     {{ if $cfg.SSLSessionCache }}
@@ -175,6 +177,7 @@ http {
     # allow configuring custom ssl ciphers
     ssl_ciphers '{{ $cfg.SSLCiphers }}';
     ssl_prefer_server_ciphers on;
+    proxy_ssl_ciphers {{ $cfg.SSLCiphers }};
     {{ end }}
 
     {{ if not (empty $cfg.SSLDHParam) }}
@@ -278,6 +281,8 @@ http {
             proxy_set_header X-Scheme       $pass_access_scheme;
             {{ end }}
             proxy_pass_request_headers  on;
+            proxy_set_header Host {{ $location.ExternalAuth.Host }};
+            proxy_ssl_server_name on;
             set $target {{ $location.ExternalAuth.URL }};
             proxy_pass $target;
         }

core/pkg/ingress/annotations/authreq/main.go

@@ -39,6 +39,8 @@ const (
 // External returns external authentication configuration for an Ingress rule
 type External struct {
 	URL string `json:"url"`
+	// Host contains the hostname defined in the URL
+	Host            string   `json:"host"`
 	SigninURL       string   `json:"signinUrl"`
 	Method          string   `json:"method"`
 	SendBody        bool     `json:"sendBody"`
@@ -129,6 +131,7 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
 
 	return &External{
 		URL:             str,
+		Host:            ur.Hostname(),
 		SigninURL:       signin,
 		Method:          m,
 		SendBody:        sb,