DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #2977 from aledbf/realip-auth

Browse source 
Pass real source IP address to auth request
This commit is contained in:
k8s-ci-robot 2018-08-23 09:29:30 -07:00 committed by GitHub
commit 332b3ad23d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -136,7 +136,7 @@ http {
client_body_temp_path /tmp/client-body; client_body_temp_path /tmp/client-body;
fastcgi_temp_path /tmp/fastcgi-temp; fastcgi_temp_path /tmp/fastcgi-temp;
proxy_temp_path /tmp/proxy-temp; proxy_temp_path /tmp/proxy-temp;
ajp_temp_path /tmp/ajp-temp; ajp_temp_path /tmp/ajp-temp;
client_header_buffer_size {{ $cfg.ClientHeaderBufferSize }}; client_header_buffer_size {{ $cfg.ClientHeaderBufferSize }};
client_header_timeout {{ $cfg.ClientHeaderTimeout }}s; client_header_timeout {{ $cfg.ClientHeaderTimeout }}s;
@ -833,6 +833,12 @@ stream {
proxy_set_header X-Original-URL $scheme://$http_host$request_uri; proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Original-Method $request_method; proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Sent-From "nginx-ingress-controller"; proxy_set_header X-Sent-From "nginx-ingress-controller";
proxy_set_header X-Real-IP $the_real_ip;
{{ if and $all.Cfg.UseForwardedHeaders $all.Cfg.ComputeFullForwardedFor }}
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
{{ else }}
proxy_set_header X-Forwarded-For $the_real_ip;
{{ end }}
{{ if $location.ExternalAuth.RequestRedirect }} {{ if $location.ExternalAuth.RequestRedirect }}
proxy_set_header X-Auth-Request-Redirect {{ $location.ExternalAuth.RequestRedirect }}; proxy_set_header X-Auth-Request-Redirect {{ $location.ExternalAuth.RequestRedirect }};