DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Do not use port from host header (#1926)

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2018-01-18 14:51:58 -02:00 committed by GitHub
parent 5a16a7aaa0
commit 52794ae22d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -213,11 +213,6 @@ http {
'' $server_port; '' $server_port;
} }
map $http_x_forwarded_host $best_http_host {
default $http_x_forwarded_host;
'' $this_host;
}
{{ if $all.IsSSLPassthroughEnabled }} {{ if $all.IsSSLPassthroughEnabled }}
# map port {{ $all.ListenPorts.SSLProxy }} to 443 for header X-Forwarded-Port # map port {{ $all.ListenPorts.SSLProxy }} to 443 for header X-Forwarded-Port
map $pass_server_port $pass_port { map $pass_server_port $pass_port {
@ -231,12 +226,6 @@ http {
} }
{{ end }} {{ end }}
# Obtain best http host
map $http_host $this_host {
default $http_host;
'' $host;
}
{{ if $cfg.ComputeFullForwardedFor }} {{ if $cfg.ComputeFullForwardedFor }}
# We can't use $proxy_add_x_forwarded_for because the realip module # We can't use $proxy_add_x_forwarded_for because the realip module
# replaces the remote_addr too soon # replaces the remote_addr too soon
@ -709,11 +698,11 @@ stream {
{{ if $location.UsePortInRedirects }} {{ if $location.UsePortInRedirects }}
# using custom ports require a different rewrite directive # using custom ports require a different rewrite directive
{{ $redirect_port := (printf ":%v" $all.ListenPorts.HTTPS) }} {{ $redirect_port := (printf ":%v" $all.ListenPorts.HTTPS) }}
error_page 497 ={{ $all.Cfg.HTTPRedirectCode }} https://$best_http_host{{ $redirect_port }}$request_uri; error_page 497 ={{ $all.Cfg.HTTPRedirectCode }} https://$host{{ $redirect_port }}$request_uri;
return 497; return 497;
{{ else }} {{ else }}
return {{ $all.Cfg.HTTPRedirectCode }} https://$best_http_host$request_uri; return {{ $all.Cfg.HTTPRedirectCode }} https://$host$request_uri;
{{ end }} {{ end }}
} }
{{ end }} {{ end }}
@ -783,7 +772,7 @@ stream {
{{ if not (empty $location.UpstreamVhost) }} {{ if not (empty $location.UpstreamVhost) }}
proxy_set_header Host "{{ $location.UpstreamVhost }}"; proxy_set_header Host "{{ $location.UpstreamVhost }}";
{{ else }} {{ else }}
proxy_set_header Host $best_http_host; proxy_set_header Host $host;
{{ end }} {{ end }}
@ -812,7 +801,7 @@ stream {
{{ else }} {{ else }}
proxy_set_header X-Forwarded-For $the_real_ip; proxy_set_header X-Forwarded-For $the_real_ip;
{{ end }} {{ end }}
proxy_set_header X-Forwarded-Host $best_http_host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $pass_port; proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme; proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Original-URI $request_uri;