diff --git a/controllers/nginx/pkg/template/template.go b/controllers/nginx/pkg/template/template.go index a5192d396..b7d3dc860 100644 --- a/controllers/nginx/pkg/template/template.go +++ b/controllers/nginx/pkg/template/template.go @@ -304,9 +304,15 @@ func buildProxyPass(host string, b interface{}, loc interface{}) string { if location.Rewrite.AddBaseURL { // path has a slash suffix, so that it can be connected with baseuri directly bPath := fmt.Sprintf("%s%s", path, "$baseuri") - abu = fmt.Sprintf(`subs_filter '' '' r; + if len(location.Rewrite.BaseURLScheme) > 0 { + abu = fmt.Sprintf(`subs_filter '' '' r; + subs_filter '' '' r; + `, location.Rewrite.BaseURLScheme, bPath, location.Rewrite.BaseURLScheme, bPath) + } else { + abu = fmt.Sprintf(`subs_filter '' '' r; subs_filter '' '' r; `, bPath, bPath) + } } if location.Rewrite.Target == slash { diff --git a/controllers/nginx/pkg/template/template_test.go b/controllers/nginx/pkg/template/template_test.go index d3fa2ee6a..824f8feb2 100644 --- a/controllers/nginx/pkg/template/template_test.go +++ b/controllers/nginx/pkg/template/template_test.go @@ -34,56 +34,64 @@ import ( var ( // TODO: add tests for secure endpoints tmplFuncTestcases = map[string]struct { - Path string - Target string - Location string - ProxyPass string - AddBaseURL bool + Path string + Target string + Location string + ProxyPass string + AddBaseURL bool + BaseURLScheme string }{ - "invalid redirect / to /": {"/", "/", "/", "proxy_pass http://upstream-name;", false}, + "invalid redirect / to /": {"/", "/", "/", "proxy_pass http://upstream-name;", false, ""}, "redirect / to /jenkins": {"/", "/jenkins", "~* /", ` rewrite /(.*) /jenkins/$1 break; proxy_pass http://upstream-name; - `, false}, + `, false, ""}, "redirect /something to /": {"/something", "/", `~* ^/something\/?(?.*)`, ` rewrite /something/(.*) /$1 break; rewrite /something / break; proxy_pass http://upstream-name; - `, false}, + `, false, ""}, "redirect /end-with-slash/ to /not-root": {"/end-with-slash/", "/not-root", "~* ^/end-with-slash/(?.*)", ` rewrite /end-with-slash/(.*) /not-root/$1 break; proxy_pass http://upstream-name; - `, false}, + `, false, ""}, "redirect /something-complex to /not-root": {"/something-complex", "/not-root", `~* ^/something-complex\/?(?.*)`, ` rewrite /something-complex/(.*) /not-root/$1 break; proxy_pass http://upstream-name; - `, false}, + `, false, ""}, "redirect / to /jenkins and rewrite": {"/", "/jenkins", "~* /", ` rewrite /(.*) /jenkins/$1 break; proxy_pass http://upstream-name; subs_filter '' '' r; subs_filter '' '' r; - `, true}, + `, true, ""}, "redirect /something to / and rewrite": {"/something", "/", `~* ^/something\/?(?.*)`, ` rewrite /something/(.*) /$1 break; rewrite /something / break; proxy_pass http://upstream-name; subs_filter '' '' r; subs_filter '' '' r; - `, true}, + `, true, ""}, "redirect /end-with-slash/ to /not-root and rewrite": {"/end-with-slash/", "/not-root", `~* ^/end-with-slash/(?.*)`, ` rewrite /end-with-slash/(.*) /not-root/$1 break; proxy_pass http://upstream-name; subs_filter '' '' r; subs_filter '' '' r; - `, true}, + `, true, ""}, "redirect /something-complex to /not-root and rewrite": {"/something-complex", "/not-root", `~* ^/something-complex\/?(?.*)`, ` rewrite /something-complex/(.*) /not-root/$1 break; proxy_pass http://upstream-name; subs_filter '' '' r; subs_filter '' '' r; - `, true}, + `, true, ""}, + "redirect /something to / and rewrite with specific scheme": {"/something", "/", `~* ^/something\/?(?.*)`, ` + rewrite /something/(.*) /$1 break; + rewrite /something / break; + proxy_pass http://upstream-name; + subs_filter '' '' r; + subs_filter '' '' r; + `, true, "http"}, } ) @@ -124,7 +132,7 @@ func TestBuildProxyPass(t *testing.T) { for k, tc := range tmplFuncTestcases { loc := &ingress.Location{ Path: tc.Path, - Rewrite: rewrite.Redirect{Target: tc.Target, AddBaseURL: tc.AddBaseURL}, + Rewrite: rewrite.Redirect{Target: tc.Target, AddBaseURL: tc.AddBaseURL, BaseURLScheme: tc.BaseURLScheme}, Backend: "upstream-name", } diff --git a/core/pkg/ingress/annotations/rewrite/main.go b/core/pkg/ingress/annotations/rewrite/main.go index 52cb984fd..32cc421ae 100644 --- a/core/pkg/ingress/annotations/rewrite/main.go +++ b/core/pkg/ingress/annotations/rewrite/main.go @@ -26,6 +26,7 @@ import ( const ( rewriteTo = "ingress.kubernetes.io/rewrite-target" addBaseURL = "ingress.kubernetes.io/add-base-url" + baseURLScheme = "ingress.kubernetes.io/base-url-scheme" sslRedirect = "ingress.kubernetes.io/ssl-redirect" forceSSLRedirect = "ingress.kubernetes.io/force-ssl-redirect" appRoot = "ingress.kubernetes.io/app-root" @@ -38,6 +39,8 @@ type Redirect struct { // AddBaseURL indicates if is required to add a base tag in the head // of the responses from the upstream servers AddBaseURL bool `json:"addBaseUrl"` + // BaseURLScheme override for the scheme passed to the base tag + BaseURLScheme string `json:"baseUrlScheme"` // SSLRedirect indicates if the location section is accessible SSL only SSLRedirect bool `json:"sslRedirect"` // ForceSSLRedirect indicates if the location section is accessible SSL only @@ -60,6 +63,9 @@ func (r1 *Redirect) Equal(r2 *Redirect) bool { if r1.AddBaseURL != r2.AddBaseURL { return false } + if r1.BaseURLScheme != r2.BaseURLScheme { + return false + } if r1.SSLRedirect != r2.SSLRedirect { return false } @@ -95,10 +101,12 @@ func (a rewrite) Parse(ing *extensions.Ingress) (interface{}, error) { fSslRe = a.backendResolver.GetDefaultBackend().ForceSSLRedirect } abu, _ := parser.GetBoolAnnotation(addBaseURL, ing) + bus, _ := parser.GetStringAnnotation(baseURLScheme, ing) ar, _ := parser.GetStringAnnotation(appRoot, ing) return &Redirect{ Target: rt, AddBaseURL: abu, + BaseURLScheme: bus, SSLRedirect: sslRe, ForceSSLRedirect: fSslRe, AppRoot: ar,