DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix #76: hardcode X-Forwarded-Port due to SSL Passthrough

Browse source
This commit is contained in:
Josh Mize 2016-12-22 02:11:27 -06:00
parent f0762ba144
commit 7ef63fdbc0
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -188,6 +188,7 @@ http {
server {
server_name {{ $server.Hostname }};
listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $index 0 }} ipv6only=off{{end}};
# Listen on 442 because we are behind an SSL passthrough on port 443
{{ if not (empty $server.SSLCertificate) }}listen 442 {{ if $cfg.UseProxyProtocol }}proxy_protocol{{ end }} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }};
{{/* comment PEM sha is required to detect changes in the generated configuration and force a reload */}}
# PEM sha: {{ $server.SSLPemChecksum }}
@ -277,7 +278,9 @@ http {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# cannot use $server_port because we are behind an SSL passthrough
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
# mitigate HTTPoxy Vulnerability