From ab1f04b9c2b4bceb5c714cb53e27cee8d748329b Mon Sep 17 00:00:00 2001
From: Manuel de Brito Fontes <aledbf@gmail.com>
Date: Mon, 24 Apr 2017 22:14:38 -0300
Subject: [PATCH] Add support for https in proxy request for external
 authentication

---
 .../nginx/rootfs/etc/nginx/template/nginx.tmpl  | 11 ++++++++---
 core/pkg/ingress/annotations/authreq/main.go    | 17 ++++++++++++++++-
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
index 32311055a..91b24ce1a 100644
--- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
+++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@@ -199,6 +199,8 @@ http {
     # In case of errors try the next upstream server before returning an error
     proxy_next_upstream                     error timeout invalid_header http_502 http_503 http_504{{ if $cfg.RetryNonIdempotent }} non_idempotent{{ end }};
 
+    proxy_ssl_session_reuse on;
+
     {{range $name, $upstream := $backends}}
     upstream {{$upstream.Name}} {
         {{ if eq $upstream.SessionAffinity.AffinityType "cookie" }}
@@ -273,11 +275,14 @@ http {
             proxy_set_header            Content-Length "";
             {{ end }}
             {{ if not (empty $location.ExternalAuth.Method) }}
-            proxy_method {{ $location.ExternalAuth.Method }};
-            proxy_set_header X-Original-URI $request_uri;
-            proxy_set_header X-Scheme       $pass_access_scheme;
+            proxy_method                {{ $location.ExternalAuth.Method }};
+            proxy_set_header            X-Original-URI $request_uri;
+            proxy_set_header            X-Scheme       $pass_access_scheme;
             {{ end }}
             proxy_pass_request_headers  on;
+            proxy_set_header            Host {{ $location.ExternalAuth.Host }};
+            proxy_ssl_server_name       on;            
+
             set $target {{ $location.ExternalAuth.URL }};
             proxy_pass $target;
         }
diff --git a/core/pkg/ingress/annotations/authreq/main.go b/core/pkg/ingress/annotations/authreq/main.go
index 8c6fce844..016cc2624 100644
--- a/core/pkg/ingress/annotations/authreq/main.go
+++ b/core/pkg/ingress/annotations/authreq/main.go
@@ -38,7 +38,9 @@ const (
 
 // External returns external authentication configuration for an Ingress rule
 type External struct {
-	URL             string   `json:"url"`
+	URL string `json:"url"`
+	// Host contains the hostname defined in the URL
+	Host            string   `json:"host"`
 	SigninURL       string   `json:"signinUrl"`
 	Method          string   `json:"method"`
 	SendBody        bool     `json:"sendBody"`
@@ -129,9 +131,22 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
 
 	return &External{
 		URL:             str,
+		Host:            stripPort(ur.Host),
 		SigninURL:       signin,
 		Method:          m,
 		SendBody:        sb,
 		ResponseHeaders: h,
 	}, nil
 }
+
+// TODO: Remove after upgrade to Go 1.8
+func stripPort(hostport string) string {
+	colon := strings.IndexByte(hostport, ':')
+	if colon == -1 {
+		return hostport
+	}
+	if i := strings.IndexByte(hostport, ']'); i != -1 {
+		return strings.TrimPrefix(hostport[:i], "[")
+	}
+	return hostport[:colon]
+}