Add support for https in proxy request for external authentication

controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl

@@ -199,6 +199,8 @@ http {
     # In case of errors try the next upstream server before returning an error
     proxy_next_upstream                     error timeout invalid_header http_502 http_503 http_504{{ if $cfg.RetryNonIdempotent }} non_idempotent{{ end }};
 
+    proxy_ssl_session_reuse on;
+
     {{range $name, $upstream := $backends}}
     upstream {{$upstream.Name}} {
         {{ if eq $upstream.SessionAffinity.AffinityType "cookie" }}
@@ -278,6 +280,9 @@ http {
             proxy_set_header            X-Scheme       $pass_access_scheme;
             {{ end }}
             proxy_pass_request_headers  on;
+            proxy_set_header            Host {{ $location.ExternalAuth.Host }};
+            proxy_ssl_server_name       on;            
+
             set $target {{ $location.ExternalAuth.URL }};
             proxy_pass $target;
         }

core/pkg/ingress/annotations/authreq/main.go

@@ -39,6 +39,8 @@ const (
 // External returns external authentication configuration for an Ingress rule
 type External struct {
 	URL string `json:"url"`
+	// Host contains the hostname defined in the URL
+	Host            string   `json:"host"`
 	SigninURL       string   `json:"signinUrl"`
 	Method          string   `json:"method"`
 	SendBody        bool     `json:"sendBody"`
@@ -129,9 +131,22 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
 
 	return &External{
 		URL:             str,
+		Host:            stripPort(ur.Host),
 		SigninURL:       signin,
 		Method:          m,
 		SendBody:        sb,
 		ResponseHeaders: h,
 	}, nil
 }
+
+// TODO: Remove after upgrade to Go 1.8
+func stripPort(hostport string) string {
+	colon := strings.IndexByte(hostport, ':')
+	if colon == -1 {
+		return hostport
+	}
+	if i := strings.IndexByte(hostport, ']'); i != -1 {
+		return strings.TrimPrefix(hostport[:i], "[")
+	}
+	return hostport[:colon]
+}