DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nginx.ingress.kubernetes.io/auth-url: Allow 127.0.0.1 to avoid external hops

Browse source 
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
This commit is contained in:
Jan-Otto Kröpke 2023-07-06 08:00:29 +02:00
parent d44a8e0045
commit d59705e189
No known key found for this signature in database
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -764,7 +764,7 @@ stream {
lua_package_path "/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;;";
lua_shared_dict tcp_udp_configuration_data 5M;
{{ buildResolvers $cfg.Resolver $cfg.DisableIpv6DNS }}
init_by_lua_block {
@ -1133,7 +1133,12 @@ stream {
proxy_set_header X-Scheme $pass_access_scheme;
{{ end }}
{{ if eq $externalAuth.Host "127.0.0.1" }}
proxy_set_header Host $http_host;
proxy_ssl_name $http_host;
{{ else }}
proxy_set_header Host {{ $externalAuth.Host }};
{{ end }}
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Sent-From "nginx-ingress-controller";