Merge pull request #397 from aledbf/fix-external-auth

Fix external auth
2017-03-07 21:36:53 -03:00 · 2017-03-07 21:36:53 -03:00 · d6620ead2c
commit d6620ead2c
parent 61a03033f7 9ed7bc6ad1
3 changed files with 3 additions and 11 deletions
--- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
+++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@ -208,10 +208,10 @@ http {
    {{ range $index, $server := .Servers }}
    server {
        server_name {{ $server.Hostname }};
-        listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $index 0 }} ipv6only=off{{end}}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}};
+        listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server ipv6only=off reuseport backlog={{ $backlogSize }}{{end}};
        {{/* Listen on 442 because port 443 is used in the stream section */}}
        {{/* This listen on port 442 cannot contains proxy_protocol directive because port 443 is in charge of decoding the protocol */}}
-        {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}[::]:443 {{ if $cfg.UseProxyProtocol }} proxy_protocol {{ end }}{{ end }} {{ if eq $index 0 }} ipv6only=off{{end}}  {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }};
+        {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}[::]:443 {{ if $cfg.UseProxyProtocol }} proxy_protocol {{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server ipv6only=off reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }};
        {{/* comment PEM sha is required to detect changes in the generated configuration and force a reload */}}
        # PEM sha: {{ $server.SSLPemChecksum }}
        ssl_certificate                         {{ $server.SSLCertificate }};
--- a/core/pkg/ingress/annotations/authreq/main.go
+++ b/core/pkg/ingress/annotations/authreq/main.go
@ -92,11 +92,7 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
 		return nil, ing_errors.NewLocationDenied("invalid url host")
 	}

-	m, err := parser.GetStringAnnotation(authMethod, ing)
-	if err != nil {
-		return nil, err
-	}
-
+	m, _ := parser.GetStringAnnotation(authMethod, ing)
 	if len(m) != 0 && !validMethod(m) {
 		return nil, ing_errors.NewLocationDenied("invalid HTTP method")
 	}
--- a/core/pkg/ingress/sort_ingress.go
+++ b/core/pkg/ingress/sort_ingress.go
@ -54,10 +54,6 @@ type ServerByName []*Server
 func (c ServerByName) Len() int      { return len(c) }
 func (c ServerByName) Swap(i, j int) { c[i], c[j] = c[j], c[i] }
 func (c ServerByName) Less(i, j int) bool {
-	// special case for catch all server
-	if c[j].Hostname == "_" {
-		return false
-	}
 	return c[i].Hostname < c[j].Hostname
 }