yandex
loader

please wait

  • Shreya Bansal Mar-11-2019 01:02:50 PM ( 2 months ago )

     

    I want my Ingress (NGINX) to filter by source IP address and show a basic auth before proxying to a service. While this is straightforward, the complicated part is, that I want it to do this only, if the URL contains a special character in the path.

    Lets say I want to secure all paths that start with a "+" before proxying them to the correct service. On the other hand I still want that paths that do not start with a "+" will be routed (without basic auth) to the same service. It should also not change the URL that the service will see.

    Examples would be:

    /serviceA/what/ever -> http://192.168.0.2/what/ever
    /serviceA/what/+ever -> BASIC_AUTH -> http://192.168.0.2/what/+ever
    /serviceB/what/ever -> http://192.168.0.3/what/ever
    /serviceB/+what/ever -> BASIC_AUTH -> http://192.168.0.3/+what/ever
    

    Is it possible to achieve this either in Ingress or at least in a NGINX config? The regex for the URL path is also quite simple in NGINX but is it possible without duplicating all path entries and also without adding a second proxy nginx in front?

    The ideal solution would be in Ingress yml config but I'm more familar with NGINX, so here is an example what I want to achieve in NGINX-Syntax:

    Location ~ /+ { auth_basic ...; auth_basic_user_file ...; < route it somehow to the similar location as it would have no +, but don't cut out the + > } Location /serviceA { proxy_pass ...; } ... more Locations ...

    Or in Ingress something similar with path-entries.

     
  • Sarah Jones Mar-11-2019 01:04:31 PM ( 2 months ago )

    First of all, your:

    location ~ /+ {
        auth_basic ...;
        auth_basic_user_file ...;
        < route it somehow to the similar location as it would have no +, but don't cut out the + >
    }
    

    Would only match servicex/+something , not the servicex/something/+nice

    The regex you are searching is something like:

    location ~ ^/(.*)\+(.*) for the "+" to be anywhere
    
    location ~ ^(.*)\/\+(.*) for the "+" to be only after a "/"
    

    For the part:

    < route it somehow to the similar location as it would have no +, but don't cut out the + >
    

    Like this you'll send the uri exactly like it came:

    proxy_pass http://192.168.0.2$request_uri; 
    

    And like this you'd take out the "+"

    proxy_pass http://192.168.0.2$1/$2; 
    

    Where $1 is the (.*) before the /+ and $2 is everything after, and we add the lacking / in the middle.

Please login

Similar Discussion

Recommended For You