Skip to content

Commit

Permalink
Fix kubernetes#76: hardcode X-Forwarded-Port due to SSL Passthrough
Browse files Browse the repository at this point in the history
  • Loading branch information
@jgmize
jgmize committed Dec 22, 2016
1 parent f0762ba commit 7ef63fd
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,7 @@ http {
server {
server_name {{ $server.Hostname }};
listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $index 0 }} ipv6only=off{{end}};
# Listen on 442 because we are behind an SSL passthrough on port 443
{{ if not (empty $server.SSLCertificate) }}listen 442 {{ if $cfg.UseProxyProtocol }}proxy_protocol{{ end }} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }};
{{/* comment PEM sha is required to detect changes in the generated configuration and force a reload */}}
# PEM sha: {{ $server.SSLPemChecksum }}
Expand Down Expand Up @@ -277,7 +278,9 @@ http {

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;

# cannot use $server_port because we are behind an SSL passthrough
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;

# mitigate HTTPoxy Vulnerability
Expand Down

0 comments on commit 7ef63fd

Please sign in to comment.