Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Put Host into a header for Forward Auth #2121

Closed
wants to merge 4 commits into from
Closed

Put Host into a header for Forward Auth #2121

wants to merge 4 commits into from

Conversation

ekozan
Copy link

@ekozan ekozan commented Sep 14, 2017
edited

Hi all,

I just added possibility of forward the origin host to the as

Config example

[entryPoints.http.auth.forward]
address = "http://authtest/"
hostheader = "x-origin-host"

It's follow the design

Additional Headers
The AS might be interested in some of the original request informations such as:
Original Host - The target host address, eg api.example.com

All this information should be optional. The user must be allowed to define each header name.

Related to #2105

ldez
ldez requested changes Sep 14, 2017
View reviewed changes
Copy link
Member

@ldez ldez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you use the common header X-Forwarded-Host as default header value.

types/types.go Outdated
TLS *ClientTLS `description:"Enable TLS support"`
Address string `description:"Authentication server address"`
TLS *ClientTLS `description:"Enable TLS support"`
ForwardHostname *ForwardHostname `description:"Enable forward hostname request "`
Copy link
Member

@ldez ldez Sep 14, 2017
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can simplify like that:

// Forward authentication
type Forward struct {
	Address         string           `description:"Authentication server address"`
	TLS             *ClientTLS       `description:"Enable TLS support"`
	HostHeader      string           `description:"Header name to put the forwarded host"`
}

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done.

@ldez ldez changed the title Add option for Forward Auth origin HOST Put Host into a header for Forward Auth Sep 14, 2017
@ldez
Copy link
Member

ldez commented Sep 15, 2017

@ekozan After discussion with the team, we believe that this PR should go in version 1.4.

Can you change the root branch of PR and rebase on branch 1.4 ?
Ask me if yo need help.

@ldez
Copy link
Member

ldez commented Sep 15, 2017

After the rebase you will need to add some documentation https://github.com/containous/traefik/blob/v1.4/docs/configuration/entrypoints.md#forward-authentication

@ekozan ekozan changed the base branch from master to v1.4 September 15, 2017 15:09
@ekozan
Copy link
Author

ekozan commented Sep 15, 2017

done. :)

@ldez
Copy link
Member

ldez commented Sep 15, 2017

could you add some documentation https://github.com/containous/traefik/blob/v1.4/docs/configuration/entrypoints.md#forward-authentication

@ldez ldez added this to the 1.4 milestone Sep 15, 2017
@ekozan
Copy link
Author

ekozan commented Sep 16, 2017

Done, I'm not really good for write doc :P
let me know if it's not good enough

ldez
ldez previously approved these changes Sep 16, 2017
View reviewed changes
Copy link
Member

@ldez ldez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks 👍

LGTM

@ldez ldez dismissed their stale review September 16, 2017 12:06

I think to another way, more conventional

juliens
juliens approved these changes Sep 18, 2017
View reviewed changes
Copy link
Member

@juliens juliens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

nmengin
nmengin approved these changes Sep 18, 2017
View reviewed changes
Copy link
Contributor

@nmengin nmengin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👏

@emilevauge
Copy link
Member

Hey @ekozan,
Thanks a lot for this contribution ❤️
After digging into this, it appears that a bigger fix is necessary and we decided to do it ourselves.
I hope you don't mind if we close this one in favor of the new one :) OK for you ?
Thanks again !

@ekozan ekozan closed this Sep 18, 2017
@ekozan
Copy link
Author

ekozan commented Sep 18, 2017

:) okay

@ldez ldez removed the bot/no-merge label Sep 18, 2017
@magnock
Copy link

magnock commented Apr 9, 2018

Hello guys, anyone can help with using [entryPoints.http.auth.forward] in [entryPoints.https] ?
How to forward authentication when using HTTPS ??
Thx.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliens juliens juliens approved these changes

@nmengin nmengin nmengin approved these changes

@ldez ldez ldez left review comments

Assignees
No one assigned
Labels
area/authentication kind/enhancement a new or improved feature. size/S
Projects
None yet
Milestone
1.4
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@ekozan @ldez @emilevauge @magnock @juliens @nmengin @traefiker