Redirect Insecure Requests with the X-Forwarded-Proto header #556
Conversation
tomasbasham
changed the title
tomasbasham
changed the title
|
Hi, it would be lovely if anyone could help with the We would then greatly appreciate if this PR was considered for review and merging because at the moment we are using a fork, and if the functionality doesn't get into upstream we will be forced to revert to an needlessly complicated nginx setup sidecar in our deployment. Thank you!! 🙂 |
|
@jehiah Is there any chance you can take a look at this? We are relying on this feature and ideally would not want to revert to having an nginx proxy in the middle. Also if you have any idea why |
|
Thanks @ploxiln. I guess there is noting I can do until either of these gets merged save me having to duplicate the effort. |
The
X-Forwarded-Protoheader is the standard way to identify over what protocol a request has been made by a client to a proxy or load balancer. Some load balancers (including Google Cloud Load Balancer - one which I use) set this header before forwarding the request.I have setup
oauth2_proxyto sit behind the GCLB (that performs TLS termination) however currently when I hit the load balancer over HTTP it does not redirect to HTTPS before initiating the OAuth dance causing the authentication to fail due to the mismatch of protocol. To prevent this I have had to sit nginx in front ofoauth2_proxyjust to do the HTTPS redirection. The current infrastructure look like the following:This PR introduces the ability for the
oauth2_proxyto handle the redirection by respecting theX-Forwarded-Protoheader removing the need for an extra proxy (nginx or similar).