diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index fbb023f1b1..5d87e36331 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -663,12 +663,13 @@ stream { {{ end }} {{ if not (empty $location.ExternalAuth.Method) }} proxy_method {{ $location.ExternalAuth.Method }}; - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Scheme $pass_access_scheme; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Scheme $pass_access_scheme; {{ end }} proxy_pass_request_headers on; - proxy_set_header Host {{ $location.ExternalAuth.Host }}; - proxy_set_header X-Original-URL $scheme://$http_host$request_uri; + proxy_set_header Host {{ $location.ExternalAuth.Host }}; + proxy_set_header X-Original-URL $scheme://$http_host$request_uri; + proxy_set_header X-Auth-Request-Redirect $request_uri; proxy_ssl_server_name on; client_max_body_size "{{ $location.Proxy.BodySize }}"; @@ -712,9 +713,9 @@ stream { {{ if not (empty $authPath) }} # this location requires authentication - auth_request {{ $authPath }}; - auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; + auth_request {{ $authPath }}; + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; {{- range $idx, $line := buildAuthResponseHeaders $location }} {{ $line }} {{- end }} @@ -780,9 +781,6 @@ stream { proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Scheme $pass_access_scheme; - {{/* This header is used for external authentication */}} - proxy_set_header X-Auth-Request-Redirect $request_uri; - # mitigate HTTPoxy Vulnerability # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/ proxy_set_header Proxy "";