nginx 如何在ngnix ingress中对特定的HTTP方法进行基本的身份验证？

o7jaxewo 于 2023-11-17 发布在 Nginx

关注(0)|答案(2)|浏览(185)

我可以使用基本的auth来创建ingress。我遵循了kubernetes/ingress-nginx的模板：

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-with-auth
  annotations:
    # type of authentication
    nginx.ingress.kubernetes.io/auth-type: basic
    # name of the secret that contains the user/password definitions
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    # message to display with an appropriate context why the authentication is required
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
  rules:
  - host: foo.bar.com
    http:
      paths:
      - path: /
        backend:
          serviceName: http-svc
          servicePort: 80

字符串
它工作正常，但我需要允许'OPTIONS'方法没有基本的授权飞行前的请求。任何指针就如何做，将是非常有帮助的。

nginx

来源：https://stackoverflow.com/questions/51988839/how-can-i-put-basic-auth-on-specific-http-methods-in-ngnix-ingress

2条答案

按热度按时间

mqkwyuun1#

我刚刚遇到了同样的问题。我通过使用配置片段解决了它。

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-cors-auth-ingress
  annotations:
    nginx.ingress.kubernetes.io/configuration-snippet: |
      # fix cors issues of ingress when using external auth service
      if ($request_method = OPTIONS) {
        add_header Content-Length 0;
        add_header Content-Type text/plain;
        return 204;
      }
      more_set_headers "Access-Control-Allow-Credentials: true";
      more_set_headers "Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS";
      more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization";
      more_set_headers "Access-Control-Allow-Origin: $http_origin";
      more_set_headers "Access-Control-Max-Age: 600";
    nginx.ingress.kubernetes.io/auth-url: "http://auth-service.default.svc.cluster.local:80"

字符串

赞(0）回复(0）举报 2023-11-17

u2nhd7ah2#

我也有同样的问题：一个为CORS配置的应用程序，但在k8s nginx入口后面有基本的身份验证，这会杀死preflight请求。最后，我将我的CORS配置移动到入口。入口上的注解完美地协同工作;以正确的方式响应preflight请求。这解决了我的问题。

nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/enable-cors: "true"

字符串
参见https://github.com/kubernetes/ingress-nginx/issues/8964

赞(0）回复(0）举报 2023-11-17

我来回答

nginx 如何在ngnix ingress中对特定的HTTP方法进行基本的身份验证？

2条答案

相关问题

热门标签

最新问答