Closed
Description
I have a prometheus instance running under metrics-qa.staging.com:9043. I have to give the port number as haproxy on that host uses 9043 and cannot run on any default port of 443.
I have oauth2-proxy v3.2.0 deployed in K8s and exposed under oauth2-qa.staging.arm.com:9043. It has below configs set:
--http-address=0.0.0.0:4180
--cookie-domain=.staging.com
--oidc-issuer-url=https://dex-qa.staging.com:9043
--provider=oidc
--scope=openid profile email groups
--ssl-insecure-skip-verify=true
--whitelist-domain=.staging.com
--config=/etc/oauth2_proxy/oauth2_proxy.cfg
Here are annotation of prometheus ingress :
nginx.ingress.kubernetes.io/auth-signin: https://oauth2-qa.staging.com:9043/oauth2/start?rd=$scheme://$best_http_host$request_uri
nginx.ingress.kubernetes.io/auth-url: https://oauth2-qa.staging.com:9043/oauth2/auth
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
On successful authentication this redirects to oauth2-qa.staging.com:9043/ and results in 404
Expected Behavior
It should redirect to https://metrics-qa.staging.com:9043/
On console of chrome I could see the url is formed correctly but redirect still doesnt happen ie
Request URL: https://oauth2-qa.staging.com:9043/oauth2/start?rd=https://metrics-qa.staging.com:9043/
- Version used:
v3.2.0
Activity
JoelSpeed commentedon Oct 10, 2019
Handling of ports in whitelist domains is not currently implemented. This will require some changes to the
IsValidRedirectmethod in oauthproxy.go to make it handle redirect ports if they are setREADME translation of key-auth plugin (oauth2-proxy#279)