Skip to content

Instantly share code, notes, and snippets.

@guilhem
Last active October 25, 2021 12:16
Show Gist options
  • Save guilhem/52a2722eceffcd7a29b3b5687deedcd6 to your computer and use it in GitHub Desktop.
Save guilhem/52a2722eceffcd7a29b3b5687deedcd6 to your computer and use it in GitHub Desktop.
fix nginx.ingress.kubernetes.io/force-ssl-redirect="true" with cloudlare
apiVersion: v1
kind: ConfigMap
metadata:
name: cloudflare-forwarded-port
namespace: ingress-nginx
data:
main.lua: |
local ngx = ngx
local _M = {}
function _M.rewrite()
if (ngx.var.http_cf_visitor and ngx.var.http_cf_visitor:find( "https")) then
-- ngx.log(ngx.WARN, "testssl headers ", ngx.req.get_headers())
ngx.req.set_header("X-Forwarded-Proto", "https")
ngx.req.set_header("X-Forwarded-Port", "443")
end
end
return _M
local ngx = ngx
local _M = {}
function _M.rewrite()
if (ngx.var.http_cf_visitor and ngx.var.http_cf_visitor:find( "https")) then
-- ngx.log(ngx.WARN, "testssl headers ", ngx.req.get_headers())
ngx.req.set_header("X-Forwarded-Proto", "https")
ngx.req.set_header("X-Forwarded-Port", "443")
end
end
return _M
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app: ingress-nginx
data:
[...]
plugins: "cloudflare-forwarded-port"
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
spec:
template:
spec:
containers:
- name: nginx-ingress-controller
volumeMounts:
- name: cloudflare-forwarded-port
mountPath: /etc/nginx/lua/plugins/cloudflare-forwarded-port
volumes:
- name: cloudflare-forwarded-port
configMap:
name: cloudflare-forwarded-port
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment