Skip to content

Commit

Permalink
Added ssloffloadForceHttps
Browse files Browse the repository at this point in the history
  • Loading branch information
RobinDuhan committed Sep 28, 2024
1 parent db9d573 commit d6dd9aa
Show file tree
Hide file tree
Showing 6 changed files with 22 additions and 4 deletions.
8 changes: 7 additions & 1 deletion stable/artifactory-ha/files/nginx-artifactory-conf.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -63,12 +63,18 @@ location / {
proxy_cookie_path ~*^/.* /;
proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/;
{{- if .Values.nginx.service.ssloffload}}
{{- if .Values.nginx.service.ssloffloadForceHttps}}
proxy_set_header X-JFrog-Override-Base-Url https://$host;
proxy_set_header X-Forwarded-Proto https;
{{- else }}
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
{{- end }}
{{- else }}
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$host_port;
proxy_set_header X-Forwarded-Port $server_port;
{{- end }}
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
{{- end }}
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
{{- if .Values.nginx.disableProxyBuffering}}
Expand Down
2 changes: 1 addition & 1 deletion stable/artifactory-ha/templates/nginx-service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ spec:
{{- if .Values.nginx.https }}
{{- if or .Values.nginx.https.enabled .Values.nginx.service.ssloffload }}
- port: {{ .Values.nginx.https.externalPort }}
{{- if .Values.nginx.service.ssloffload }}
{{- if and .Values.nginx.service.ssloffload (not .Values.nginx.service.ssloffloadForceHttps) }}
targetPort: {{ .Values.nginx.http.internalPort }}
{{- else }}
targetPort: {{ .Values.nginx.https.internalPort}}
Expand Down
2 changes: 2 additions & 0 deletions stable/artifactory-ha/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1628,6 +1628,8 @@ nginx:
## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific)
## This can be either SingleStack, PreferDualStack or RequireDualStack
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services

ssloffloadForceHttps: false
##
ipFamilyPolicy: ""
## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific)
Expand Down
8 changes: 7 additions & 1 deletion stable/artifactory/files/nginx-artifactory-conf.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -63,12 +63,18 @@ location / {
proxy_cookie_path ~*^/.* /;
proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/;
{{- if .Values.nginx.service.ssloffload}}
{{- if .Values.nginx.service.ssloffloadForceHttps}}
proxy_set_header X-JFrog-Override-Base-Url https://$host;
proxy_set_header X-Forwarded-Proto https;
{{- else }}
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
{{- end }}
{{- else }}
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$host_port;
proxy_set_header X-Forwarded-Port $server_port;
{{- end }}
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
{{- end }}
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
{{- if .Values.nginx.disableProxyBuffering}}
Expand Down
2 changes: 1 addition & 1 deletion stable/artifactory/templates/nginx-service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ spec:
{{- if .Values.nginx.https }}
{{- if or .Values.nginx.https.enabled .Values.nginx.service.ssloffload }}
- port: {{ .Values.nginx.https.externalPort }}
{{- if .Values.nginx.service.ssloffload }}
{{- if and .Values.nginx.service.ssloffload (not .Values.nginx.service.ssloffloadForceHttps) }}
targetPort: {{ .Values.nginx.http.internalPort }}
{{- else }}
targetPort: {{ .Values.nginx.https.internalPort}}
Expand Down
4 changes: 4 additions & 0 deletions stable/artifactory/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1481,6 +1481,10 @@ nginx:
## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific)
## This can be either SingleStack, PreferDualStack or RequireDualStack
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services

## @param service.ssloffloadForceHttps Override http_x_forwarded_proto flag for external ingress (optional, likely OpenShift specific for ClusterIP based nginx service config)
ssloffloadForceHttps: false

##
ipFamilyPolicy: ""
## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific)
Expand Down

0 comments on commit d6dd9aa

Please sign in to comment.