Kubernetes NGINX入口:禁用特定路径的基本身份验证 [英] Kubernetes NGINX Ingress: Disable Basic Auth for specific path

问题描述

我只想在我的应用程序的特定子路径上禁用基本身份验证.该怎么做?

I want to disable basic auth only on a specific subpath of my App. How this can be done?

例如

所有子路径都应受基本身份验证保护:

/ 

此路径应为例外且可公开访问:

/#/public 

ingress.yaml

ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: app
  labels:
    app: app
  annotations:
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
    ingress.kubernetes.io/auth-type: basic
    ingress.kubernetes.io/auth-secret: basic-auth
    ingress.kubernetes.io/auth-realm:  "Authentication Required"
spec:
  rules:
  - host: "<MYHOST>"
    http:
      paths:
      - path: /
        backend:
          serviceName: app-service
          servicePort: 80
  tls:
    - secretName: "app-secret"
      hosts:
      - "<MYHOST>"

推荐答案

您尝试使用的路径(/#/public)永远不会到达服务器，客户端仅发送/.这就是为什么您无法禁用de auth的原因.

The path you're trying to use ( /#/public ) never reachs the server, the client send only /. That's the reason why you are unable to disable de auth.

符号(#)是URL片段标识符的分隔符. rfc2396 对此进行了说明.

The symbol (#) is a separator for URL fragment identifier. The rfc2396 explains it.

片段标识符的语义是数据的属性 取回操作产生的结果，无论使用哪种URI 在参考

The semantics of a fragment identifier is a property of the data resulting from a retrieval action, regardless of the type of URI used in the referenc

如果尾随Ingress Pod的日志，您将看到到达后端的URL.

If you tail the logs of your ingress pod you'll see the url that reachs the backend.

另一条注释，如果您需要URL才能到达服务器，则需要对它进行urlencode，/%23/public，但这具有不同的含义.

An additional note, if you need the url to reach the server then you need to urlencode it, /%23/public but, it's something with a different meaning.

关于.

这篇关于Kubernetes NGINX入口:禁用特定路径的基本身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！