From dffff2d831a943cc755bbea841b7c0c6baa62968 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Tue, 24 Dec 2024 10:57:21 +0000 Subject: [PATCH] pass fewer authentik headers to upstream [ci skip] --- modules/kubernetes/reverse_proxy/factory/main.tf | 2 +- modules/kubernetes/reverse_proxy/main.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/kubernetes/reverse_proxy/factory/main.tf b/modules/kubernetes/reverse_proxy/factory/main.tf index 61260545..f98f5281 100644 --- a/modules/kubernetes/reverse_proxy/factory/main.tf +++ b/modules/kubernetes/reverse_proxy/factory/main.tf @@ -72,7 +72,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" { "nginx.ingress.kubernetes.io/auth-url" : var.protected ? "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" : null "nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" : null - "nginx.ingress.kubernetes.io/auth-response-headers" : var.protected ? "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" : null + # "nginx.ingress.kubernetes.io/auth-response-headers" : var.protected ? "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" : null "nginx.ingress.kubernetes.io/auth-snippet" : var.protected ? "proxy_set_header X-Forwarded-Host $http_host;" : null "nginx.ingress.kubernetes.io/proxy-body-size" : var.max_body_size diff --git a/modules/kubernetes/reverse_proxy/main.tf b/modules/kubernetes/reverse_proxy/main.tf index 89a16094..4f9fe459 100644 --- a/modules/kubernetes/reverse_proxy/main.tf +++ b/modules/kubernetes/reverse_proxy/main.tf @@ -93,6 +93,7 @@ module "tp-link-gateway" { tls_secret_name = var.tls_secret_name backend_protocol = "HTTPS" depends_on = [kubernetes_namespace.reverse-proxy] + protected = true } # https://truenas.viktorbarzin.me/