0

I want to disable basic auth only on a specific subpath of my App. How this can be done?

e.g.

All subpaths should be basic auth secured:

/

This path should be an exception and public reachable:

/#/public

ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: app
  labels:
    app: app
  annotations:
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
    ingress.kubernetes.io/auth-type: basic
    ingress.kubernetes.io/auth-secret: basic-auth
    ingress.kubernetes.io/auth-realm:  "Authentication Required"
spec:
  rules:
  - host: "<MYHOST>"
    http:
      paths:
      - path: /
        backend:
          serviceName: app-service
          servicePort: 80
  tls:
    - secretName: "app-secret"
      hosts:
      - "<MYHOST>"
Tim Schwalbe
  • 1,588
  • 4
  • 19
  • 37

1 Answers1

2

The path you're trying to use ( /#/public ) never reachs the server, the client send only /. That's the reason why you are unable to disable de auth.

The symbol (#) is a separator for URL fragment identifier. The rfc2396 explains it.

The semantics of a fragment identifier is a property of the data resulting from a retrieval action, regardless of the type of URI used in the referenc

If you tail the logs of your ingress pod you'll see the url that reachs the backend.

An additional note, if you need the url to reach the server then you need to urlencode it, /%23/public but, it's something with a different meaning.

Regards.

mdaguete
  • 387
  • 2
  • 4
  • 1
    Thanks for the explanation, but how would I disable if it was just a subpath of the app. e.g. /public? – Tim Schwalbe Jan 31 '19 at 16:57
  • You can try to create another ingress definition capturing the path without the auth annotations. – mdaguete Jan 31 '19 at 17:01
  • and /#/public will be replaced by the app? for example: /addUser/public will be called because the request content was about adding a user? I will read about it. Thanks so far. – Tim Schwalbe Jan 31 '19 at 17:04
  • Hi @TimSchwalbe i have the same issue, this is the [link](https://stackoverflow.com/questions/64858553/how-do-i-use-ingress-with-basic-auth-but-only-for-certain-routes) to my issue, can you see if you can help from your experience? – Шурбески Христијан Nov 16 '20 at 16:11
  • Sorry, did not solve it. But you could try this: nginx.ingress.kubernetes.io/server-snippet: | location ~* /[^/]+/public { auth_basic "off"; include /etc/nginx/uwsgi_params; uwsgi_pass unix:/tmp/app.sock; } But really not sure if it will work. @ШурбескиХристијан Was it about swagger? – Tim Schwalbe Nov 18 '20 at 15:49