Skip to content
This repository was archived by the owner on Sep 7, 2021. It is now read-only.

Fix behaviour behind load balancer - fixes #4 #6

Closed
dsteinkopf wants to merge 6 commits into from
Closed

Fix behaviour behind load balancer - fixes #4 #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
530057c
fix plugin name kong-http-to-https-redirect
dsteinkopf Nov 15, 2018
32d3825
add config parameter exclude_uri_pattern
dsteinkopf Nov 15, 2018
9d24102
add exclude_uri_pattern to Readme.md
dsteinkopf Nov 15, 2018
1d4a57e
update the plugin's priority
dsteinkopf Nov 15, 2018
f8328d6
add info about plugin prio to Readme.md
dsteinkopf Nov 15, 2018
58a8c70
only redirect if x-forwared-for is not set to https
dsteinkopf Nov 26, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,3 +39,4 @@ luac.out
*.x86_64
*.hex

/.idea/
17 changes: 15 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,29 @@ Then in the kong.yml add

```
custom_plugins:
- http-to-https-redirect
- kong-http-to-https-redirect
```

Run kong reload or start and add the plugin as normal.

### Docker installation
We recommend using [kong-docker by dojot](https://github.com/dojot/kong). Copy this repo into the plugins directory of that project and build a custom docker image.

## Info

This plugins priority is set to 1500.
So it is handled after ip-restriction, bot-detection, cors - but before jwt and other authentication plugins
(see last paragraph in [Kongo Plugin Documentation - Custom Logic](https://docs.konghq.com/0.14.x/plugin-development/custom-logic/)).



## Configuration
As yet, we've had no need for any configuration. Raise an issue if there's anything you'd like to see.

* `exclude_uri_pattern`:
When this value is empty, then a redirect is done in every HTTP (not HTTPS) request.
When it is set, then the redirect to https is only done when the called URI doesn't match to the Lua pattern in `exclude_uri_pattern`.

Raise an issue if there's anything more you'd like to see.

## Misc

Expand Down
13 changes: 10 additions & 3 deletions src/handler.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,22 @@ local responses = require "kong.tools.responses"

local HttpFilterHandler = BasePlugin:extend()

-- handle redirect after ip-restriction, bot-detection, cors - but before jwt and other authentication plugins
-- see https://docs.konghq.com/0.14.x/plugin-development/custom-logic/
HttpFilterHandler.PRIORITY = 1500

function HttpFilterHandler:new()
HttpFilterHandler.super.new(self, "http-to-https-redirect")
HttpFilterHandler.super.new(self, "kong-http-to-https-redirect")
end

function HttpFilterHandler:access(conf)
HttpFilterHandler.super.access(self)

if ngx.var.https ~= "on" then
return ngx.redirect("https://" .. ngx.var.host .. ngx.var.request_uri, ngx.HTTP_MOVED_PERMANENTLY)
if ngx.var.https ~= "on" and ngx.var.http_x_forwarded_proto ~= "https" then
local matches_exclude_pattern = conf.exclude_uri_pattern and string.find(ngx.var.request_uri, conf.exclude_uri_pattern)
if not matches_exclude_pattern then
return ngx.redirect("https://" .. ngx.var.host .. ngx.var.request_uri, ngx.HTTP_MOVED_PERMANENTLY)
end
end
end

Expand Down
1 change: 1 addition & 0 deletions src/schema.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
return {
no_consumer = true,
fields = {
exclude_uri_pattern = {type = "string", required = false}
}
}