profile
viewpoint

mouchar/augeas 0

A configuration editing tool and API

mouchar/aws-s3-proxy 0

Reverse proxy for AWS S3 with basic authentication.

mouchar/bitnami-docker-pgpool 0

Bitnami Pgpool-II Docker Image

mouchar/charts 0

Helm Charts

mouchar/cmc 0

ControlMaster Controller - Eases management of SSH ControlMaster connections

mouchar/dex 0

OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors

mouchar/docker-image-for-vertica 0

Vertica docker deployment (single container version)

mouchar/dockerize 0

Utility to simplify running applications in docker containers

mouchar/facter 0

Collect and display system facts

mouchar/flux 0

FluxCD demo

push eventgooddata/gooddata-server-oauth2

Milan Sladky

commit sha 549d3ccf59617eefb9383baaa4edfbac6515a1f9

NAS-2783 Compliance check from latest image

view details

Robert Moucha

commit sha 20974100e42e2e4055c2a8d5b331c6a3619f9405

Merge branch 'msl-fixups' into 'master' NAS-2783 Compliance check from latest image See merge request gooddata/gooddata-server-oauth2!16

view details

push time in 8 days

create barnchgooddata/gooddata-server-oauth2

branch : msl-fixups

created branch time in 8 days

created taggooddata/gooddata-server-oauth2

taggooddata-server-oauth2-0.7.0

GoodData Server OAuth2 Starter codebase (synced from GitLab)

created time in 9 days

push eventgooddata/gooddata-server-oauth2

Peter Plochan

commit sha 9953ffba8c7b3a5cd51bae5721ebaa9bafba63ba

Unify webflux and mvc not-authenticated URLs

view details

Peter Plochan

commit sha 42e61742a024943034b1031384ed27d35512e78e

Whitelist default Spring /login pages from auth This avoids infinite redirect loops when the login?error tries to login again

view details

Peter Plochan

commit sha 8c75725e9d76b31b228e13147681f7089e9ce7b2

TRIVIAL: use object providers in oauth2 auto-configurations This removes Spring warnings produced by IDEs like IntelliJ

view details

Peter Plochan

commit sha c35f3fb8c78ec7e327fce4dca43e032dd9e21590

TRIVIAL: use Kotlin DSL for HTTP security configuration

view details

Peter Plochan

commit sha 10eee6fb71b0f74293ee7b3d879ff50c2cf67fdd

Handle all authentication failures as 401 Unauthorized This avoids redirection to Spring default `/login?error` endpoint.

view details

Peter Plochan

commit sha d00335d97ab048902b3c5879663656dd4bf07eb5

Merge branch 'ppl/infinite-redirect' into 'master' NAS-2760: resolve authentication failure issues See merge request gooddata/gooddata-server-oauth2!15

view details

push time in 9 days

startedgolang-standards/project-layout

started time in 15 days

create barnchgooddata/gooddata-server-oauth2

branch : ppl/infinite-redirect

created branch time in 15 days

push eventmouchar/gooddata-cn-tools

Robert Moucha

commit sha 4147407230c98479047fb8b801af17317ee4b135

Example Organization manifests

view details

push time in a month

push eventmouchar/gooddata-cn-tools

Robert Moucha

commit sha 2010e8d362800b999518b7b33734abdced3b9ab3

Minor refactor and code cleanup - fixed all shellcheck issues - reorganize code blocks - use pulsar helm repo instead of raw helm package

view details

Robert Moucha

commit sha 2df40ee3e126fd250c0cc38a60c5bb9d309184f3

Custom ports, allow disabling tls - k3d 5.x finally supported (with config file) - new parameter for disabling tls stuff (port 443) - detailed description in README how to run k3d behind reverse proxy - upgrade ingress-nginx, simplify config (abandon containerPort magic)

view details

push time in a month

push eventmouchar/gooddata-cn-tools

Robert Moucha

commit sha 15dd2ac1bbe2e1147e02dc10b87cd4658b203a02

Better support for custom SSL port k3d uses TCP loadbalancer that can not handle HTTP headers. So the ports on load balancer must exacly match the ports in Ingress Controller (both on service and container) to make the X-Forwarded-Port contain a proper value (the port used on k3d load balancer). GoodData.CN relied on this header to compute the callback URL for OAuth 2.0 flow.

view details

Robert Moucha

commit sha 6d0541381543e0fe46a8b1ac885a56ed5b5ce90d

Bump GoodData.CN version We have a new serivice (Calcique) that will replace AQE soon.

view details

Robert Moucha

commit sha d57e2042bafcb86bf46b133ccb3da545336e3c85

Update README files

view details

Robert Moucha

commit sha 66fc90a2fd1f4c87c60262e8694bdcb017cdcda6

Increase direct memory for bookkeeper

view details

push time in a month

issue commentkubernetes/ingress-nginx

Problem with HTTPS, CloudFlare and X-Forwarded-Port header

I stumbled into this issue while troubleshooting the closely related problem. We use custom SSL port 5443 for ingress-controller instead of standard 443, but ingress-nginx always sends X-Forwarded-Port: 443 to our backend. Sad thing is that even sending this header from the client to nginx doesn't help, it always returns a constant 443 value, regardless of $server_port. I believe the problem is in the following part of Lua code: https://github.com/kubernetes/ingress-nginx/blob/6c729e9cc76ca33ecd1b33c36b931c0aa27aa34f/rootfs/etc/nginx/lua/lua_ingress.lua#L168-L169

I tried to comprehend this code but I really don't understand why the value is set to 443 and not to config.listen_ports.https (or left as is, because it is already set to the proper value at line 163).

When I tried to play with nginx.conf template on a live server, I figured out these things:

Variable Value OK?
$server_port 5443 OK :heavy_check_mark:
$pass_server_port 5443 OK :heavy_check_mark:
$pass_port 443 KO :heavy_multiplication_x:

As others already mentioned there's no way how to override this value by configuration.

Any help would be appreciated.

tpoindessous

comment created time in 2 months

push eventmouchar/gooddata-cn-tools

Robert Moucha

commit sha b1f8e2b492d899803cc1bb0bbb1383654f3ed3a3

Better support for custom SSL port k3d uses TCP loadbalancer that can not handle HTTP headers. So the ports on load balancer must exacly match the ports in Ingress Controller (both on service and container) to make the X-Forwarded-Port contain a proper value (the port used on k3d load balancer). GoodData.CN relied on this header to compute the callback URL for OAuth 2.0 flow.

view details

Robert Moucha

commit sha 4edb276c0f80d260fd2c20878136ce7fe0a23937

Bump GoodData.CN version We have a new serivice (Calcique) that will replace AQE soon.

view details

Robert Moucha

commit sha 73c052d606579dd72ee6011cb78148a6b8fc8e1f

Update README files

view details

push time in 2 months

push eventmouchar/gooddata-cn-tools

Robert Moucha

commit sha 172196f5272026c709caa85c7fff5306345db75e

Fix propagation of SSL port This fix is NOT sufficient to make it work on other port than 443. We need to generate ingress-nginx.yaml from template and pass the port number to these values: controller: containerPort: https: $LBSSLPORT service: ports: https: $LBSSLPORT

view details

push time in 2 months

push eventmouchar/gooddata-cn-tools

Robert Moucha

commit sha 4fbf1641e48df861e995f5e82c50d57f53e9749a

Fix getopts line

view details

push time in 3 months

push eventmouchar/gooddata-cn-tools

Robert Moucha

commit sha f780ac636bd7666c5360aacba5ce10e6efb7edb0

use alternate port for registry, smaller pulsar image * port 5000 can be occupied, set 5050 to default and allow override * use smaller pulsar instead pulsar-all image

view details

Robert Moucha

commit sha fd3f592f9638b6dfb522a4b40fc442eef154c555

Newer k3s node image This image has fixed local path provisioner, it fixes issue with k3d 4.4.8

view details

Robert Moucha

commit sha 75d6b5010155feb06e6033dc2b588261cf72e13b

Describe the license requirement

view details

push time in 3 months

push eventmouchar/gooddata-cn-tools

Robert Moucha

commit sha eaa1b5f54f861d8a8a7d535af7708626b8f7c6a1

k3d description

view details

push time in 3 months

create barnchmouchar/gooddata-cn-tools

branch : master

created branch time in 3 months

created repositorymouchar/gooddata-cn-tools

Various tools related to GoodData.CN

created time in 3 months

more