From 530057c23a803ec2e4f05ed8b511c2f8f986ea4a Mon Sep 17 00:00:00 2001 From: Dirk Steinkopf Date: Thu, 15 Nov 2018 10:46:46 +0100 Subject: [PATCH 1/6] fix plugin name kong-http-to-https-redirect --- README.md | 2 +- src/handler.lua | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index db30c55..ffb0079 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Then in the kong.yml add ``` custom_plugins: - - http-to-https-redirect + - kong-http-to-https-redirect ``` Run kong reload or start and add the plugin as normal. diff --git a/src/handler.lua b/src/handler.lua index 9b73df5..9cfa3b1 100644 --- a/src/handler.lua +++ b/src/handler.lua @@ -4,7 +4,7 @@ local responses = require "kong.tools.responses" local HttpFilterHandler = BasePlugin:extend() function HttpFilterHandler:new() - HttpFilterHandler.super.new(self, "http-to-https-redirect") + HttpFilterHandler.super.new(self, "kong-http-to-https-redirect") end function HttpFilterHandler:access(conf) From 32d3825b953f2e592f6a78d254e615a4ab2286ac Mon Sep 17 00:00:00 2001 From: Dirk Steinkopf Date: Thu, 15 Nov 2018 10:47:05 +0100 Subject: [PATCH 2/6] add config parameter exclude_uri_pattern --- src/handler.lua | 5 ++++- src/schema.lua | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/handler.lua b/src/handler.lua index 9cfa3b1..b3937ac 100644 --- a/src/handler.lua +++ b/src/handler.lua @@ -11,7 +11,10 @@ function HttpFilterHandler:access(conf) HttpFilterHandler.super.access(self) if ngx.var.https ~= "on" then - return ngx.redirect("https://" .. ngx.var.host .. ngx.var.request_uri, ngx.HTTP_MOVED_PERMANENTLY) + local matches_exclude_pattern = conf.exclude_uri_pattern and string.find(ngx.var.request_uri, conf.exclude_uri_pattern) + if not matches_exclude_pattern then + return ngx.redirect("https://" .. ngx.var.host .. ngx.var.request_uri, ngx.HTTP_MOVED_PERMANENTLY) + end end end diff --git a/src/schema.lua b/src/schema.lua index ff2ee2c..0503ceb 100644 --- a/src/schema.lua +++ b/src/schema.lua @@ -1,5 +1,6 @@ return { no_consumer = true, fields = { + exclude_uri_pattern = {type = "string", required = false} } } From 9d24102d1f89a68abeb0032632e774f09ace94f5 Mon Sep 17 00:00:00 2001 From: Dirk Steinkopf Date: Thu, 15 Nov 2018 10:58:46 +0100 Subject: [PATCH 3/6] add exclude_uri_pattern to Readme.md --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ffb0079..dc6e154 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,12 @@ Run kong reload or start and add the plugin as normal. We recommend using [kong-docker by dojot](https://github.com/dojot/kong). Copy this repo into the plugins directory of that project and build a custom docker image. ## Configuration -As yet, we've had no need for any configuration. Raise an issue if there's anything you'd like to see. + +* `exclude_uri_pattern`: + When this value is empty, then a redirect is done in every HTTP (not HTTPS) request. + When it is set, then the redirect to https is only done when the called URI doesn't match to the Lua pattern in `exclude_uri_pattern`. + +Raise an issue if there's anything more you'd like to see. ## Misc From 1d4a57ea08cdb993090170f7b8136f6b4738a4a7 Mon Sep 17 00:00:00 2001 From: Dirk Steinkopf Date: Thu, 15 Nov 2018 11:20:42 +0100 Subject: [PATCH 4/6] update the plugin's priority handle redirect after ip-restriction, bot-detection, cors - but before jwt and other authentication plugins --- src/handler.lua | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/handler.lua b/src/handler.lua index b3937ac..5eb06e1 100644 --- a/src/handler.lua +++ b/src/handler.lua @@ -3,6 +3,10 @@ local responses = require "kong.tools.responses" local HttpFilterHandler = BasePlugin:extend() +-- handle redirect after ip-restriction, bot-detection, cors - but before jwt and other authentication plugins +-- see https://docs.konghq.com/0.14.x/plugin-development/custom-logic/ +HttpFilterHandler.PRIORITY = 1500 + function HttpFilterHandler:new() HttpFilterHandler.super.new(self, "kong-http-to-https-redirect") end From f8328d697379fbdcb42c0452a909ff5fe8f83392 Mon Sep 17 00:00:00 2001 From: Dirk Steinkopf Date: Thu, 15 Nov 2018 11:55:34 +0100 Subject: [PATCH 5/6] add info about plugin prio to Readme.md --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index dc6e154..16bc3b3 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,14 @@ Run kong reload or start and add the plugin as normal. ### Docker installation We recommend using [kong-docker by dojot](https://github.com/dojot/kong). Copy this repo into the plugins directory of that project and build a custom docker image. +## Info + +This plugins priority is set to 1500. +So it is handled after ip-restriction, bot-detection, cors - but before jwt and other authentication plugins +(see last paragraph in [Kongo Plugin Documentation - Custom Logic](https://docs.konghq.com/0.14.x/plugin-development/custom-logic/)). + + + ## Configuration * `exclude_uri_pattern`: From 58a8c70da7ec8443b3d0b0b4fec8fb520bb427ad Mon Sep 17 00:00:00 2001 From: Dirk Steinkopf Date: Mon, 26 Nov 2018 05:39:41 +0100 Subject: [PATCH 6/6] only redirect if x-forwared-for is not set to https --- .gitignore | 1 + src/handler.lua | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 6fd0a37..4c4201d 100644 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,4 @@ luac.out *.x86_64 *.hex +/.idea/ diff --git a/src/handler.lua b/src/handler.lua index 5eb06e1..1e06a72 100644 --- a/src/handler.lua +++ b/src/handler.lua @@ -14,7 +14,7 @@ end function HttpFilterHandler:access(conf) HttpFilterHandler.super.access(self) - if ngx.var.https ~= "on" then + if ngx.var.https ~= "on" and ngx.var.http_x_forwarded_proto ~= "https" then local matches_exclude_pattern = conf.exclude_uri_pattern and string.find(ngx.var.request_uri, conf.exclude_uri_pattern) if not matches_exclude_pattern then return ngx.redirect("https://" .. ngx.var.host .. ngx.var.request_uri, ngx.HTTP_MOVED_PERMANENTLY)