Skip authentication for health check urls #48
Comments
|
|
|
Our current setup has Amazon ELB configured to balance across 3 nodes. Each node exposes a health check end point /status. ELB takes a node out of rotation on failure at /status end point. With auth proxy, we will be pointing the ELB at auth proxy and configure auth proxy to the application nodes. Can you please clarify how the following can be done,
|
|
You can run google_auth_proxy on each node. If you use the same "secret" parameter for each, then logging into one will log you into any, but I think the initial oauth flow won't work if your requests switch between nodes during that process. It may make sense to combine google_auth_proxy with flexible proxying webserver like nginx. You could configure nginx to proxy just one path through to the app directly, and for any other request proxy to google_auth_proxy (which then proxies to the app). Or, you could have initial connections go to one instance of google_auth_proxy, and have it proxy to nginx, which then does load-balancing between multiple app nodes. |
|
Thank you. We are going with the first option.
We have made changes to skip authentication for a configured path. I will submit a patch for the same. As of now, it's restricted to a single path but can be extended to support a list of paths or regex based paths. |
|
closing in favor of #50 |
Our LB periodically hits "/status" and if a failure response is returned, it takes it oor till it gets a success response. The problem is auth proxy redirects all calls to login page. Is there a way I can exclude certain paths from getting authenticated?
The text was updated successfully, but these errors were encountered: