Ingress basic-auth not working

Hi there,
I´m trying to make some tests with nginx-ingress annotations. In my case I can´t get basic-auth to work.

Like described here https://github.com/rancher/ingress-nginx/blob/master/docs/user-guide/annotations.md#authentication I created a basic-auth secret with key named auth. Then I attached the annotations to to ingress but nothing changes. Does anybody already tried this with rancher >2.0.0?

regards, christian

After some investigation I found the solution. The documentation is misleading. You must not use double quotes to enclose the auth-realm

nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: realm string

works fine.

I created a pull request to fix the documentation for this https://github.com/kubernetes/ingress-nginx/pull/2770 .

Investigation was

kubectl logs nginx-ingress-controller-abdf2 -n ingress-nginx

and showed something like

Error: exit status 1
2018/07/11 07:51:42 [emerg] 4610#4610: unexpected "A" in /tmp/nginx-cfg788972583:307
nginx: [emerg] unexpected "r" in /tmp/nginx-cfg788972583:307
nginx: configuration file /tmp/nginx-cfg788972583 test failed

The error is caused by the following nginx config line.

auth_basic ""realm string"";

The docs are a yaml file, so the example is fine there, and quoting would be required in some cases, e.g. if there was a colon in the realm.

In the Rancher UI they’re a key-value map so if you put in a quote it goes into the literal value, which then produces an invalid config.

Ok. Thx for the details. Indeed it not really wrong in doc but misleading because I stumpled over this over and over again.

Hi
I made the whole process of adding basic auth via the graphic interface of the rancher, I created the password file and then added the annotations, following the indications of this post, and even then use of the password does not work, when I remove annotations password, the url works well, with password it return error 502/503

I used

nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: realm string

Rancher ngress needs any label or more confs?

Hi,
hm… that should work. Actually it´s strange that you get a 502/503 and not a 401 or something else. And no, rancher doesn´t need more annotations. It´s fully nginx-ingress-controllers responsibilty.

  1. Does the Ingress work without the auth-annotations?
  2. Can you please check the logs of your ingress-controller container? This logs are usually very verbose.
  3. Can you check, that your secret with name “basic-auth” exists? And does this secret has a key “auth” with your base64 encoded password?

regards, Christian