Skip to content

auth-tls-error-page does not allow named locations from server snippet #13736

New issue
New issue
Open
#13752
Open
auth-tls-error-page does not allow named locations from server snippet#13736
#13752
Assignees
Dean-Coakley
Labels
kind/bugCategorizes issue or PR as related to a bug.needs-priorityneeds-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.
@rittneje

Description

@rittneje
rittneje
opened on Aug 8, 2025

We are trying to upgrade from v1.11.5. However, we are blocked because ingress-nginx now blocks our nginx.ingress.kubernetes.io/auth-tls-error-page annotations.

We have defined some custom nginx locations in a server snippet annotation like so:

  server-snippet: |
    location @401 {
      internal;
      return 401;
    }

Then we set nginx.ingress.kubernetes.io/auth-tls-error-page: "@401" annotation in the Ingress.

In v1.11.5, this works. In the latest release, this is rejected.

E0808 05:40:43.123532 7 annotations.go:193] "ingress contains invalid annotation value" err="annotation nginx.ingress.kubernetes.io/auth-tls-error-page contains invalid value"

Please fix the regex to allow named locations.

ingress-nginx/internal/ingress/annotations/authtls/main.go

Line 45 in 0f18595

redirectRegex = regexp.MustCompile(`^((https?://)?[A-Za-z0-9\-.]+(:\d+)?)?(/[A-Za-z0-9\-_.]+)*/?$`)

Metadata

Metadata

Assignees

Labels

kind/bugCategorizes issue or PR as related to a bug.needs-priorityneeds-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.

Type

No type

Projects

[SIG Network] Ingress NGINX

Status

No status

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions