DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix client source IP address

Browse source
This commit is contained in:
Manuel de Brito Fontes 2017-02-26 19:01:07 -03:00
parent 0aabfba848
commit 02d44ccbaa
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -1,4 +1,8 @@
{{ $cfg := .Cfg }}{{ $healthzURI := .HealthzURI }}{{ $backends := .Backends }}{{ $proxyHeaders := .ProxySetHeaders }} {{ $cfg := .Cfg }}
{{ $healthzURI := .HealthzURI }}
{{ $backends := .Backends }}
{{ $proxyHeaders := .ProxySetHeaders }}
{{ $passthroughBackends := .PassthroughBackends }}
daemon off; daemon off;
worker_processes {{ $cfg.WorkerProcesses }}; worker_processes {{ $cfg.WorkerProcesses }};
@ -208,7 +212,7 @@ http {
listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $index 0 }} ipv6only=off{{end}}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}}; listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $index 0 }} ipv6only=off{{end}}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}};
{{/* Listen on 442 because port 443 is used in the stream section */}} {{/* Listen on 442 because port 443 is used in the stream section */}}
{{/* This listen cannot contains proxy_protocol directive because port 443 is in charge of decoding the protocol */}} {{/* This listen cannot contains proxy_protocol directive because port 443 is in charge of decoding the protocol */}}
{{ if not (empty $server.SSLCertificate) }}listen 442 {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }}; {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}[::]:443 {{ end }}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }};
{{/* comment PEM sha is required to detect changes in the generated configuration and force a reload */}} {{/* comment PEM sha is required to detect changes in the generated configuration and force a reload */}}
# PEM sha: {{ $server.SSLPemChecksum }} # PEM sha: {{ $server.SSLPemChecksum }}
ssl_certificate {{ $server.SSLCertificate }}; ssl_certificate {{ $server.SSLCertificate }};
@ -434,6 +438,7 @@ http {
} }
stream { stream {
{{ if gt (len $passthroughBackends) 0 }}
# map FQDN that requires SSL passthrough # map FQDN that requires SSL passthrough
map $ssl_preread_server_name $stream_upstream { map $ssl_preread_server_name $stream_upstream {
{{ range $i, $passthrough := .PassthroughBackends }} {{ range $i, $passthrough := .PassthroughBackends }}
@ -465,6 +470,7 @@ stream {
proxy_pass $stream_upstream; proxy_pass $stream_upstream;
ssl_preread on; ssl_preread on;
} }
{{ end }}
# TCP services # TCP services
{{ range $i, $tcpServer := .TCPBackends }} {{ range $i, $tcpServer := .TCPBackends }}