From 0c2e199833f301b9ff4e5e0483025a1c1701673d Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Sat, 2 Apr 2016 17:41:41 -0300 Subject: [PATCH] Allow traffic to default server _ --- controllers/nginx/controller.go | 26 +++++++++++++++++++++++--- controllers/nginx/nginx.tmpl | 22 ++-------------------- 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/controllers/nginx/controller.go b/controllers/nginx/controller.go index b7710a686..1e98e328c 100644 --- a/controllers/nginx/controller.go +++ b/controllers/nginx/controller.go @@ -42,6 +42,7 @@ import ( const ( defUpstreamName = "upstream-default-backend" + defServerName = "_" ) var ( @@ -435,10 +436,19 @@ func (lbc *loadBalancerController) getDefaultUpstream() *nginx.Upstream { func (lbc *loadBalancerController) getUpstreamServers(data []interface{}) ([]*nginx.Upstream, []*nginx.Server) { upstreams := lbc.createUpstreams(data) - servers := lbc.createServers(data) - upstreams[defUpstreamName] = lbc.getDefaultUpstream() + servers := lbc.createServers(data) + // default server - no servername. + servers[defServerName] = &nginx.Server{ + Name: defServerName, + Locations: []*nginx.Location{&nginx.Location{ + Path: "/", + Upstream: *lbc.getDefaultUpstream(), + }, + }, + } + for _, ingIf := range data { ing := ingIf.(*extensions.Ingress) @@ -521,7 +531,6 @@ func (lbc *loadBalancerController) getUpstreamServers(data []interface{}) ([]*ng func (lbc *loadBalancerController) createUpstreams(data []interface{}) map[string]*nginx.Upstream { upstreams := make(map[string]*nginx.Upstream) - upstreams[defUpstreamName] = nginx.NewUpstream(defUpstreamName) for _, ingIf := range data { ing := ingIf.(*extensions.Ingress) @@ -603,6 +612,17 @@ func (lbc *loadBalancerController) getPemsFromIngress(data []interface{}) map[st continue } + if len(tls.Hosts) == 0 { + if _, ok := pems["_"]; ok { + glog.Warningf("It is not possible to use %v secret for default SSL certificate because there is one already defined", secretName) + continue + } + + pems["_"] = pemFileName + glog.Infof("Using the secret %v as source for the default SSL certificate", secretName) + continue + } + for _, host := range tls.Hosts { if isHostValid(host, cn) { pems[host] = pemFileName diff --git a/controllers/nginx/nginx.tmpl b/controllers/nginx/nginx.tmpl index 6b069028b..7acf5f736 100644 --- a/controllers/nginx/nginx.tmpl +++ b/controllers/nginx/nginx.tmpl @@ -40,7 +40,7 @@ http { server_names_hash_bucket_size {{ $cfg.serverNameHashBucketSize }}; include /etc/nginx/mime.types; - default_type application/octet-stream; + default_type text/html; {{ if $cfg.useGzip }} gzip on; gzip_comp_level 5; @@ -143,24 +143,6 @@ http { # In case of errors try the next upstream server before returning an error proxy_next_upstream error timeout invalid_header http_502 http_503 http_504 {{ if $cfg.retryNonIdempotent }}non_idempotent{{ end }}; - server { - listen 80 default_server{{ if $cfg.useProxyProtocol }} proxy_protocol{{ end }}; - - location / { - return 200; - } - - location /nginx_status { - allow 127.0.0.1; - deny all; - - access_log off; - stub_status on; - } - - {{ template "CUSTOM_ERRORS" $cfg }} - } - {{range $name, $upstream := .upstreams}} upstream {{$upstream.Name}} { least_conn; @@ -186,6 +168,7 @@ http { return 301 https://$host$request_uri; } {{ end }} + {{ range $location := $server.Locations }} location {{ $location.Path }} { proxy_set_header Host $host; @@ -199,7 +182,6 @@ http { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Proto $pass_access_scheme; proxy_connect_timeout {{ $cfg.proxyConnectTimeout }}s;