Allow traffic to default server _

2016-04-02 17:41:41 -03:00 · 2016-04-02 17:41:41 -03:00 · 0c2e199833
commit 0c2e199833
parent b658ba8cac
2 changed files with 25 additions and 23 deletions
--- a/controllers/nginx/controller.go
+++ b/controllers/nginx/controller.go
@ -42,6 +42,7 @@ import (

 const (
 	defUpstreamName = "upstream-default-backend"
+	defServerName   = "_"
 )

 var (
@ -435,10 +436,19 @@ func (lbc *loadBalancerController) getDefaultUpstream() *nginx.Upstream {

 func (lbc *loadBalancerController) getUpstreamServers(data []interface{}) ([]*nginx.Upstream, []*nginx.Server) {
 	upstreams := lbc.createUpstreams(data)
-	servers := lbc.createServers(data)
-
 	upstreams[defUpstreamName] = lbc.getDefaultUpstream()

+	servers := lbc.createServers(data)
+	// default server - no servername.
+	servers[defServerName] = &nginx.Server{
+		Name: defServerName,
+		Locations: []*nginx.Location{&nginx.Location{
+			Path:     "/",
+			Upstream: *lbc.getDefaultUpstream(),
+		},
+		},
+	}
+
 	for _, ingIf := range data {
 		ing := ingIf.(*extensions.Ingress)

@ -521,7 +531,6 @@ func (lbc *loadBalancerController) getUpstreamServers(data []interface{}) ([]*ng

 func (lbc *loadBalancerController) createUpstreams(data []interface{}) map[string]*nginx.Upstream {
 	upstreams := make(map[string]*nginx.Upstream)
-	upstreams[defUpstreamName] = nginx.NewUpstream(defUpstreamName)

 	for _, ingIf := range data {
 		ing := ingIf.(*extensions.Ingress)
@ -603,6 +612,17 @@ func (lbc *loadBalancerController) getPemsFromIngress(data []interface{}) map[st
 				continue
 			}

+			if len(tls.Hosts) == 0 {
+				if _, ok := pems["_"]; ok {
+					glog.Warningf("It is not possible to use %v secret for default SSL certificate because there is one already defined", secretName)
+					continue
+				}
+
+				pems["_"] = pemFileName
+				glog.Infof("Using the secret %v as source for the default SSL certificate", secretName)
+				continue
+			}
+
 			for _, host := range tls.Hosts {
 				if isHostValid(host, cn) {
 					pems[host] = pemFileName
--- a/controllers/nginx/nginx.tmpl
+++ b/controllers/nginx/nginx.tmpl
@ -40,7 +40,7 @@ http {
    server_names_hash_bucket_size {{ $cfg.serverNameHashBucketSize }};

    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
+    default_type text/html;
    {{ if $cfg.useGzip }}
    gzip on;
    gzip_comp_level 5;
@ -143,24 +143,6 @@ http {
    # In case of errors try the next upstream server before returning an error
    proxy_next_upstream                     error timeout invalid_header http_502 http_503 http_504 {{ if $cfg.retryNonIdempotent }}non_idempotent{{ end }};

-    server {
-        listen 80 default_server{{ if $cfg.useProxyProtocol }} proxy_protocol{{ end }};
-
-        location / {
-            return 200;
-        }
-
-        location /nginx_status {
-            allow 127.0.0.1;
-            deny all;
-            
-            access_log off;
-            stub_status on;
-        }
-
-        {{ template "CUSTOM_ERRORS" $cfg }}
-    }
-
    {{range $name, $upstream := .upstreams}}
    upstream {{$upstream.Name}} {
        least_conn;
@ -186,6 +168,7 @@ http {
            return 301 https://$host$request_uri;
        }
        {{ end }}
+
        {{ range $location := $server.Locations }}
        location {{ $location.Path }} {
            proxy_set_header Host                   $host;
@ -199,7 +182,6 @@ http {

            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $host;
-            proxy_set_header X-Forwarded-Server     $host;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;

            proxy_connect_timeout                   {{ $cfg.proxyConnectTimeout }}s;