Merge 00774274ec into de1a4c463c
This commit is contained in:
Elizabeth Martin Campos
GitHub
commit
1834917ac5
5 changed files with 24 additions and 13 deletions
|
|
@ -104,6 +104,9 @@ export OPENTELEMETRY_CPP_VERSION=v1.18.0
|
|||
# Check for recent changes: https://github.com/open-telemetry/opentelemetry-proto/compare/v1.5.0...main
|
||||
export OPENTELEMETRY_PROTO_VERSION=v1.5.0
|
||||
|
||||
# http://hg.nginx.org/njs
|
||||
export NGINX_NJS_VERSION="0.8.4"
|
||||
|
||||
export BUILD_PATH=/tmp/build
|
||||
|
||||
ARCH=$(uname -m)
|
||||
|
|
@ -271,6 +274,9 @@ get_src efb767487ea3f6031577b9b224467ddbda2ad51a41c5867a47582d4ad85d609e \
|
|||
get_src d74f86ada2329016068bc5a243268f1f555edd620b6a7d6ce89295e7d6cf18da \
|
||||
"https://github.com/microsoft/mimalloc/archive/${MIMALOC_VERSION}.tar.gz" "mimalloc"
|
||||
|
||||
get_src 8191bff8491af9169a92e30e383ef8614717b0c6d40913d83b95051031e92321 \
|
||||
"http://hg.nginx.org/njs/archive/${NGINX_NJS_VERSION}.tar.gz" "njs"
|
||||
|
||||
# improve compilation times
|
||||
CORES=$(($(grep -c ^processor /proc/cpuinfo) - 1))
|
||||
|
||||
|
|
@ -489,7 +495,8 @@ WITH_MODULES=" \
|
|||
--add-dynamic-module=$BUILD_PATH/nginx-http-auth-digest \
|
||||
--add-dynamic-module=$BUILD_PATH/ModSecurity-nginx \
|
||||
--add-dynamic-module=$BUILD_PATH/ngx_http_geoip2_module \
|
||||
--add-dynamic-module=$BUILD_PATH/ngx_brotli"
|
||||
--add-dynamic-module=$BUILD_PATH/ngx_brotli \
|
||||
--add-dynamic-module=$BUILD_PATH/njs/nginx"
|
||||
|
||||
./configure \
|
||||
--prefix=/usr/local/nginx \
|
||||
|
|
|
|||
7
rootfs/etc/nginx/js/nginx/ngx_conf_rewrite_auth.js
Normal file
7
rootfs/etc/nginx/js/nginx/ngx_conf_rewrite_auth.js
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
const crypto = require('crypto');
|
||||
|
||||
function cache_key(req) {
|
||||
return crypto.createHash('sha1').update(req.variables.tmp_cache_key).digest('base64');
|
||||
}
|
||||
|
||||
export default { cache_key };
|
||||
|
|
@ -12,6 +12,8 @@
|
|||
# setup custom paths that do not require root access
|
||||
pid {{ .PID }};
|
||||
|
||||
load_module /etc/nginx/modules/ngx_http_js_module.so;
|
||||
|
||||
{{ if $cfg.UseGeoIP2 }}
|
||||
load_module /etc/nginx/modules/ngx_http_geoip2_module.so;
|
||||
{{ end }}
|
||||
|
|
@ -74,6 +76,10 @@ http {
|
|||
|
||||
init_worker_by_lua_file /etc/nginx/lua/ngx_conf_init_worker.lua;
|
||||
|
||||
js_import /etc/nginx/js/nginx/ngx_conf_rewrite_auth.js;
|
||||
|
||||
js_set $njs_cache_key ngx_conf_rewrite_auth.cache_key;
|
||||
|
||||
{{/* Enable the real_ip module only if we use either X-Forwarded headers or Proxy Protocol. */}}
|
||||
{{/* we use the value of the real IP for the geo_ip module */}}
|
||||
{{ if or (or $cfg.UseForwardedHeaders $cfg.UseProxyProtocol) $cfg.EnableRealIP }}
|
||||
|
|
@ -988,9 +994,6 @@ stream {
|
|||
|
||||
{{ if $externalAuth.AuthCacheKey }}
|
||||
set $tmp_cache_key '{{ $server.Hostname }}{{ $authPath }}{{ $externalAuth.AuthCacheKey }}';
|
||||
set $cache_key '';
|
||||
|
||||
rewrite_by_lua_file /etc/nginx/lua/nginx/ngx_conf_rewrite_auth.lua;
|
||||
|
||||
proxy_cache auth_cache;
|
||||
|
||||
|
|
@ -998,7 +1001,7 @@ stream {
|
|||
proxy_cache_valid {{ $dur }};
|
||||
{{- end }}
|
||||
|
||||
proxy_cache_key "$cache_key";
|
||||
proxy_cache_key "$njs_cache_key";
|
||||
{{ end }}
|
||||
|
||||
# ngx_auth_request module overrides variables in the parent request,
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ import (
|
|||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
|
|
@ -341,11 +340,9 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
|
|||
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
cacheRegex := regexp.MustCompile(`\$cache_key.*foo`)
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return cacheRegex.MatchString(server) &&
|
||||
return strings.Contains(server, "proxy_cache_key \"$njs_cache_key\";") &&
|
||||
strings.Contains(server, `proxy_cache_valid 200 202 401 30m;`)
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ import (
|
|||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
"github.com/onsi/ginkgo/v2"
|
||||
|
|
@ -169,11 +168,9 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() {
|
|||
globalExternalAuthURLSetting: globalExternalAuthURL,
|
||||
})
|
||||
|
||||
cacheRegex := regexp.MustCompile(`\$cache_key.*foo`)
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return cacheRegex.MatchString(server) &&
|
||||
return strings.Contains(server, "proxy_cache_key \"$njs_cache_key\";") &&
|
||||
strings.Contains(server, `proxy_cache_valid 200 201 401 30m;`)
|
||||
})
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue