DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge f49e756d47 into e05ac9b4bd

Browse source
This commit is contained in:
Ricardo Katz 2017-09-07 21:26:32 +00:00 committed by GitHub
commit 23ad16acc7
1 changed files with 15 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -28,14 +28,12 @@ http {
{{/* we use the value of the header X-Forwarded-For to be able to use the geo_ip module */}} {{/* we use the value of the header X-Forwarded-For to be able to use the geo_ip module */}}
{{ if $cfg.UseProxyProtocol }} {{ if $cfg.UseProxyProtocol }}
real_ip_header proxy_protocol; real_ip_header proxy_protocol;
{{ else }}
real_ip_header X-Forwarded-For;
{{ end }}
real_ip_recursive on; real_ip_recursive on;
{{ range $trusted_ip := $cfg.ProxyRealIPCIDR }} {{ range $trusted_ip := $cfg.ProxyRealIPCIDR }}
set_real_ip_from {{ $trusted_ip }}; set_real_ip_from {{ $trusted_ip }};
{{ end }} {{ end }}
{{ end }}
{{/* databases used to determine the country depending on the client IP address */}} {{/* databases used to determine the country depending on the client IP address */}}
{{/* http://nginx.org/en/docs/http/ngx_http_geoip_module.html */}} {{/* http://nginx.org/en/docs/http/ngx_http_geoip_module.html */}}
@ -143,6 +141,7 @@ http {
'' close; '' close;
} }
{{ if $cfg.UseProxyProtocol }}
# trust http_x_forwarded_proto headers correctly indicate ssl offloading # trust http_x_forwarded_proto headers correctly indicate ssl offloading
map $http_x_forwarded_proto $pass_access_scheme { map $http_x_forwarded_proto $pass_access_scheme {
default $http_x_forwarded_proto; default $http_x_forwarded_proto;
@ -154,16 +153,24 @@ http {
'' $server_port; '' $server_port;
} }
{{ if $cfg.UseProxyProtocol }}
map $http_x_forwarded_for $the_real_ip { map $http_x_forwarded_for $the_real_ip {
default $http_x_forwarded_for; default $http_x_forwarded_for;
'' $proxy_protocol_addr; '' $proxy_protocol_addr;
} }
{{ else }} {{ else }}
map $http_x_forwarded_for $the_real_ip {
default $http_x_forwarded_for; map $http_x_forwarded_proto $pass_access_scheme {
'' $realip_remote_addr; default $scheme;
} }
map $http_x_forwarded_port $pass_server_port {
default $server_port;
}
map $http_x_forwarded_for $the_real_ip {
default $remote_addr;
}
{{ end }} {{ end }}
{{ if $all.IsSSLPassthroughEnabled }} {{ if $all.IsSSLPassthroughEnabled }}
@ -269,7 +276,7 @@ http {
{{ end }} {{ end }}
upstream {{ $upstream.Name }} { upstream {{ $upstream.Name }} {
# Load balance algorithm; empty for round robin, which is the default {{/* Load balance algorithm; empty for round robin, which is the default */}}
{{ if ne $cfg.LoadBalanceAlgorithm "round_robin" }} {{ if ne $cfg.LoadBalanceAlgorithm "round_robin" }}
{{ $cfg.LoadBalanceAlgorithm }}; {{ $cfg.LoadBalanceAlgorithm }};
{{ end }} {{ end }}