From 27cbb6ddb22e1fb5c9f7db374bb55f41cda65995 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Wed, 14 Aug 2024 19:07:46 -0300 Subject: [PATCH] Remove inline lua script from template --- .github/workflows/ci.yaml | 16 ++ hack/verify-lualint.sh | 10 +- .../etc/nginx/lua/nginx/ngx_conf_balancer.lua | 2 + .../lua/nginx/ngx_conf_balancer_tcp_udp.lua | 2 + .../nginx/lua/nginx/ngx_conf_certificate.lua | 2 + .../lua/nginx/ngx_conf_configuration.lua | 2 + .../lua/nginx/ngx_conf_content_tcp_udp.lua | 2 + .../nginx/lua/nginx/ngx_conf_init_tcp_udp.lua | 2 + .../ngx_conf_is_dynamic_lb_initialized.lua | 9 + rootfs/etc/nginx/lua/nginx/ngx_conf_log.lua | 2 + .../nginx/lua/nginx/ngx_conf_log_block.lua | 14 ++ .../nginx/lua/nginx/ngx_conf_rewrite_auth.lua | 1 + .../lua/nginx/ngx_conf_srv_body_filter.lua | 2 + .../lua/nginx/ngx_conf_srv_hdr_filter.lua | 4 + rootfs/etc/nginx/lua/nginx/ngx_not_found.lua | 1 + .../etc/nginx/lua/nginx/ngx_srv_redirect.lua | 30 +++ rootfs/etc/nginx/lua/ngx_conf_init.lua | 57 +++++ rootfs/etc/nginx/lua/ngx_conf_init_stream.lua | 31 +++ rootfs/etc/nginx/lua/ngx_conf_init_worker.lua | 14 ++ rootfs/etc/nginx/template/nginx.tmpl | 202 +++++------------- test/e2e/lua/dynamic_configuration.go | 2 +- test/e2e/settings/ocsp/ocsp.go | 4 - 22 files changed, 256 insertions(+), 155 deletions(-) create mode 100644 rootfs/etc/nginx/lua/nginx/ngx_conf_balancer.lua create mode 100644 rootfs/etc/nginx/lua/nginx/ngx_conf_balancer_tcp_udp.lua create mode 100644 rootfs/etc/nginx/lua/nginx/ngx_conf_certificate.lua create mode 100644 rootfs/etc/nginx/lua/nginx/ngx_conf_configuration.lua create mode 100644 rootfs/etc/nginx/lua/nginx/ngx_conf_content_tcp_udp.lua create mode 100644 rootfs/etc/nginx/lua/nginx/ngx_conf_init_tcp_udp.lua create mode 100644 rootfs/etc/nginx/lua/nginx/ngx_conf_is_dynamic_lb_initialized.lua create mode 100644 rootfs/etc/nginx/lua/nginx/ngx_conf_log.lua create mode 100644 rootfs/etc/nginx/lua/nginx/ngx_conf_log_block.lua create mode 100644 rootfs/etc/nginx/lua/nginx/ngx_conf_rewrite_auth.lua create mode 100644 rootfs/etc/nginx/lua/nginx/ngx_conf_srv_body_filter.lua create mode 100644 rootfs/etc/nginx/lua/nginx/ngx_conf_srv_hdr_filter.lua create mode 100644 rootfs/etc/nginx/lua/nginx/ngx_not_found.lua create mode 100644 rootfs/etc/nginx/lua/nginx/ngx_srv_redirect.lua create mode 100644 rootfs/etc/nginx/lua/ngx_conf_init.lua create mode 100644 rootfs/etc/nginx/lua/ngx_conf_init_stream.lua create mode 100644 rootfs/etc/nginx/lua/ngx_conf_init_worker.lua diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d240181c3..61ed2915b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -71,6 +71,22 @@ jobs: - 'images/nginx-1.25/**' docs: - '**/*.md' + lua: + - '**/*.lua' + + lua-lint: + runs-on: ubuntu-latest + needs: changes + if: | + (needs.changes.outputs.lua == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Luacheck linter + uses: lunarmodules/luacheck@v1 + with: + args: --codes --globals lua_ingress --globals configuration --globals balancer --globals monitor --globals certificate --globals plugins --globals tcp_udp_configuration --globals tcp_udp_balancer --no-max-comment-line-length -q rootfs/etc/nginx/lua/ test-go: runs-on: ubuntu-latest diff --git a/hack/verify-lualint.sh b/hack/verify-lualint.sh index 1f6048de0..395c8c6cb 100755 --- a/hack/verify-lualint.sh +++ b/hack/verify-lualint.sh @@ -18,6 +18,14 @@ set -o errexit set -o nounset set -o pipefail -luacheck --codes -q rootfs/etc/nginx/lua/ +luacheck --codes --globals lua_ingress \ + --globals configuration \ + --globals balancer \ + --globals monitor \ + --globals certificate \ + --globals plugins \ + --globals tcp_udp_configuration \ + --globals tcp_udp_balancer \ + --no-max-comment-line-length -q rootfs/etc/nginx/lua/ find rootfs/etc/nginx/lua/ -name "*.lua" -not -path "*/test/*" -exec lj-releng -L -s {} + && echo "lj-releng validation is success!" diff --git a/rootfs/etc/nginx/lua/nginx/ngx_conf_balancer.lua b/rootfs/etc/nginx/lua/nginx/ngx_conf_balancer.lua new file mode 100644 index 000000000..977d3e964 --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_conf_balancer.lua @@ -0,0 +1,2 @@ +local balancer = require("balancer") +balancer.balance() \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/nginx/ngx_conf_balancer_tcp_udp.lua b/rootfs/etc/nginx/lua/nginx/ngx_conf_balancer_tcp_udp.lua new file mode 100644 index 000000000..0442df7d8 --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_conf_balancer_tcp_udp.lua @@ -0,0 +1,2 @@ +local tcp_udp_balancer = require("tcp_udp_balancer") +tcp_udp_balancer.balance() \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/nginx/ngx_conf_certificate.lua b/rootfs/etc/nginx/lua/nginx/ngx_conf_certificate.lua new file mode 100644 index 000000000..d33d2171b --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_conf_certificate.lua @@ -0,0 +1,2 @@ +local certificate = require("certificate") +certificate.call() \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/nginx/ngx_conf_configuration.lua b/rootfs/etc/nginx/lua/nginx/ngx_conf_configuration.lua new file mode 100644 index 000000000..7864f40ef --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_conf_configuration.lua @@ -0,0 +1,2 @@ +local configuration = require("configuration") +configuration.call() \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/nginx/ngx_conf_content_tcp_udp.lua b/rootfs/etc/nginx/lua/nginx/ngx_conf_content_tcp_udp.lua new file mode 100644 index 000000000..ed81e7ff3 --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_conf_content_tcp_udp.lua @@ -0,0 +1,2 @@ +local tcp_udp_configuration = require("tcp_udp_configuration") +tcp_udp_configuration.call() \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/nginx/ngx_conf_init_tcp_udp.lua b/rootfs/etc/nginx/lua/nginx/ngx_conf_init_tcp_udp.lua new file mode 100644 index 000000000..926ab7a03 --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_conf_init_tcp_udp.lua @@ -0,0 +1,2 @@ +local tcp_udp_balancer = require("tcp_udp_balancer") +tcp_udp_balancer.init_worker() \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/nginx/ngx_conf_is_dynamic_lb_initialized.lua b/rootfs/etc/nginx/lua/nginx/ngx_conf_is_dynamic_lb_initialized.lua new file mode 100644 index 000000000..ade3114b1 --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_conf_is_dynamic_lb_initialized.lua @@ -0,0 +1,9 @@ +local configuration = require("configuration") +local backend_data = configuration.get_backends_data() +if not backend_data then + ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) + return +end + +ngx.say("OK") +ngx.exit(ngx.HTTP_OK) \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/nginx/ngx_conf_log.lua b/rootfs/etc/nginx/lua/nginx/ngx_conf_log.lua new file mode 100644 index 000000000..8f3d57be6 --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_conf_log.lua @@ -0,0 +1,2 @@ +local monitor = require("monitor") +monitor.call() \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/nginx/ngx_conf_log_block.lua b/rootfs/etc/nginx/lua/nginx/ngx_conf_log_block.lua new file mode 100644 index 000000000..795f0973e --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_conf_log_block.lua @@ -0,0 +1,14 @@ +local balancer = require("balancer") +local monitor = require("monitor") +local plugins = require("plugins") + +local luaconfig = ngx.shared.luaconfig +local enablemetrics = luaconfig:get("enablemetrics") + + +balancer.log() + +if enablemetrics then + monitor.call() +end +plugins.run() \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/nginx/ngx_conf_rewrite_auth.lua b/rootfs/etc/nginx/lua/nginx/ngx_conf_rewrite_auth.lua new file mode 100644 index 000000000..0d16faba0 --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_conf_rewrite_auth.lua @@ -0,0 +1 @@ +ngx.var.cache_key = ngx.encode_base64(ngx.sha1_bin(ngx.var.tmp_cache_key)) \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/nginx/ngx_conf_srv_body_filter.lua b/rootfs/etc/nginx/lua/nginx/ngx_conf_srv_body_filter.lua new file mode 100644 index 000000000..881098fa2 --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_conf_srv_body_filter.lua @@ -0,0 +1,2 @@ +local plugins = require("plugins") +plugins.run() \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/nginx/ngx_conf_srv_hdr_filter.lua b/rootfs/etc/nginx/lua/nginx/ngx_conf_srv_hdr_filter.lua new file mode 100644 index 000000000..99c661f24 --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_conf_srv_hdr_filter.lua @@ -0,0 +1,4 @@ +local lua_ingress = require("lua_ingress") +local plugins = require("plugins") +lua_ingress.header() +plugins.run() diff --git a/rootfs/etc/nginx/lua/nginx/ngx_not_found.lua b/rootfs/etc/nginx/lua/nginx/ngx_not_found.lua new file mode 100644 index 000000000..296323acf --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_not_found.lua @@ -0,0 +1 @@ +ngx.exit(ngx.HTTP_NOT_FOUND) \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/nginx/ngx_srv_redirect.lua b/rootfs/etc/nginx/lua/nginx/ngx_srv_redirect.lua new file mode 100644 index 000000000..d070f0cde --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_srv_redirect.lua @@ -0,0 +1,30 @@ +local request_uri = ngx.var.request_uri +local redirect_to = ngx.arg[1] + +local luaconfig = ngx.shared.luaconfig +local use_forwarded_headers = luaconfig:get("use_forwarded_headers") +local listen_https_ports = luaconfig:get("listen_https_ports") + + +if string.sub(request_uri, -1) == "/" then + request_uri = string.sub(request_uri, 1, -2) +end + +local redirectScheme + +if use_forwarded_headers then + if not ngx.var.http_x_forwarded_proto then + redirectScheme = ngx.var.scheme + else + redirectScheme = ngx.var.http_x_forwarded_proto + end +else + redirectScheme = ngx.var.scheme +end + +if listen_https_ports == '443' then + return string.format("%s://%s%s", redirectScheme, redirect_to, request_uri) +else + return string.format("%s://%s:%s%s", redirectScheme, + redirect_to, listen_https_ports, request_uri) +end diff --git a/rootfs/etc/nginx/lua/ngx_conf_init.lua b/rootfs/etc/nginx/lua/ngx_conf_init.lua new file mode 100644 index 000000000..d788e1cf3 --- /dev/null +++ b/rootfs/etc/nginx/lua/ngx_conf_init.lua @@ -0,0 +1,57 @@ +local function initialize_ingress(statusport, enablemetrics, ocsp, ingress) + collectgarbage("collect") + -- init modules + local ok, res + ok, res = pcall(require, "lua_ingress") + if not ok then + error("require failed: " .. tostring(res)) + else + lua_ingress = res + lua_ingress.set_config(ingress) + end + + ok, res = pcall(require, "configuration") + if not ok then + error("require failed: " .. tostring(res)) + else + configuration = res + configuration.prohibited_localhost_port = statusport + end + + ok, res = pcall(require, "balancer") + if not ok then + error("require failed: " .. tostring(res)) + else + balancer = res + end + + if enablemetrics then + ok, res = pcall(require, "monitor") + if not ok then + error("require failed: " .. tostring(res)) + else + monitor = res + end + end + + ok, res = pcall(require, "certificate") + if not ok then + error("require failed: " .. tostring(res)) + else + certificate = res + certificate.is_ocsp_stapling_enabled = ocsp + end + + ok, res = pcall(require, "plugins") + if not ok then + error("require failed: " .. tostring(res)) + else + plugins = res + end + + -- TODO: Re-enable 3rd party plugins + --plugins.init({ {{ range $idx, $plugin := $cfg.Plugins }}{{ if $idx }},{{ end }}{{ $plugin | quote }}{{ end }} }) + plugins.init({}) +end + +return { initialize_ingress = initialize_ingress } \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/ngx_conf_init_stream.lua b/rootfs/etc/nginx/lua/ngx_conf_init_stream.lua new file mode 100644 index 000000000..d5f304834 --- /dev/null +++ b/rootfs/etc/nginx/lua/ngx_conf_init_stream.lua @@ -0,0 +1,31 @@ +local function initialize_stream(statusport) + collectgarbage("collect") + + -- init modules + local ok, res + + ok, res = pcall(require, "configuration") + if not ok then + error("require failed: " .. tostring(res)) + else + configuration = res + end + + ok, res = pcall(require, "tcp_udp_configuration") + if not ok then + error("require failed: " .. tostring(res)) + else + tcp_udp_configuration = res + tcp_udp_configuration.prohibited_localhost_port = statusport + + end + + ok, res = pcall(require, "tcp_udp_balancer") + if not ok then + error("require failed: " .. tostring(res)) + else + tcp_udp_balancer = res + end +end + +return { initialize_stream = initialize_stream } \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/ngx_conf_init_worker.lua b/rootfs/etc/nginx/lua/ngx_conf_init_worker.lua new file mode 100644 index 000000000..c92b00bcd --- /dev/null +++ b/rootfs/etc/nginx/lua/ngx_conf_init_worker.lua @@ -0,0 +1,14 @@ +local function initialize_worker(enablemetrics, monitorbatchsize) + local lua_ingress = require("lua_ingress") + local balancer = require("balancer") + local plugins = require("plugins") + local monitor = require("monitor") + lua_ingress.init_worker() + balancer.init_worker() + if enablemetrics then + monitor.init_worker(monitorbatchsize) + end + plugins.run() +end + +return { initialize_worker = initialize_worker } \ No newline at end of file diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 4f705976f..e1a45586c 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -68,59 +68,22 @@ http { {{ buildLuaSharedDictionaries $cfg $servers }} + lua_shared_dict luaconfig 5m; + + {{/* We need to keep this lua block inline, because init_worker_by_lua_file does not support using arguments */}} init_by_lua_block { - collectgarbage("collect") - - -- init modules - local ok, res - - ok, res = pcall(require, "lua_ingress") - if not ok then - error("require failed: " .. tostring(res)) - else - lua_ingress = res - lua_ingress.set_config({{ configForLua $all }}) - end - - ok, res = pcall(require, "configuration") - if not ok then - error("require failed: " .. tostring(res)) - else - configuration = res - configuration.prohibited_localhost_port = '{{ .StatusPort }}' - end - - ok, res = pcall(require, "balancer") - if not ok then - error("require failed: " .. tostring(res)) - else - balancer = res - end - - {{ if $all.EnableMetrics }} - ok, res = pcall(require, "monitor") - if not ok then - error("require failed: " .. tostring(res)) - else - monitor = res - end - {{ end }} - - ok, res = pcall(require, "certificate") - if not ok then - error("require failed: " .. tostring(res)) - else - certificate = res - certificate.is_ocsp_stapling_enabled = {{ $cfg.EnableOCSP }} - end + local luaconfig = ngx.shared.luaconfig + local ingresscfg = {{ configForLua $all }} + luaconfig:set("enablemetrics", {{ $all.EnableMetrics }}) + luaconfig:set("listen_https_ports", '{{ $all.ListenPorts.HTTPS }}') + luaconfig:set("use_forwarded_headers", {{ $cfg.UseForwardedHeaders }}) + local ngx_conf_init = require('ngx_conf_init') + ngx_conf_init.initialize_ingress('{{ .StatusPort }}', {{ $all.EnableMetrics }}, {{ $cfg.EnableOCSP }}, ingresscfg) } init_worker_by_lua_block { - lua_ingress.init_worker() - balancer.init_worker() - {{ if $all.EnableMetrics }} - monitor.init_worker({{ $all.MonitorMaxBatchSize }}) - {{ end }} + local ngx_conf_init_worker = require('ngx_conf_init_worker') + ngx_conf_init_worker.initialize_worker({{ $all.EnableMetrics }}, {{ $all.MonitorMaxBatchSize }}) } {{/* Enable the real_ip module only if we use either X-Forwarded headers or Proxy Protocol. */}} @@ -539,9 +502,7 @@ http { server 0.0.0.1; # placeholder - balancer_by_lua_block { - balancer.balance() - } + balancer_by_lua_file /etc/nginx/lua/nginx/ngx_conf_balancer.lua; {{ if (gt $cfg.UpstreamKeepaliveConnections 0) }} keepalive {{ $cfg.UpstreamKeepaliveConnections }}; @@ -606,9 +567,7 @@ http { {{ buildHTTPListener $all $redirect.From }} {{ buildHTTPSListener $all $redirect.From }} - ssl_certificate_by_lua_block { - certificate.call() - } + ssl_certificate_by_lua_file /etc/nginx/lua/nginx/ngx_conf_certificate.lua; {{ if gt (len $cfg.BlockUserAgents) 0 }} if ($block_ua) { @@ -621,30 +580,7 @@ http { } {{ end }} - set_by_lua_block $redirect_to { - local request_uri = ngx.var.request_uri - if string.sub(request_uri, -1) == "/" then - request_uri = string.sub(request_uri, 1, -2) - end - - {{ if $cfg.UseForwardedHeaders }} - local redirectScheme - if not ngx.var.http_x_forwarded_proto then - redirectScheme = ngx.var.scheme - else - redirectScheme = ngx.var.http_x_forwarded_proto - end - {{ else }} - local redirectScheme = ngx.var.scheme - {{ end }} - - {{ if ne $all.ListenPorts.HTTPS 443 }} - {{ $redirect_port := (printf ":%v" $all.ListenPorts.HTTPS) }} - return string.format("%s://%s%s%s", redirectScheme, "{{ $redirect.To }}", "{{ $redirect_port }}", request_uri) - {{ else }} - return string.format("%s://%s%s", redirectScheme, "{{ $redirect.To }}", request_uri) - {{ end }} - } + set_by_lua_file $redirect_to /etc/nginx/lua/nginx/ngx_srv_redirect.lua {{ $redirect.To }}; return {{ $all.Cfg.HTTPRedirectCode }} $redirect_to; } @@ -739,17 +675,7 @@ http { } location /is-dynamic-lb-initialized { - content_by_lua_block { - local configuration = require("configuration") - local backend_data = configuration.get_backends_data() - if not backend_data then - ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) - return - end - - ngx.say("OK") - ngx.exit(ngx.HTTP_OK) - } + content_by_lua_file /etc/nginx/lua/nginx/ngx_conf_is_dynamic_lb_initialized.lua; } location {{ .StatusPath }} { @@ -761,15 +687,11 @@ http { client_body_buffer_size {{ luaConfigurationRequestBodySize $cfg }}; proxy_buffering off; - content_by_lua_block { - configuration.call() - } + content_by_lua_file /etc/nginx/lua/nginx/ngx_conf_configuration.lua; } location / { - content_by_lua_block { - ngx.exit(ngx.HTTP_NOT_FOUND) - } + content_by_lua_file /etc/nginx/lua/nginx/ngx_not_found.lua; } } } @@ -782,38 +704,11 @@ stream { {{ buildResolvers $cfg.Resolver $cfg.DisableIpv6DNS }} init_by_lua_block { - collectgarbage("collect") - - -- init modules - local ok, res - - ok, res = pcall(require, "configuration") - if not ok then - error("require failed: " .. tostring(res)) - else - configuration = res - end - - ok, res = pcall(require, "tcp_udp_configuration") - if not ok then - error("require failed: " .. tostring(res)) - else - tcp_udp_configuration = res - tcp_udp_configuration.prohibited_localhost_port = '{{ .StatusPort }}' - - end - - ok, res = pcall(require, "tcp_udp_balancer") - if not ok then - error("require failed: " .. tostring(res)) - else - tcp_udp_balancer = res - end + local ngx_conf_init_stream = require('ngx_conf_init_stream') + ngx_conf_init_stream.initialize_stream('{{ .StatusPort }}') } - init_worker_by_lua_block { - tcp_udp_balancer.init_worker() - } + init_worker_by_lua_file /etc/nginx/lua/nginx/ngx_conf_init_tcp_udp.lua; lua_add_variable $proxy_upstream_name; @@ -835,10 +730,7 @@ stream { upstream upstream_balancer { server 0.0.0.1:1234; # placeholder - - balancer_by_lua_block { - tcp_udp_balancer.balance() - } + balancer_by_lua_file /etc/nginx/lua/nginx/ngx_conf_balancer_tcp_udp.lua; } server { @@ -846,9 +738,7 @@ stream { access_log off; - content_by_lua_block { - tcp_udp_configuration.call() - } + content_by_lua_file /etc/nginx/lua/nginx/ngx_conf_content_tcp_udp.lua; } # TCP services @@ -948,11 +838,9 @@ stream { rewrite (.*) / break; proxy_pass http://upstream_balancer; - log_by_lua_block { - {{ if $enableMetrics }} - monitor.call() - {{ end }} - } + {{ if $enableMetrics }} + log_by_lua_file /etc/nginx/lua/nginx/ngx_conf_log.lua; + {{ end }} } {{ end }} {{ end }} @@ -1012,9 +900,7 @@ stream { ssl_reject_handshake {{ if $all.Cfg.SSLRejectHandshake }}on{{ else }}off{{ end }}; {{ end }} - ssl_certificate_by_lua_block { - certificate.call() - } + ssl_certificate_by_lua_file /etc/nginx/lua/nginx/ngx_conf_certificate.lua; {{ if not (empty $server.AuthTLSError) }} # {{ $server.AuthTLSError }} @@ -1115,9 +1001,7 @@ stream { set $tmp_cache_key '{{ $server.Hostname }}{{ $authPath }}{{ $externalAuth.AuthCacheKey }}'; set $cache_key ''; - rewrite_by_lua_block { - ngx.var.cache_key = ngx.encode_base64(ngx.sha1_bin(ngx.var.tmp_cache_key)) - } + rewrite_by_lua_file /etc/nginx/lua/nginx/ngx_conf_rewrite_auth.lua; proxy_cache auth_cache; @@ -1255,12 +1139,9 @@ stream { balancer.rewrite() } - # be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any - # will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)` - # other authentication method such as basic auth or external auth useless - all requests will be allowed. - #access_by_lua_block { - #} + header_filter_by_lua_file /etc/nginx/lua/nginx/ngx_conf_srv_hdr_filter.lua; +<<<<<<< HEAD header_filter_by_lua_block { lua_ingress.header() } @@ -1271,6 +1152,29 @@ stream { monitor.call() {{ end }} } +||||||| parent of b65dae6b8 (Remove inline lua script from template) + header_filter_by_lua_block { + lua_ingress.header() + plugins.run() + } + + body_filter_by_lua_block { + plugins.run() + } + + log_by_lua_block { + balancer.log() + {{ if $all.EnableMetrics }} + monitor.call() + {{ end }} + + plugins.run() + } +======= + body_filter_by_lua_file /etc/nginx/lua/nginx/ngx_conf_srv_body_filter.lua; + + log_by_lua_file /etc/nginx/lua/nginx/ngx_conf_log_block.lua; +>>>>>>> b65dae6b8 (Remove inline lua script from template) {{ if not $location.Logs.Access }} access_log off; diff --git a/test/e2e/lua/dynamic_configuration.go b/test/e2e/lua/dynamic_configuration.go index 8ec1ef839..63c514ca7 100644 --- a/test/e2e/lua/dynamic_configuration.go +++ b/test/e2e/lua/dynamic_configuration.go @@ -48,7 +48,7 @@ var _ = framework.IngressNginxDescribe("[Lua] dynamic configuration", func() { ginkgo.It("configures balancer Lua middleware correctly", func() { f.WaitForNginxConfiguration(func(cfg string) bool { - return strings.Contains(cfg, "balancer.init_worker()") && strings.Contains(cfg, "balancer.balance()") + return strings.Contains(cfg, "balancer.init_worker()") && strings.Contains(cfg, "balancer_by_lua_file /etc/nginx/lua/nginx/ngx_conf_balancer.lua") }) host := "foo.com" diff --git a/test/e2e/settings/ocsp/ocsp.go b/test/e2e/settings/ocsp/ocsp.go index ef3bfb58a..e4be0751f 100644 --- a/test/e2e/settings/ocsp/ocsp.go +++ b/test/e2e/settings/ocsp/ocsp.go @@ -107,10 +107,6 @@ var _ = framework.DescribeSetting("OCSP", func() { err = framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, "ocspserve", f.Namespace, 1) assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready") - f.WaitForNginxConfiguration(func(cfg string) bool { - return strings.Contains(cfg, "certificate.is_ocsp_stapling_enabled = true") - }) - f.WaitForNginxServer(host, func(server string) bool { return strings.Contains(server, fmt.Sprintf(`server_name %v`, host))