DevFW-CICD/ingress-nginx-helm
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: support enbale nginx debug_connection (#8637)

Browse source
This commit is contained in:
zou rui 2022-06-10 19:01:46 +08:00 committed by GitHub
parent 0005c080da
commit 2852e2998c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 39 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
docs/user-guide/nginx-configuration/configmap.md
View file

@ -211,6 +211,7 @@ The following table shows a configuration option's name, type, and the default v
|[global-rate-limit-status-code](#global-rate-limit)|int|429| |[global-rate-limit-status-code](#global-rate-limit)|int|429|
|[service-upstream](#service-upstream)|bool|"false"| |[service-upstream](#service-upstream)|bool|"false"|
|[ssl-reject-handshake](#ssl-reject-handshake)|bool|"false"| |[ssl-reject-handshake](#ssl-reject-handshake)|bool|"false"|
|[debug-connections](#debug-connections)|[]string|"127.0.0.1,1.1.1.1/24"|
## add-headers ## add-headers
@ -1300,3 +1301,10 @@ _**default:**_ "false"
_References:_ _References:_
[https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_reject_handshake](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_reject_handshake) [https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_reject_handshake](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_reject_handshake)
## debug-connections
Enables debugging log for selected client connections.
_**default:**_ ""
_References:_
[http://nginx.org/en/docs/ngx_core_module.html#debug_connection](http://nginx.org/en/docs/ngx_core_module.html#debug_connection)

6
internal/ingress/controller/config/config.go
View file

@ -768,6 +768,11 @@ type Configuration struct {
// GlobalRateLimitStatucCode determines the HTTP status code to return // GlobalRateLimitStatucCode determines the HTTP status code to return
// when limit is exceeding during global rate limiting. // when limit is exceeding during global rate limiting.
GlobalRateLimitStatucCode int `json:"global-rate-limit-status-code"` GlobalRateLimitStatucCode int `json:"global-rate-limit-status-code"`
// DebugConnections Enables debugging log for selected client connections
// http://nginx.org/en/docs/ngx_core_module.html#debug_connection
// Default: ""
DebugConnections []string `json:"debug-connections"`
} }
// NewDefault returns the default nginx configuration // NewDefault returns the default nginx configuration
@ -932,6 +937,7 @@ func NewDefault() Configuration {
GlobalRateLimitMemcachedMaxIdleTimeout: 10000, GlobalRateLimitMemcachedMaxIdleTimeout: 10000,
GlobalRateLimitMemcachedPoolSize: 50, GlobalRateLimitMemcachedPoolSize: 50,
GlobalRateLimitStatucCode: 429, GlobalRateLimitStatucCode: 429,
DebugConnections: []string{},
} }
if klog.V(5).Enabled() { if klog.V(5).Enabled() {

20
internal/ingress/controller/template/configmap.go
View file

@ -65,6 +65,7 @@ const (
globalAuthAlwaysSetCookie = "global-auth-always-set-cookie" globalAuthAlwaysSetCookie = "global-auth-always-set-cookie"
luaSharedDictsKey = "lua-shared-dicts" luaSharedDictsKey = "lua-shared-dicts"
plugins = "plugins" plugins = "plugins"
debugConnections = "debug-connections"
) )
var ( var (
@ -111,6 +112,7 @@ func ReadConfig(src map[string]string) config.Configuration {
blockRefererList := make([]string, 0) blockRefererList := make([]string, 0)
responseHeaders := make([]string, 0) responseHeaders := make([]string, 0)
luaSharedDicts := make(map[string]int) luaSharedDicts := make(map[string]int)
debugConnectionsList := make([]string, 0)
//parse lua shared dict values //parse lua shared dict values
if val, ok := conf[luaSharedDictsKey]; ok { if val, ok := conf[luaSharedDictsKey]; ok {
@ -373,6 +375,24 @@ func ReadConfig(src map[string]string) config.Configuration {
delete(conf, plugins) delete(conf, plugins)
} }
if val, ok := conf[debugConnections]; ok {
delete(conf, debugConnections)
for _, i := range splitAndTrimSpace(val, ",") {
validIp := net.ParseIP(i)
if validIp != nil {
debugConnectionsList = append(debugConnectionsList, i)
} else {
_, _, err := net.ParseCIDR(i)
if err == nil {
debugConnectionsList = append(debugConnectionsList, i)
} else {
klog.Warningf("%v is not a valid IP or CIDR address", i)
}
}
}
to.DebugConnections = debugConnectionsList
}
to.CustomHTTPErrors = filterErrors(errors) to.CustomHTTPErrors = filterErrors(errors)
to.SkipAccessLogURLs = skipUrls to.SkipAccessLogURLs = skipUrls
to.WhitelistSourceRange = whiteList to.WhitelistSourceRange = whiteList

2
internal/ingress/controller/template/configmap_test.go
View file

@ -75,6 +75,7 @@ func TestMergeConfigMapToStruct(t *testing.T) {
"proxy-add-original-uri-header": "false", "proxy-add-original-uri-header": "false",
"disable-ipv6-dns": "true", "disable-ipv6-dns": "true",
"default-type": "text/plain", "default-type": "text/plain",
"debug-connections": "127.0.0.1,1.1.1.1/24,::1",
} }
def := config.NewDefault() def := config.NewDefault()
def.CustomHTTPErrors = []int{300, 400} def.CustomHTTPErrors = []int{300, 400}
@ -99,6 +100,7 @@ func TestMergeConfigMapToStruct(t *testing.T) {
def.LuaSharedDicts = defaultLuaSharedDicts def.LuaSharedDicts = defaultLuaSharedDicts
def.DisableIpv6DNS = true def.DisableIpv6DNS = true
def.DefaultType = "text/plain" def.DefaultType = "text/plain"
def.DebugConnections = []string{"127.0.0.1", "1.1.1.1/24", "::1"}
hash, err := hashstructure.Hash(def, &hashstructure.HashOptions{ hash, err := hashstructure.Hash(def, &hashstructure.HashOptions{
TagName: "json", TagName: "json",

3
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -58,6 +58,9 @@ events {
multi_accept {{ if $cfg.EnableMultiAccept }}on{{ else }}off{{ end }}; multi_accept {{ if $cfg.EnableMultiAccept }}on{{ else }}off{{ end }};
worker_connections {{ $cfg.MaxWorkerConnections }}; worker_connections {{ $cfg.MaxWorkerConnections }};
use epoll; use epoll;
{{ range $index , $v := $cfg.DebugConnections }}
debug_connection {{ $v }};
{{ end }}
} }
http { http {