Fix proxy_protocol duplication in listen definition
This commit is contained in:
Manuel Alejandro de Brito Fontes
parent
0549d9b132
commit
3d3efaab29
2 changed files with 63 additions and 23 deletions
|
|
@ -1229,18 +1229,17 @@ func commonListenOptions(template config.TemplateConfig, hostname string) string
|
|||
func httpListener(addresses []string, co string, tc config.TemplateConfig) []string {
|
||||
out := make([]string, 0)
|
||||
for _, address := range addresses {
|
||||
l := make([]string, 0)
|
||||
l = append(l, "listen")
|
||||
lo := []string{"listen"}
|
||||
|
||||
if address == "" {
|
||||
l = append(l, fmt.Sprintf("%v", tc.ListenPorts.HTTP))
|
||||
lo = append(lo, fmt.Sprintf("%v", tc.ListenPorts.HTTP))
|
||||
} else {
|
||||
l = append(l, fmt.Sprintf("%v:%v", address, tc.ListenPorts.HTTP))
|
||||
lo = append(lo, fmt.Sprintf("%v:%v", address, tc.ListenPorts.HTTP))
|
||||
}
|
||||
|
||||
l = append(l, co)
|
||||
l = append(l, ";")
|
||||
out = append(out, strings.Join(l, " "))
|
||||
lo = append(lo, co)
|
||||
lo = append(lo, ";")
|
||||
out = append(out, strings.Join(lo, " "))
|
||||
}
|
||||
|
||||
return out
|
||||
|
|
@ -1249,38 +1248,35 @@ func httpListener(addresses []string, co string, tc config.TemplateConfig) []str
|
|||
func httpsListener(addresses []string, co string, tc config.TemplateConfig) []string {
|
||||
out := make([]string, 0)
|
||||
for _, address := range addresses {
|
||||
l := make([]string, 0)
|
||||
l = append(l, "listen")
|
||||
lo := []string{"listen"}
|
||||
|
||||
if tc.IsSSLPassthroughEnabled {
|
||||
if address == "" {
|
||||
l = append(l, fmt.Sprintf("%v", tc.ListenPorts.SSLProxy))
|
||||
lo = append(lo, fmt.Sprintf("%v", tc.ListenPorts.SSLProxy))
|
||||
} else {
|
||||
l = append(l, fmt.Sprintf("%v:%v", address, tc.ListenPorts.SSLProxy))
|
||||
lo = append(lo, fmt.Sprintf("%v:%v", address, tc.ListenPorts.SSLProxy))
|
||||
}
|
||||
|
||||
l = append(l, "proxy_protocol")
|
||||
if !strings.Contains(co, "proxy_protocol") {
|
||||
lo = append(lo, "proxy_protocol")
|
||||
}
|
||||
} else {
|
||||
if address == "" {
|
||||
l = append(l, fmt.Sprintf("%v", tc.ListenPorts.HTTPS))
|
||||
lo = append(lo, fmt.Sprintf("%v", tc.ListenPorts.HTTPS))
|
||||
} else {
|
||||
l = append(l, fmt.Sprintf("%v:%v", address, tc.ListenPorts.HTTPS))
|
||||
}
|
||||
|
||||
if tc.Cfg.UseProxyProtocol {
|
||||
l = append(l, "proxy_protocol")
|
||||
lo = append(lo, fmt.Sprintf("%v:%v", address, tc.ListenPorts.HTTPS))
|
||||
}
|
||||
}
|
||||
|
||||
l = append(l, co)
|
||||
l = append(l, "ssl")
|
||||
lo = append(lo, co)
|
||||
lo = append(lo, "ssl")
|
||||
|
||||
if tc.Cfg.UseHTTP2 {
|
||||
l = append(l, "http2")
|
||||
lo = append(lo, "http2")
|
||||
}
|
||||
|
||||
l = append(l, ";")
|
||||
out = append(out, strings.Join(l, " "))
|
||||
lo = append(lo, ";")
|
||||
out = append(out, strings.Join(lo, " "))
|
||||
}
|
||||
|
||||
return out
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ limitations under the License.
|
|||
package settings
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
|
|
@ -103,4 +104,47 @@ var _ = framework.DescribeSetting("use-proxy-protocol", func() {
|
|||
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-proto=https"))
|
||||
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-for=192.168.0.1"))
|
||||
})
|
||||
|
||||
ginkgo.It("should enable PROXY Protocol for HTTPS", func() {
|
||||
host := "proxy-protocol"
|
||||
|
||||
f.UpdateNginxConfigMapData(setting, "true")
|
||||
|
||||
ing := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, nil))
|
||||
tlsConfig, err := framework.CreateIngressTLSSecret(f.KubeClientSet,
|
||||
ing.Spec.TLS[0].Hosts,
|
||||
ing.Spec.TLS[0].SecretName,
|
||||
ing.Namespace)
|
||||
assert.Nil(ginkgo.GinkgoT(), err)
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, "443 proxy_protocol")
|
||||
})
|
||||
|
||||
ip := f.GetNginxIP()
|
||||
|
||||
conn, err := net.Dial("tcp", net.JoinHostPort(ip, "443"))
|
||||
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error connecting to %v:443", ip)
|
||||
defer conn.Close()
|
||||
|
||||
_, err = fmt.Fprintf(conn, "PROXY TCP4 192.168.0.1 192.168.0.11 56324 1234\r\n")
|
||||
assert.Nil(ginkgo.GinkgoT(), err, "writing proxy protocol")
|
||||
|
||||
tlsConn := tls.Client(conn, tlsConfig)
|
||||
defer tlsConn.Close()
|
||||
|
||||
_, err = tlsConn.Write([]byte("GET / HTTP/1.1\r\nHost: proxy-protocol\r\n\r\n"))
|
||||
assert.Nil(ginkgo.GinkgoT(), err, "writing HTTP request")
|
||||
|
||||
data, err := ioutil.ReadAll(tlsConn)
|
||||
assert.Nil(ginkgo.GinkgoT(), err, "unexpected error reading connection data")
|
||||
|
||||
body := string(data)
|
||||
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=%v", "proxy-protocol"))
|
||||
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-port=1234"))
|
||||
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-proto=https"))
|
||||
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-scheme=https"))
|
||||
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-for=192.168.0.1"))
|
||||
})
|
||||
})
|
||||
|
|
|
|||
Loading…
Reference in a new issue