From 41c34bd9e80f9ca8024f97bc28bd30f0a6b8be43 Mon Sep 17 00:00:00 2001
From: Manuel de Brito Fontes <aledbf@gmail.com>
Date: Sat, 26 Mar 2016 18:25:51 -0300
Subject: [PATCH] Improve documentation. Add flag to enable vts status module

---
 controllers/nginx-third-party/README.md       | 10 ++++++
 .../examples/as-daemonset.yaml                |  2 +-
 .../examples/rc-custom-configuration.yaml     |  2 +-
 .../examples/rc-default.yaml                  |  2 +-
 .../nginx-third-party/examples/rc-full.yaml   |  8 -----
 controllers/nginx-third-party/nginx.tmpl      | 36 ++++++++++++++-----
 controllers/nginx-third-party/nginx/main.go   |  8 +++++
 7 files changed, 48 insertions(+), 20 deletions(-)

diff --git a/controllers/nginx-third-party/README.md b/controllers/nginx-third-party/README.md
index 15e2da54b..c138e1a6e 100644
--- a/controllers/nginx-third-party/README.md
+++ b/controllers/nginx-third-party/README.md
@@ -426,6 +426,16 @@ Please check the example `rc-custom-configuration.yaml`
 
 If the Configmap it is updated, NGINX will be reloaded with the new configuration
 
+### NGINX status page
+
+The ngx_http_stub_status_module module provides access to basic status information. This is the default module active in the url `/nginx_status`.
+This controller provides an alternitive to this module using [nginx-module-vts](https://github.com/vozlt/nginx-module-vts) third party module.
+To use this module just provide a ConfigMap with the key `enable-vts-status=true`. The URL is exposed in the port 8080.
+Please check the example `example/rc-default.yaml`
+
+![nginx-module-vts screenshot](https://cloud.githubusercontent.com/assets/3648408/10876811/77a67b70-8183-11e5-9924-6a6d0c5dc73a.png "screenshot with filter")
+
+To extract the information in JSON format the module provides a custom URL: `/nginx_status/format/json`
 
 ## Troubleshooting
 
diff --git a/controllers/nginx-third-party/examples/as-daemonset.yaml b/controllers/nginx-third-party/examples/as-daemonset.yaml
index 403eee52c..c0050fefb 100644
--- a/controllers/nginx-third-party/examples/as-daemonset.yaml
+++ b/controllers/nginx-third-party/examples/as-daemonset.yaml
@@ -38,7 +38,7 @@ spec:
           hostPort: 80
         - containerPort: 443
           hostPort: 4444
-        # we expose 8080 to access nginx stats in url /nginx-status
+        # we expose 8080 to access nginx stats in url /nginx_status
         # this is optional
         - containerPort: 8080
           hostPort: 8081
diff --git a/controllers/nginx-third-party/examples/rc-custom-configuration.yaml b/controllers/nginx-third-party/examples/rc-custom-configuration.yaml
index 5b3d87edb..316bfa75f 100644
--- a/controllers/nginx-third-party/examples/rc-custom-configuration.yaml
+++ b/controllers/nginx-third-party/examples/rc-custom-configuration.yaml
@@ -44,7 +44,7 @@ spec:
           hostPort: 80
         - containerPort: 443
           hostPort: 4444
-        # we expose 8080 to access nginx stats in url /nginx-status
+        # we expose 8080 to access nginx stats in url /nginx_status
         # this is optional
         - containerPort: 8080
           hostPort: 8081
diff --git a/controllers/nginx-third-party/examples/rc-default.yaml b/controllers/nginx-third-party/examples/rc-default.yaml
index 3a54bdb7a..bec7b0648 100644
--- a/controllers/nginx-third-party/examples/rc-default.yaml
+++ b/controllers/nginx-third-party/examples/rc-default.yaml
@@ -44,7 +44,7 @@ spec:
           hostPort: 80
         - containerPort: 443
           hostPort: 4444
-        # we expose 8080 to access nginx stats in url /nginx-status
+        # we expose 8080 to access nginx stats in url /nginx_status
         # this is optional
         - containerPort: 8080
           hostPort: 8081
diff --git a/controllers/nginx-third-party/examples/rc-full.yaml b/controllers/nginx-third-party/examples/rc-full.yaml
index f8a7a2edb..38b1305ee 100644
--- a/controllers/nginx-third-party/examples/rc-full.yaml
+++ b/controllers/nginx-third-party/examples/rc-full.yaml
@@ -15,11 +15,6 @@ spec:
         k8s-app: nginx-ingress-lb
         name: nginx-ingress-lb
     spec:
-      # A secret for each nginx host that requires SSL. These secrets need to
-      # exist before hand, see README.
-      # The secret must contains 2 variables: cert and key.
-      # Follow this https://github.com/bprashanth/Ingress/blob/master/examples/sni/nginx/test.sh
-      # as a guide on how to generate secrets containing SSL certificates.
       volumes:
       - name: dhparam-example
         secret:
@@ -59,9 +54,6 @@ spec:
         volumeMounts:
         - mountPath: /etc/nginx-ssl/dhparam
           name: dhparam-example
-        # the flags tcp-services is required because Ingress do not support TCP rules
-        # if no namespace is specified "default" is used. Example: nodefaultns/example-go:8080
-        # containerPort 8080 is mapped to 9000 in the node.
         args:
         - /nginx-third-party-lb
         - --tcp-services-configmap=default/tcp-configmap-example
diff --git a/controllers/nginx-third-party/nginx.tmpl b/controllers/nginx-third-party/nginx.tmpl
index 7efb27d85..21d498ae5 100644
--- a/controllers/nginx-third-party/nginx.tmpl
+++ b/controllers/nginx-third-party/nginx.tmpl
@@ -16,7 +16,7 @@ events {
 }
 
 http {
-    #vhost_traffic_status_zone shared:vhost_traffic_status:10m;
+    {{ if $cfg.enableVtsStatus}}vhost_traffic_status_zone shared:vhost_traffic_status:{{ $cfg.vtsStatusZoneSize }};{{ end }}
 
     # lus sectrion to return proper error codes when custom pages are used
     lua_package_path '.?.lua;./etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/lua-resty-http/lib/?.lua;';
@@ -75,12 +75,17 @@ http {
     }
 
     # trust http_x_forwarded_proto headers correctly indicate ssl offloading
-    map $http_x_forwarded_proto $access_scheme {
+    map $http_x_forwarded_proto $pass_access_scheme {
       default $http_x_forwarded_proto;
       ''      $scheme;
     }
 
-    map $access_scheme $sts {
+    map $http_x_forwarded_proto $pass_forwarded_for {
+      default $http_x_forwarded_for;
+      ''      $proxy_add_x_forwarded_for;
+    }
+
+    map $pass_access_scheme $sts {
       'https' 'max-age={{ $cfg.htsMaxAge }}{{ if $cfg.htsIncludeSubdomains }}; includeSubDomains{{ end }}; preload';
     }
 
@@ -150,6 +155,14 @@ http {
             return 200;
         }
 
+        location /nginx_status {
+            allow 127.0.0.1;
+            deny all;
+            
+            access_log off;
+            stub_status on;
+        }
+
         {{ template "CUSTOM_ERRORS" $cfg }}
     }
 
@@ -167,6 +180,9 @@ http {
         {{ if $server.SSL }}listen 443 ssl http2;
         ssl_certificate {{ $server.SSLCertificate }};
         ssl_certificate_key {{ $server.SSLCertificateKey }};{{ end }}
+        {{ if $cfg.enableVtsStatus }}
+        vhost_traffic_status_filter_by_set_key {{ $server.Name }} application::*;
+        {{ end }}
 
         server_name {{ $server.Name }};
 
@@ -186,10 +202,10 @@ http {
             proxy_set_header                        Upgrade           $http_upgrade;
             proxy_set_header                        Connection        $connection_upgrade;
 
-            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-For        $pass_forwarded_for;
             proxy_set_header X-Forwarded-Host       $host;
             proxy_set_header X-Forwarded-Server     $host;
-            proxy_set_header X-Forwarded-Proto      $scheme;
+            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;
 
             proxy_connect_timeout                   {{ $cfg.proxyConnectTimeout }}s;
             proxy_send_timeout                      {{ $cfg.proxySendTimeout }}s;
@@ -210,7 +226,6 @@ http {
     # default server, including healthcheck
     server {
         listen 8080 default_server{{ if $cfg.useProxyProtocol }} proxy_protocol{{ end }} reuseport;
-        #vhost_traffic_status_filter_by_host on;
 
         location /healthz {
             access_log off;
@@ -222,11 +237,14 @@ http {
             proxy_pass http://127.0.0.1:10249/healthz;
         }
 
-        location /nginx-status {
-            #vhost_traffic_status_display;
-            #vhost_traffic_status_display_format html;
+        location /nginx_status {
+            {{ if $cfg.enableVtsStatus }}
+            vhost_traffic_status_display;
+            vhost_traffic_status_display_format html;
+            {{ else }}
             access_log off;
             stub_status on;
+            {{ end }}
         }
 
         location / {
diff --git a/controllers/nginx-third-party/nginx/main.go b/controllers/nginx-third-party/nginx/main.go
index 9f53d631d..0c4aff112 100644
--- a/controllers/nginx-third-party/nginx/main.go
+++ b/controllers/nginx-third-party/nginx/main.go
@@ -87,6 +87,13 @@ type nginxConfiguration struct {
 	// Sets the maximum allowed size of the client request body
 	BodySize string `structs:"body-size,omitempty"`
 
+	// EnableVtsStatus allows the replacement of the default status page with a third party module named
+	// nginx-module-vts - https://github.com/vozlt/nginx-module-vts
+	// By default this is disabled
+	EnableVtsStatus bool `structs:"enable-vts-status,omitempty"`
+
+	VtsStatusZoneSize string `structs:"vts-status-zone-size,omitempty"`
+
 	// http://nginx.org/en/docs/ngx_core_module.html#error_log
 	// Configures logging level [debug | info | notice | warn | error | crit | alert | emerg]
 	// Log levels above are listed in the order of increasing severity
@@ -250,6 +257,7 @@ func newDefaultNginxCfg() nginxConfiguration {
 		UseProxyProtocol:         false,
 		UseGzip:                  true,
 		WorkerProcesses:          strconv.Itoa(runtime.NumCPU()),
+		VtsStatusZoneSize:        "10m",
 	}
 
 	if glog.V(5) {