DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #890 from aledbf/simplify-vars

Browse source 
Improve variable configuration for source IP address
This commit is contained in:
Manuel Alejandro de Brito Fontes 2017-06-21 10:40:31 -04:00 committed by GitHub
commit 42351662b6
4 changed files with 16 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
controllers/nginx/configuration.md
View file

@ -462,7 +462,7 @@ The following table shows the options, the default value and a description.
|ignore-invalid-headers|"true"| |ignore-invalid-headers|"true"|
|keep-alive|"75"| |keep-alive|"75"|
|log-format-stream|[$time_local] $protocol $status $bytes_sent $bytes_received $session_time| |log-format-stream|[$time_local] $protocol $status $bytes_sent $bytes_received $session_time|
|log-format-upstream|[$the_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status| |log-format-upstream|[$the_real_ip] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status|
|map-hash-bucket-size|"64"| |map-hash-bucket-size|"64"|
|max-worker-connections|"16384"| |max-worker-connections|"16384"|
|proxy-body-size|same as body-size| |proxy-body-size|same as body-size|

4
controllers/nginx/pkg/config/config.go
View file

@ -48,7 +48,7 @@ const (
gzipTypes = "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component" gzipTypes = "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component"
logFormatUpstream = `%v - [$the_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status` logFormatUpstream = `%v - [$the_real_ip] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status`
logFormatStream = `[$time_local] $protocol $status $bytes_sent $bytes_received $session_time` logFormatStream = `[$time_local] $protocol $status $bytes_sent $bytes_received $session_time`
@ -365,7 +365,7 @@ func NewDefault() Configuration {
// is enabled. // is enabled.
func (cfg Configuration) BuildLogFormatUpstream() string { func (cfg Configuration) BuildLogFormatUpstream() string {
if cfg.LogFormatUpstream == logFormatUpstream { if cfg.LogFormatUpstream == logFormatUpstream {
return fmt.Sprintf(cfg.LogFormatUpstream, "$the_x_forwarded_for") return fmt.Sprintf(cfg.LogFormatUpstream, "$the_real_ip")
} }
return cfg.LogFormatUpstream return cfg.LogFormatUpstream

4
controllers/nginx/pkg/config/config_test.go
View file

@ -28,8 +28,8 @@ func TestBuildLogFormatUpstream(t *testing.T) {
curLogFormat string curLogFormat string
expected string expected string
}{ }{
{true, logFormatUpstream, fmt.Sprintf(logFormatUpstream, "$the_x_forwarded_for")}, {true, logFormatUpstream, fmt.Sprintf(logFormatUpstream, "$the_real_ip")},
{false, logFormatUpstream, fmt.Sprintf(logFormatUpstream, "$the_x_forwarded_for")}, {false, logFormatUpstream, fmt.Sprintf(logFormatUpstream, "$the_real_ip")},
{true, "my-log-format", "my-log-format"}, {true, "my-log-format", "my-log-format"},
{false, "john-log-format", "john-log-format"}, {false, "john-log-format", "john-log-format"},
} }

20
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -135,15 +135,17 @@ http {
'' $server_port; '' $server_port;
} }
map $pass_access_scheme $the_x_forwarded_for { {{ if $cfg.UseProxyProtocol }}
default $remote_addr; map $http_x_forwarded_for $the_real_ip {
https $proxy_protocol_addr; default $http_x_forwarded_for;
'' $proxy_protocol_addr;
} }
{{ else }}
map $pass_access_scheme $the_real_ip { map $http_x_forwarded_for $the_real_ip {
default $remote_addr; default $http_x_forwarded_for;
https $proxy_protocol_addr; '' $remote_addr;
} }
{{ end }}
# map port 442 to 443 for header X-Forwarded-Port # map port 442 to 443 for header X-Forwarded-Port
map $pass_server_port $pass_port { map $pass_server_port $pass_port {
@ -394,7 +396,7 @@ http {
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $the_real_ip; proxy_set_header X-Real-IP $the_real_ip;
proxy_set_header X-Forwarded-For $the_x_forwarded_for; proxy_set_header X-Forwarded-For $the_real_ip;
proxy_set_header X-Forwarded-Host $best_http_host; proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port; proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme; proxy_set_header X-Forwarded-Proto $pass_access_scheme;
@ -564,7 +566,7 @@ stream {
server { server {
listen {{ $udpServer.Port }} udp; listen {{ $udpServer.Port }} udp;
{{ if $IsIPV6Enabled }}listen [::]:{{ $udpServer.Port }} udp;{{ end }} {{ if $IsIPV6Enabled }}listen [::]:{{ $udpServer.Port }} udp;{{ end }}
proxy_responses 1; proxy_responses 1;
proxy_pass udp-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }}; proxy_pass udp-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }};
} }