From 52e66af21947dff78a36e2d4ae27eb4523947e7c Mon Sep 17 00:00:00 2001 From: "Gabriel M. Dutra" Date: Fri, 26 Jul 2024 13:45:13 -0300 Subject: [PATCH] crossplane: Add brotli and proxy_hide_header (#11678) Signed-off-by: Gabriel M. Dutra --- .../controller/template/crossplane/config.go | 8 +++++++ .../template/crossplane/crossplane_test.go | 1 + .../controller/template/crossplane/http.go | 15 +++++++++++++ .../template/crossplane/testdata/nginx.tmpl | 22 +++++++++---------- 4 files changed, 35 insertions(+), 11 deletions(-) diff --git a/internal/ingress/controller/template/crossplane/config.go b/internal/ingress/controller/template/crossplane/config.go index 322a7e8ad..369ce2fb3 100644 --- a/internal/ingress/controller/template/crossplane/config.go +++ b/internal/ingress/controller/template/crossplane/config.go @@ -34,5 +34,13 @@ func (c *Template) buildConfig() { if c.tplConfig.Cfg.WorkerCPUAffinity != "" { config.Parsed = append(config.Parsed, buildDirective("worker_cpu_affinity", c.tplConfig.Cfg.WorkerCPUAffinity)) } + + if c.tplConfig.Cfg.EnableBrotli { + config.Parsed = append(config.Parsed, + buildDirective("load_module", "/etc/nginx/modules/ngx_http_brotli_filter_module.so"), + buildDirective("load_module", "/etc/nginx/modules/ngx_http_brotli_static_module.so"), + ) + } + c.config = config } diff --git a/internal/ingress/controller/template/crossplane/crossplane_test.go b/internal/ingress/controller/template/crossplane/crossplane_test.go index 0e88ad4b1..9b6b2fa9a 100644 --- a/internal/ingress/controller/template/crossplane/crossplane_test.go +++ b/internal/ingress/controller/template/crossplane/crossplane_test.go @@ -68,6 +68,7 @@ func TestCrossplaneTemplate(t *testing.T) { Cfg: config.NewDefault(), } tplConfig.Cfg.DefaultSSLCertificate = defaultCertificate + tplConfig.Cfg.EnableBrotli = true tpl := crossplane.NewTemplate() tpl.SetMimeFile(mimeFile.Name()) diff --git a/internal/ingress/controller/template/crossplane/http.go b/internal/ingress/controller/template/crossplane/http.go index 7c5ddb693..c8b49d834 100644 --- a/internal/ingress/controller/template/crossplane/http.go +++ b/internal/ingress/controller/template/crossplane/http.go @@ -233,6 +233,21 @@ func (c *Template) buildHTTP() { httpBlock = append(httpBlock, buildDirective("proxy_pass_header", "Server")) } + if cfg.EnableBrotli { + httpBlock = append(httpBlock, + buildDirective("brotli", "on"), + buildDirective("brotli_comp_level", cfg.BrotliLevel), + buildDirective("brotli_min_length", cfg.BrotliMinLength), + buildDirective("brotli_types", cfg.BrotliTypes), + ) + } + + if len(cfg.HideHeaders) > 0 { + for k := range cfg.HideHeaders { + httpBlock = append(httpBlock, buildDirective("proxy_hide_header", cfg.HideHeaders[k])) + } + } + c.config.Parsed = append(c.config.Parsed, &ngx_crossplane.Directive{ Directive: "http", Block: httpBlock, diff --git a/internal/ingress/controller/template/crossplane/testdata/nginx.tmpl b/internal/ingress/controller/template/crossplane/testdata/nginx.tmpl index d4a256ec8..cf9d20006 100644 --- a/internal/ingress/controller/template/crossplane/testdata/nginx.tmpl +++ b/internal/ingress/controller/template/crossplane/testdata/nginx.tmpl @@ -346,10 +346,6 @@ http { proxy_intercept_errors on; {{ end }} - # END MIGRATED VARIOUS 1 - - {{ buildOpentelemetry $cfg $servers }} - {{ if $cfg.EnableBrotli }} brotli on; brotli_comp_level {{ $cfg.BrotliLevel }}; @@ -357,6 +353,17 @@ http { brotli_types {{ $cfg.BrotliTypes }}; {{ end }} + {{ if $cfg.AllowBackendServerHeader }} + proxy_pass_header Server; + {{ end }} + + {{ range $header := $cfg.HideHeaders }}proxy_hide_header {{ $header }}; + {{ end }} + + # END MIGRATED VARIOUS 1 + + {{ buildOpentelemetry $cfg $servers }} + # Create a variable that contains the literal $ character. # This works because the geo module will not resolve variables. geo $literal_dollar { @@ -366,13 +373,6 @@ http { {{ range $errCode := $cfg.CustomHTTPErrors }} error_page {{ $errCode }} = @custom_upstream-default-backend_{{ $errCode }};{{ end }} - {{ if $cfg.AllowBackendServerHeader }} - proxy_pass_header Server; - {{ end }} - - {{ range $header := $cfg.HideHeaders }}proxy_hide_header {{ $header }}; - {{ end }} - upstream upstream_balancer { server 0.0.0.1; # placeholder