Merge 20987c083c into de1a4c463c

2025-02-17 09:50:26 -08:00 · 2025-02-17 09:50:26 -08:00 · 61e1a5bd9f
commit 61e1a5bd9f
parent de1a4c463c 20987c083c
4 changed files with 35 additions and 5 deletions
--- a/images/nginx/rootfs/build.sh
+++ b/images/nginx/rootfs/build.sh
@ -104,6 +104,9 @@ export OPENTELEMETRY_CPP_VERSION=v1.18.0
 # Check for recent changes: https://github.com/open-telemetry/opentelemetry-proto/compare/v1.5.0...main
 export OPENTELEMETRY_PROTO_VERSION=v1.5.0

+# http://hg.nginx.org/njs
+export NGINX_NJS_VERSION="0.8.4"
+
 export BUILD_PATH=/tmp/build

 ARCH=$(uname -m)
@ -271,6 +274,9 @@ get_src efb767487ea3f6031577b9b224467ddbda2ad51a41c5867a47582d4ad85d609e \
 get_src d74f86ada2329016068bc5a243268f1f555edd620b6a7d6ce89295e7d6cf18da \
        "https://github.com/microsoft/mimalloc/archive/${MIMALOC_VERSION}.tar.gz" "mimalloc"

+get_src 8191bff8491af9169a92e30e383ef8614717b0c6d40913d83b95051031e92321 \
+        "http://hg.nginx.org/njs/archive/${NGINX_NJS_VERSION}.tar.gz" "njs"
+
 # improve compilation times
 CORES=$(($(grep -c ^processor /proc/cpuinfo) - 1))

@ -489,7 +495,8 @@ WITH_MODULES=" \
  --add-dynamic-module=$BUILD_PATH/nginx-http-auth-digest \
  --add-dynamic-module=$BUILD_PATH/ModSecurity-nginx \
  --add-dynamic-module=$BUILD_PATH/ngx_http_geoip2_module \
-  --add-dynamic-module=$BUILD_PATH/ngx_brotli"
+  --add-dynamic-module=$BUILD_PATH/ngx_brotli \
+  --add-dynamic-module=$BUILD_PATH/njs/nginx"

 ./configure \
  --prefix=/usr/local/nginx \
--- a/rootfs/etc/nginx/js/nginx/ngx_srv_redirect.js
+++ b/rootfs/etc/nginx/js/nginx/ngx_srv_redirect.js
@ -0,0 +1,16 @@
+function srv_redirect(req) {
+    const redirectTo = req.variables.tmp_redirect_to;
+
+    const requestUri = req.variables.request_uri.replace(/\/$/, '');
+
+    const useForwardedHeaders = req.variables.forwarded_headers
+    const xForwardedProto = req.variables.http_x_forwarded_proto;
+    const xForwardedPort = req.variables.http_x_forwarded_port;
+
+    const redirectScheme = useForwardedHeaders && xForwardedProto ? xForwardedProto : req.variables.scheme;
+    const redirectPort = useForwardedHeaders && xForwardedPort ? xForwardedPort : req.variables.server_port;
+
+    return `${redirectScheme}://${redirectTo}:${redirectPort}${requestUri}`;
+}
+
+export default { srv_redirect };
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@ -12,6 +12,8 @@
 # setup custom paths that do not require root access
 pid {{ .PID }};

+load_module /etc/nginx/modules/ngx_http_js_module.so;
+
 {{ if $cfg.UseGeoIP2 }}
 load_module /etc/nginx/modules/ngx_http_geoip2_module.so;
 {{ end }}
@ -74,6 +76,10 @@ http {

    init_worker_by_lua_file /etc/nginx/lua/ngx_conf_init_worker.lua;

+    js_import /etc/nginx/js/nginx/ngx_srv_redirect.js;
+
+    js_set $njs_srv_redirect ngx_srv_redirect.srv_redirect;
+
    {{/* Enable the real_ip module only if we use either X-Forwarded headers or Proxy Protocol. */}}
    {{/* we use the value of the real IP for the geo_ip module */}}
    {{ if or (or $cfg.UseForwardedHeaders $cfg.UseProxyProtocol) $cfg.EnableRealIP }}
@ -572,9 +578,10 @@ http {
        }
        {{ end }}

-        set_by_lua_file $redirect_to /etc/nginx/lua/nginx/ngx_srv_redirect.lua {{ $redirect.To }}; 
+        set $tmp_redirect_to '{{ $redirect.To }}';
+        set $tmp_forwarded_headers '{{ $cfg.UseForwardedHeaders }}';

-        return {{ $all.Cfg.HTTPRedirectCode }} $redirect_to;
+        return {{ $all.Cfg.HTTPRedirectCode }} $njs_srv_redirect;
    }
    ## end server {{ $redirect.From }}
    {{ end }}
--- a/test/e2e/annotations/fromtowwwredirect.go
+++ b/test/e2e/annotations/fromtowwwredirect.go
@ -49,7 +49,7 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() {
 		f.WaitForNginxConfiguration(
 			func(cfg string) bool {
 				return strings.Contains(cfg, `server_name www.fromtowwwredirect.bar.com;`) &&
-					strings.Contains(cfg, `return 308 $redirect_to;`)
+					strings.Contains(cfg, `return 308 $njs_srv_redirect;`)
 			})

 		ginkgo.By("sending request to www.fromtowwwredirect.bar.com")
@ -88,7 +88,7 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() {
 		f.WaitForNginxServer(toHost,
 			func(server string) bool {
 				return strings.Contains(server, fmt.Sprintf(`server_name %v;`, toHost)) &&
-					strings.Contains(server, `return 308 $redirect_to;`)
+					strings.Contains(server, `return 308 $njs_srv_redirect;`)
 			})

 		ginkgo.By("sending request to www should redirect to domain")