Add upstream directives and some others (#11681)
This commit is contained in:
Ricardo Katz
Ricardo Katz
parent
c39de84a95
commit
abb87ca750
4 changed files with 89 additions and 34 deletions
|
|
@ -166,12 +166,26 @@ func TestCrossplaneTemplate(t *testing.T) {
|
|||
tplConfig.Cfg.AllowBackendServerHeader = true // default false
|
||||
tplConfig.Cfg.BlockCIDRs = []string{"192.168.0.0/24", " 200.200.0.0/16 "} // default 0
|
||||
tplConfig.Cfg.BlockUserAgents = []string{"someuseragent", " another/user-agent "} // default 0
|
||||
tplConfig.Cfg.BlockReferers = []string{"someref", " anotherref", "escape\nref"}
|
||||
|
||||
tplConfig.AddHeaders = map[string]string{
|
||||
"someheader": "xpto",
|
||||
"anotherheader": "blabla",
|
||||
}
|
||||
|
||||
tplConfig.Cfg.EnableBrotli = true
|
||||
tplConfig.Cfg.BrotliLevel = 7
|
||||
tplConfig.Cfg.BrotliMinLength = 2
|
||||
tplConfig.Cfg.BrotliTypes = "application/xml+rss application/atom+xml"
|
||||
|
||||
tplConfig.Cfg.HideHeaders = []string{"x-fake-header", "x-another-fake-header"}
|
||||
tplConfig.Cfg.UpstreamKeepaliveConnections = 15
|
||||
|
||||
tplConfig.Cfg.UpstreamKeepaliveConnections = 200
|
||||
tplConfig.Cfg.UpstreamKeepaliveTime = "60s"
|
||||
tplConfig.Cfg.UpstreamKeepaliveTimeout = 200
|
||||
tplConfig.Cfg.UpstreamKeepaliveRequests = 15
|
||||
|
||||
tpl = crossplane.NewTemplate()
|
||||
tpl.SetMimeFile(mimeFile.Name())
|
||||
content, err := tpl.Write(tplConfig)
|
||||
|
|
|
|||
|
|
@ -81,6 +81,7 @@ func (c *Template) initHTTPDirectives() ngx_crossplane.Directives {
|
|||
return httpBlock
|
||||
}
|
||||
|
||||
//nolint:gocyclo
|
||||
func (c *Template) buildHTTP() {
|
||||
cfg := c.tplConfig.Cfg
|
||||
httpBlock := c.initHTTPDirectives()
|
||||
|
|
@ -239,7 +240,7 @@ func (c *Template) buildHTTP() {
|
|||
buildDirective("brotli", "on"),
|
||||
buildDirective("brotli_comp_level", cfg.BrotliLevel),
|
||||
buildDirective("brotli_min_length", cfg.BrotliMinLength),
|
||||
buildDirective("brotli_types", cfg.BrotliTypes),
|
||||
buildDirective("brotli_types", strings.Split(cfg.BrotliTypes, " ")),
|
||||
)
|
||||
}
|
||||
|
||||
|
|
@ -249,6 +250,40 @@ func (c *Template) buildHTTP() {
|
|||
}
|
||||
}
|
||||
|
||||
blockUpstreamDirectives := ngx_crossplane.Directives{
|
||||
buildDirective("server", "0.0.0.1"),
|
||||
buildBlockDirective("balancer_by_lua_block", nil, ngx_crossplane.Directives{buildDirective("balancer.balance()")}),
|
||||
}
|
||||
if c.tplConfig.Cfg.UpstreamKeepaliveConnections > 0 {
|
||||
blockUpstreamDirectives = append(blockUpstreamDirectives,
|
||||
buildDirective("keepalive", c.tplConfig.Cfg.UpstreamKeepaliveConnections),
|
||||
buildDirective("keepalive_time", c.tplConfig.Cfg.UpstreamKeepaliveTime),
|
||||
buildDirective("keepalive_timeout", seconds(c.tplConfig.Cfg.UpstreamKeepaliveTimeout)),
|
||||
buildDirective("keepalive_requests", c.tplConfig.Cfg.UpstreamKeepaliveRequests),
|
||||
)
|
||||
}
|
||||
httpBlock = append(httpBlock, buildBlockDirective("upstream", []string{"upstream_balancer"}, blockUpstreamDirectives))
|
||||
|
||||
for i := range cfg.BlockCIDRs {
|
||||
httpBlock = append(httpBlock, buildDirective("deny", strings.TrimSpace(cfg.BlockCIDRs[i])))
|
||||
}
|
||||
|
||||
if len(cfg.BlockUserAgents) > 0 {
|
||||
uaDirectives := ngx_crossplane.Directives{buildDirective("default", 0)}
|
||||
for i := range cfg.BlockUserAgents {
|
||||
uaDirectives = append(uaDirectives, buildDirective(strings.TrimSpace(cfg.BlockUserAgents[i]), 1))
|
||||
}
|
||||
httpBlock = append(httpBlock, buildMapDirective("$http_user_agent", "$block_ua", uaDirectives))
|
||||
}
|
||||
|
||||
if len(cfg.BlockReferers) > 0 {
|
||||
refDirectives := ngx_crossplane.Directives{buildDirective("default", 0)}
|
||||
for i := range cfg.BlockReferers {
|
||||
refDirectives = append(refDirectives, buildDirective(strings.TrimSpace(cfg.BlockReferers[i]), 1))
|
||||
}
|
||||
httpBlock = append(httpBlock, buildMapDirective("$http_referer", "$block_ref", refDirectives))
|
||||
}
|
||||
|
||||
c.config.Parsed = append(c.config.Parsed, &ngx_crossplane.Directive{
|
||||
Directive: "http",
|
||||
Block: httpBlock,
|
||||
|
|
|
|||
|
|
@ -360,18 +360,27 @@ http {
|
|||
{{ range $header := $cfg.HideHeaders }}proxy_hide_header {{ $header }};
|
||||
{{ end }}
|
||||
|
||||
# END MIGRATED VARIOUS 1
|
||||
# Global filters
|
||||
{{ range $ip := $cfg.BlockCIDRs }}deny {{ trimSpace $ip }};
|
||||
{{ end }}
|
||||
|
||||
{{ buildOpentelemetry $cfg $servers }}
|
||||
{{ if gt (len $cfg.BlockUserAgents) 0 }}
|
||||
map $http_user_agent $block_ua {
|
||||
default 0;
|
||||
|
||||
# Create a variable that contains the literal $ character.
|
||||
# This works because the geo module will not resolve variables.
|
||||
geo $literal_dollar {
|
||||
default "$";
|
||||
{{ range $ua := $cfg.BlockUserAgents }}{{ trimSpace $ua }} 1;
|
||||
{{ end }}
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
{{ range $errCode := $cfg.CustomHTTPErrors }}
|
||||
error_page {{ $errCode }} = @custom_upstream-default-backend_{{ $errCode }};{{ end }}
|
||||
{{ if gt (len $cfg.BlockReferers) 0 }}
|
||||
map $http_referer $block_ref {
|
||||
default 0;
|
||||
|
||||
{{ range $ref := $cfg.BlockReferers }}{{ trimSpace $ref }} 1;
|
||||
{{ end }}
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
upstream upstream_balancer {
|
||||
server 0.0.0.1; # placeholder
|
||||
|
|
@ -388,6 +397,19 @@ http {
|
|||
{{ end }}
|
||||
}
|
||||
|
||||
# END MIGRATED VARIOUS 1
|
||||
|
||||
{{ buildOpentelemetry $cfg $servers }}
|
||||
|
||||
# Create a variable that contains the literal $ character.
|
||||
# This works because the geo module will not resolve variables.
|
||||
geo $literal_dollar {
|
||||
default "$";
|
||||
}
|
||||
|
||||
{{ range $errCode := $cfg.CustomHTTPErrors }}
|
||||
error_page {{ $errCode }} = @custom_upstream-default-backend_{{ $errCode }};{{ end }}
|
||||
|
||||
{{ range $rl := (filterRateLimits $servers ) }}
|
||||
# Ratelimit {{ $rl.Name }}
|
||||
geo $remote_addr $allowlist_{{ $rl.ID }} {
|
||||
|
|
@ -409,27 +431,6 @@ http {
|
|||
{{ $zone }}
|
||||
{{ end }}
|
||||
|
||||
# Global filters
|
||||
{{ range $ip := $cfg.BlockCIDRs }}deny {{ trimSpace $ip }};
|
||||
{{ end }}
|
||||
|
||||
{{ if gt (len $cfg.BlockUserAgents) 0 }}
|
||||
map $http_user_agent $block_ua {
|
||||
default 0;
|
||||
|
||||
{{ range $ua := $cfg.BlockUserAgents }}{{ trimSpace $ua }} 1;
|
||||
{{ end }}
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
{{ if gt (len $cfg.BlockReferers) 0 }}
|
||||
map $http_referer $block_ref {
|
||||
default 0;
|
||||
|
||||
{{ range $ref := $cfg.BlockReferers }}{{ trimSpace $ref }} 1;
|
||||
{{ end }}
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
{{/* Build server redirects (from/to www) */}}
|
||||
{{ range $redirect := .RedirectServers }}
|
||||
|
|
|
|||
|
|
@ -85,15 +85,20 @@ func buildResolversInternal(res []net.IP, disableIpv6 bool) []string {
|
|||
return r
|
||||
}
|
||||
|
||||
// buildMapDirective is used to build a map directive
|
||||
func buildMapDirective(name, variable string, block ngx_crossplane.Directives) *ngx_crossplane.Directive {
|
||||
// buildBlockDirective is used to build a block directive
|
||||
func buildBlockDirective(blockName string, args []string, block ngx_crossplane.Directives) *ngx_crossplane.Directive {
|
||||
return &ngx_crossplane.Directive{
|
||||
Directive: "map",
|
||||
Args: []string{name, variable},
|
||||
Directive: blockName,
|
||||
Args: args,
|
||||
Block: block,
|
||||
}
|
||||
}
|
||||
|
||||
// buildMapDirective is used to build a map directive
|
||||
func buildMapDirective(name, variable string, block ngx_crossplane.Directives) *ngx_crossplane.Directive {
|
||||
return buildBlockDirective("map", []string{name, variable}, block)
|
||||
}
|
||||
|
||||
func boolToStr(b bool) string {
|
||||
if b {
|
||||
return "on"
|
||||
|
|
|
|||
Loading…
Reference in a new issue