DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #1277 from danielqsj/add-indent

Browse source 
Add indent for nginx.conf
This commit is contained in:
Manuel Alejandro de Brito Fontes 2017-08-31 07:39:51 -04:00 committed by GitHub
commit abc53ccfc5
3 changed files with 189 additions and 189 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
controllers/nginx/pkg/template/template.go
View file

@ -312,12 +312,12 @@ func buildProxyPass(host string, b interface{}, loc interface{}) string {
bPath := fmt.Sprintf("%s%s", path, "$baseuri") bPath := fmt.Sprintf("%s%s", path, "$baseuri")
if len(location.Rewrite.BaseURLScheme) > 0 { if len(location.Rewrite.BaseURLScheme) > 0 {
abu = fmt.Sprintf(`subs_filter '<head(.*)>' '<head$1><base href="%v://$http_host%v">' r; abu = fmt.Sprintf(`subs_filter '<head(.*)>' '<head$1><base href="%v://$http_host%v">' r;
subs_filter '<HEAD(.*)>' '<HEAD$1><base href="%v://$http_host%v">' r; subs_filter '<HEAD(.*)>' '<HEAD$1><base href="%v://$http_host%v">' r;
`, location.Rewrite.BaseURLScheme, bPath, location.Rewrite.BaseURLScheme, bPath) `, location.Rewrite.BaseURLScheme, bPath, location.Rewrite.BaseURLScheme, bPath)
} else { } else {
abu = fmt.Sprintf(`subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host%v">' r; abu = fmt.Sprintf(`subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host%v">' r;
subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host%v">' r; subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host%v">' r;
`, bPath, bPath) `, bPath, bPath)
} }
} }
@ -325,16 +325,16 @@ func buildProxyPass(host string, b interface{}, loc interface{}) string {
// special case redirect to / // special case redirect to /
// ie /something to / // ie /something to /
return fmt.Sprintf(` return fmt.Sprintf(`
rewrite %s(.*) /$1 break; rewrite %s(.*) /$1 break;
rewrite %s / break; rewrite %s / break;
proxy_pass %s://%s; proxy_pass %s://%s;
%v`, path, location.Path, proto, upstreamName, abu) %v`, path, location.Path, proto, upstreamName, abu)
} }
return fmt.Sprintf(` return fmt.Sprintf(`
rewrite %s(.*) %s/$1 break; rewrite %s(.*) %s/$1 break;
proxy_pass %s://%s; proxy_pass %s://%s;
%v`, path, location.Rewrite.Target, proto, upstreamName, abu) %v`, path, location.Rewrite.Target, proto, upstreamName, abu)
} }
// default proxy_pass // default proxy_pass

80
controllers/nginx/pkg/template/template_test.go
View file

@ -44,54 +44,54 @@ var (
"invalid redirect / to /": {"/", "/", "/", "proxy_pass http://upstream-name;", false, ""}, "invalid redirect / to /": {"/", "/", "/", "proxy_pass http://upstream-name;", false, ""},
"redirect / to /jenkins": {"/", "/jenkins", "~* /", "redirect / to /jenkins": {"/", "/jenkins", "~* /",
` `
rewrite /(.*) /jenkins/$1 break; rewrite /(.*) /jenkins/$1 break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
`, false, ""}, `, false, ""},
"redirect /something to /": {"/something", "/", `~* ^/something\/?(?<baseuri>.*)`, ` "redirect /something to /": {"/something", "/", `~* ^/something\/?(?<baseuri>.*)`, `
rewrite /something/(.*) /$1 break; rewrite /something/(.*) /$1 break;
rewrite /something / break; rewrite /something / break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
`, false, ""}, `, false, ""},
"redirect /end-with-slash/ to /not-root": {"/end-with-slash/", "/not-root", "~* ^/end-with-slash/(?<baseuri>.*)", ` "redirect /end-with-slash/ to /not-root": {"/end-with-slash/", "/not-root", "~* ^/end-with-slash/(?<baseuri>.*)", `
rewrite /end-with-slash/(.*) /not-root/$1 break; rewrite /end-with-slash/(.*) /not-root/$1 break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
`, false, ""}, `, false, ""},
"redirect /something-complex to /not-root": {"/something-complex", "/not-root", `~* ^/something-complex\/?(?<baseuri>.*)`, ` "redirect /something-complex to /not-root": {"/something-complex", "/not-root", `~* ^/something-complex\/?(?<baseuri>.*)`, `
rewrite /something-complex/(.*) /not-root/$1 break; rewrite /something-complex/(.*) /not-root/$1 break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
`, false, ""}, `, false, ""},
"redirect / to /jenkins and rewrite": {"/", "/jenkins", "~* /", ` "redirect / to /jenkins and rewrite": {"/", "/jenkins", "~* /", `
rewrite /(.*) /jenkins/$1 break; rewrite /(.*) /jenkins/$1 break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host/$baseuri">' r; subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host/$baseuri">' r;
subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host/$baseuri">' r; subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host/$baseuri">' r;
`, true, ""}, `, true, ""},
"redirect /something to / and rewrite": {"/something", "/", `~* ^/something\/?(?<baseuri>.*)`, ` "redirect /something to / and rewrite": {"/something", "/", `~* ^/something\/?(?<baseuri>.*)`, `
rewrite /something/(.*) /$1 break; rewrite /something/(.*) /$1 break;
rewrite /something / break; rewrite /something / break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host/something/$baseuri">' r; subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host/something/$baseuri">' r;
subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host/something/$baseuri">' r; subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host/something/$baseuri">' r;
`, true, ""}, `, true, ""},
"redirect /end-with-slash/ to /not-root and rewrite": {"/end-with-slash/", "/not-root", `~* ^/end-with-slash/(?<baseuri>.*)`, ` "redirect /end-with-slash/ to /not-root and rewrite": {"/end-with-slash/", "/not-root", `~* ^/end-with-slash/(?<baseuri>.*)`, `
rewrite /end-with-slash/(.*) /not-root/$1 break; rewrite /end-with-slash/(.*) /not-root/$1 break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host/end-with-slash/$baseuri">' r; subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host/end-with-slash/$baseuri">' r;
subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host/end-with-slash/$baseuri">' r; subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host/end-with-slash/$baseuri">' r;
`, true, ""}, `, true, ""},
"redirect /something-complex to /not-root and rewrite": {"/something-complex", "/not-root", `~* ^/something-complex\/?(?<baseuri>.*)`, ` "redirect /something-complex to /not-root and rewrite": {"/something-complex", "/not-root", `~* ^/something-complex\/?(?<baseuri>.*)`, `
rewrite /something-complex/(.*) /not-root/$1 break; rewrite /something-complex/(.*) /not-root/$1 break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host/something-complex/$baseuri">' r; subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host/something-complex/$baseuri">' r;
subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host/something-complex/$baseuri">' r; subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host/something-complex/$baseuri">' r;
`, true, ""}, `, true, ""},
"redirect /something to / and rewrite with specific scheme": {"/something", "/", `~* ^/something\/?(?<baseuri>.*)`, ` "redirect /something to / and rewrite with specific scheme": {"/something", "/", `~* ^/something\/?(?<baseuri>.*)`, `
rewrite /something/(.*) /$1 break; rewrite /something/(.*) /$1 break;
rewrite /something / break; rewrite /something / break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
subs_filter '<head(.*)>' '<head$1><base href="http://$http_host/something/$baseuri">' r; subs_filter '<head(.*)>' '<head$1><base href="http://$http_host/something/$baseuri">' r;
subs_filter '<HEAD(.*)>' '<HEAD$1><base href="http://$http_host/something/$baseuri">' r; subs_filter '<HEAD(.*)>' '<HEAD$1><base href="http://$http_host/something/$baseuri">' r;
`, true, "http"}, `, true, "http"},
} }
) )

276
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -631,195 +631,195 @@ stream {
{{ if not (empty $location.Rewrite.AppRoot)}} {{ if not (empty $location.Rewrite.AppRoot)}}
if ($uri = /) { if ($uri = /) {
return 302 {{ $location.Rewrite.AppRoot }}; return 302 {{ $location.Rewrite.AppRoot }};
} }
{{ end }} {{ end }}
{{ if not (empty $authPath) }} {{ if not (empty $authPath) }}
location = {{ $authPath }} { location = {{ $authPath }} {
internal; internal;
set $proxy_upstream_name "internal"; set $proxy_upstream_name "internal";
{{ if not $location.ExternalAuth.SendBody }} {{ if not $location.ExternalAuth.SendBody }}
proxy_pass_request_body off; proxy_pass_request_body off;
proxy_set_header Content-Length ""; proxy_set_header Content-Length "";
{{ end }} {{ end }}
{{ if not (empty $location.ExternalAuth.Method) }} {{ if not (empty $location.ExternalAuth.Method) }}
proxy_method {{ $location.ExternalAuth.Method }}; proxy_method {{ $location.ExternalAuth.Method }};
proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme; proxy_set_header X-Scheme $pass_access_scheme;
{{ end }} {{ end }}
proxy_pass_request_headers on; proxy_pass_request_headers on;
proxy_set_header Host {{ $location.ExternalAuth.Host }}; proxy_set_header Host {{ $location.ExternalAuth.Host }};
proxy_ssl_server_name on; proxy_ssl_server_name on;
client_max_body_size "{{ $location.Proxy.BodySize }}"; client_max_body_size "{{ $location.Proxy.BodySize }}";
{{ if isValidClientBodyBufferSize $location.ClientBodyBufferSize }} {{ if isValidClientBodyBufferSize $location.ClientBodyBufferSize }}
client_body_buffer_size {{ $location.ClientBodyBufferSize }}; client_body_buffer_size {{ $location.ClientBodyBufferSize }};
{{ end }} {{ end }}
set $target {{ $location.ExternalAuth.URL }}; set $target {{ $location.ExternalAuth.URL }};
proxy_pass $target; proxy_pass $target;
} }
{{ end }} {{ end }}
location {{ $path }} { location {{ $path }} {
set $proxy_upstream_name "{{ buildUpstreamName $server.Hostname $all.Backends $location }}"; set $proxy_upstream_name "{{ buildUpstreamName $server.Hostname $all.Backends $location }}";
{{ $ing := (getIngressInformation $location.Ingress $path) }} {{ $ing := (getIngressInformation $location.Ingress $path) }}
{{/* $ing.Metadata contains the Ingress metadata */}} {{/* $ing.Metadata contains the Ingress metadata */}}
set $namespace "{{ $ing.Namespace }}"; set $namespace "{{ $ing.Namespace }}";
set $ingress_name "{{ $ing.Rule }}"; set $ingress_name "{{ $ing.Rule }}";
set $service_name "{{ $ing.Service }}"; set $service_name "{{ $ing.Service }}";
{{ if (or $location.Rewrite.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Rewrite.SSLRedirect)) }} {{ if (or $location.Rewrite.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Rewrite.SSLRedirect)) }}
# enforce ssl on server side # enforce ssl on server side
if ($pass_access_scheme = http) { if ($pass_access_scheme = http) {
return 301 https://$best_http_host$request_uri; return 301 https://$best_http_host$request_uri;
} }
{{ end }} {{ end }}
{{ if isLocationAllowed $location }} {{ if isLocationAllowed $location }}
{{ if gt (len $location.Whitelist.CIDR) 0 }} {{ if gt (len $location.Whitelist.CIDR) 0 }}
if ({{ buildDenyVariable (print $server.Hostname "_" $path) }}) { if ({{ buildDenyVariable (print $server.Hostname "_" $path) }}) {
return 403; return 403;
} }
{{ end }} {{ end }}
port_in_redirect {{ if $location.UsePortInRedirects }}on{{ else }}off{{ end }}; port_in_redirect {{ if $location.UsePortInRedirects }}on{{ else }}off{{ end }};
{{ if not (empty $authPath) }} {{ if not (empty $authPath) }}
# this location requires authentication # this location requires authentication
auth_request {{ $authPath }}; auth_request {{ $authPath }};
auth_request_set $auth_cookie $upstream_http_set_cookie; auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie; add_header Set-Cookie $auth_cookie;
{{- range $idx, $line := buildAuthResponseHeaders $location }} {{- range $idx, $line := buildAuthResponseHeaders $location }}
{{ $line }} {{ $line }}
{{- end }} {{- end }}
{{ end }} {{ end }}
{{ if not (empty $location.ExternalAuth.SigninURL) }} {{ if not (empty $location.ExternalAuth.SigninURL) }}
error_page 401 = {{ buildAuthSignURL $location.ExternalAuth.SigninURL }}; error_page 401 = {{ buildAuthSignURL $location.ExternalAuth.SigninURL }};
{{ end }} {{ end }}
{{/* if the location contains a rate limit annotation, create one */}} {{/* if the location contains a rate limit annotation, create one */}}
{{ $limits := buildRateLimit $location }} {{ $limits := buildRateLimit $location }}
{{ range $limit := $limits }} {{ range $limit := $limits }}
{{ $limit }}{{ end }} {{ $limit }}{{ end }}
{{ if $location.BasicDigestAuth.Secured }} {{ if $location.BasicDigestAuth.Secured }}
{{ if eq $location.BasicDigestAuth.Type "basic" }} {{ if eq $location.BasicDigestAuth.Type "basic" }}
auth_basic "{{ $location.BasicDigestAuth.Realm }}"; auth_basic "{{ $location.BasicDigestAuth.Realm }}";
auth_basic_user_file {{ $location.BasicDigestAuth.File }}; auth_basic_user_file {{ $location.BasicDigestAuth.File }};
{{ else }} {{ else }}
auth_digest "{{ $location.BasicDigestAuth.Realm }}"; auth_digest "{{ $location.BasicDigestAuth.Realm }}";
auth_digest_user_file {{ $location.BasicDigestAuth.File }}; auth_digest_user_file {{ $location.BasicDigestAuth.File }};
{{ end }} {{ end }}
proxy_set_header Authorization ""; proxy_set_header Authorization "";
{{ end }} {{ end }}
{{ if $location.EnableCORS }} {{ if $location.EnableCORS }}
{{ template "CORS" }} {{ template "CORS" }}
{{ end }} {{ end }}
{{ if not (empty $location.Redirect.URL) }} {{ if not (empty $location.Redirect.URL) }}
if ($uri ~* {{ $path }}) { if ($uri ~* {{ $path }}) {
return {{ $location.Redirect.Code }} {{ $location.Redirect.URL }}; return {{ $location.Redirect.Code }} {{ $location.Redirect.URL }};
} }
{{ end }} {{ end }}
client_max_body_size "{{ $location.Proxy.BodySize }}"; client_max_body_size "{{ $location.Proxy.BodySize }}";
{{ if isValidClientBodyBufferSize $location.ClientBodyBufferSize }} {{ if isValidClientBodyBufferSize $location.ClientBodyBufferSize }}
client_body_buffer_size {{ $location.ClientBodyBufferSize }}; client_body_buffer_size {{ $location.ClientBodyBufferSize }};
{{ end }} {{ end }}
proxy_set_header Host $best_http_host; proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend # Pass the extracted client certificate to the backend
{{ if not (empty $server.CertificateAuth.CAFileName) }} {{ if not (empty $server.CertificateAuth.CAFileName) }}
proxy_set_header ssl-client-cert $ssl_client_cert; proxy_set_header ssl-client-cert $ssl_client_cert;
{{ end }} {{ end }}
# Allow websocket connections # Allow websocket connections
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $the_real_ip; proxy_set_header X-Real-IP $the_real_ip;
proxy_set_header X-Forwarded-For $the_real_ip; proxy_set_header X-Forwarded-For $the_real_ip;
proxy_set_header X-Forwarded-Host $best_http_host; proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port; proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme; proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme; proxy_set_header X-Scheme $pass_access_scheme;
# mitigate HTTPoxy Vulnerability # mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/ # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy ""; proxy_set_header Proxy "";
# Custom headers to proxied server # Custom headers to proxied server
{{ range $k, $v := $all.ProxySetHeaders }} {{ range $k, $v := $all.ProxySetHeaders }}
proxy_set_header {{ $k }} "{{ $v }}"; proxy_set_header {{ $k }} "{{ $v }}";
{{ end }} {{ end }}
proxy_connect_timeout {{ $location.Proxy.ConnectTimeout }}s; proxy_connect_timeout {{ $location.Proxy.ConnectTimeout }}s;
proxy_send_timeout {{ $location.Proxy.SendTimeout }}s; proxy_send_timeout {{ $location.Proxy.SendTimeout }}s;
proxy_read_timeout {{ $location.Proxy.ReadTimeout }}s; proxy_read_timeout {{ $location.Proxy.ReadTimeout }}s;
proxy_redirect off; proxy_redirect off;
proxy_buffering off; proxy_buffering off;
proxy_buffer_size "{{ $location.Proxy.BufferSize }}"; proxy_buffer_size "{{ $location.Proxy.BufferSize }}";
proxy_buffers 4 "{{ $location.Proxy.BufferSize }}"; proxy_buffers 4 "{{ $location.Proxy.BufferSize }}";
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_cookie_domain {{ $location.Proxy.CookieDomain }}; proxy_cookie_domain {{ $location.Proxy.CookieDomain }};
proxy_cookie_path {{ $location.Proxy.CookiePath }}; proxy_cookie_path {{ $location.Proxy.CookiePath }};
# In case of errors try the next upstream server before returning an error # In case of errors try the next upstream server before returning an error
proxy_next_upstream {{ buildNextUpstream $location.Proxy.NextUpstream }}{{ if $all.Cfg.RetryNonIdempotent }} non_idempotent{{ end }}; proxy_next_upstream {{ buildNextUpstream $location.Proxy.NextUpstream }}{{ if $all.Cfg.RetryNonIdempotent }} non_idempotent{{ end }};
{{/* rewrite only works if the content is not compressed */}} {{/* rewrite only works if the content is not compressed */}}
{{ if $location.Rewrite.AddBaseURL }} {{ if $location.Rewrite.AddBaseURL }}
proxy_set_header Accept-Encoding ""; proxy_set_header Accept-Encoding "";
{{ end }} {{ end }}
{{/* Add any additional configuration defined */}} {{/* Add any additional configuration defined */}}
{{ $location.ConfigurationSnippet }} {{ $location.ConfigurationSnippet }}
{{/* if we are sending the request to a custom default backend, we add the required headers */}} {{/* if we are sending the request to a custom default backend, we add the required headers */}}
{{ if (hasPrefix $location.Backend "custom-default-backend-") }} {{ if (hasPrefix $location.Backend "custom-default-backend-") }}
proxy_set_header X-Code 503; proxy_set_header X-Code 503;
proxy_set_header X-Format $http_accept; proxy_set_header X-Format $http_accept;
proxy_set_header X-Namespace $namespace; proxy_set_header X-Namespace $namespace;
proxy_set_header X-Ingress-Name $ingress_name; proxy_set_header X-Ingress-Name $ingress_name;
proxy_set_header X-Service-Name $service_name; proxy_set_header X-Service-Name $service_name;
{{ end }} {{ end }}
{{ buildProxyPass $server.Hostname $all.Backends $location }} {{ buildProxyPass $server.Hostname $all.Backends $location }}
{{ else }} {{ else }}
# Location denied. Reason: {{ $location.Denied }} # Location denied. Reason: {{ $location.Denied }}
return 503; return 503;
{{ end }} {{ end }}
} }
{{ end }} {{ end }}
{{ if eq $server.Hostname "_" }} {{ if eq $server.Hostname "_" }}
# health checks in cloud providers require the use of port {{ $all.ListenPorts.HTTP }} # health checks in cloud providers require the use of port {{ $all.ListenPorts.HTTP }}
location {{ $all.HealthzURI }} { location {{ $all.HealthzURI }} {
access_log off; access_log off;
return 200; return 200;
} }
# this is required to avoid error if nginx is being monitored # this is required to avoid error if nginx is being monitored
# with an external software (like sysdig) # with an external software (like sysdig)
location /nginx_status { location /nginx_status {
allow 127.0.0.1; allow 127.0.0.1;
{{ if $all.IsIPV6Enabled }}allow ::1;{{ end }} {{ if $all.IsIPV6Enabled }}allow ::1;{{ end }}
deny all; deny all;
access_log off; access_log off;
stub_status on; stub_status on;
} }
{{ end }} {{ end }}