Merge
This commit is contained in:
Manuel de Brito Fontes
parent
580a5c0be2
commit
bff25d04b0
3 changed files with 39 additions and 22 deletions
|
|
@ -312,13 +312,13 @@ func buildProxyPass(host string, b interface{}, loc interface{}) string {
|
||||||
rewrite %s(.*) /$1 break;
|
rewrite %s(.*) /$1 break;
|
||||||
rewrite %s / break;
|
rewrite %s / break;
|
||||||
proxy_pass %s://%s;
|
proxy_pass %s://%s;
|
||||||
%v`, path, location.Path, proto, location.Backend, abu)
|
%v`, path, location.Path, proto, upstreamName, abu)
|
||||||
}
|
}
|
||||||
|
|
||||||
return fmt.Sprintf(`
|
return fmt.Sprintf(`
|
||||||
rewrite %s(.*) %s/$1 break;
|
rewrite %s(.*) %s/$1 break;
|
||||||
proxy_pass %s://%s;
|
proxy_pass %s://%s;
|
||||||
%v`, path, location.Rewrite.Target, proto, location.Backend, abu)
|
%v`, path, location.Rewrite.Target, proto, upstreamName, abu)
|
||||||
}
|
}
|
||||||
|
|
||||||
// default proxy_pass
|
// default proxy_pass
|
||||||
|
|
@ -404,6 +404,18 @@ func buildRateLimit(input interface{}) []string {
|
||||||
limits = append(limits, limit)
|
limits = append(limits, limit)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if loc.RateLimit.LimitRateAfter > 0 {
|
||||||
|
limit := fmt.Sprintf("limit_rate_after %vk;",
|
||||||
|
loc.RateLimit.LimitRateAfter)
|
||||||
|
limits = append(limits, limit)
|
||||||
|
}
|
||||||
|
|
||||||
|
if loc.RateLimit.LimitRate > 0 {
|
||||||
|
limit := fmt.Sprintf("limit_rate %vk;",
|
||||||
|
loc.RateLimit.LimitRate)
|
||||||
|
limits = append(limits, limit)
|
||||||
|
}
|
||||||
|
|
||||||
return limits
|
return limits
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -26,18 +26,15 @@ events {
|
||||||
http {
|
http {
|
||||||
{{/* we use the value of the header X-Forwarded-For to be able to use the geo_ip module */}}
|
{{/* we use the value of the header X-Forwarded-For to be able to use the geo_ip module */}}
|
||||||
{{ if $cfg.UseProxyProtocol }}
|
{{ if $cfg.UseProxyProtocol }}
|
||||||
{{ range $trusted_ip := $cfg.ProxyRealIPCIDR }}
|
|
||||||
set_real_ip_from {{ $trusted_ip }};
|
|
||||||
{{ end }}
|
|
||||||
real_ip_header proxy_protocol;
|
real_ip_header proxy_protocol;
|
||||||
{{ else }}
|
{{ else }}
|
||||||
{{ range $trusted_ip := $cfg.ProxyRealIPCIDR }}
|
|
||||||
set_real_ip_from {{ $trusted_ip }};
|
|
||||||
{{ end }}
|
|
||||||
real_ip_header X-Forwarded-For;
|
real_ip_header X-Forwarded-For;
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
real_ip_recursive on;
|
real_ip_recursive on;
|
||||||
|
{{ range $trusted_ip := $cfg.ProxyRealIPCIDR }}
|
||||||
|
set_real_ip_from {{ $trusted_ip }};
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
{{/* databases used to determine the country depending on the client IP address */}}
|
{{/* databases used to determine the country depending on the client IP address */}}
|
||||||
{{/* http://nginx.org/en/docs/http/ngx_http_geoip_module.html */}}
|
{{/* http://nginx.org/en/docs/http/ngx_http_geoip_module.html */}}
|
||||||
|
|
@ -155,7 +152,7 @@ http {
|
||||||
{{ else }}
|
{{ else }}
|
||||||
map $http_x_forwarded_for $the_real_ip {
|
map $http_x_forwarded_for $the_real_ip {
|
||||||
default $http_x_forwarded_for;
|
default $http_x_forwarded_for;
|
||||||
'' $remote_addr;
|
'' $realip_remote_addr;
|
||||||
}
|
}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
|
|
@ -327,15 +324,15 @@ http {
|
||||||
ssl_verify_depth {{ $location.CertificateAuth.ValidationDepth }};
|
ssl_verify_depth {{ $location.CertificateAuth.ValidationDepth }};
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
{{ if not (empty $location.Redirect.URL) }}
|
{{ if not (empty $location.Redirect.URL) }}
|
||||||
location {{ $path }} {
|
location {{ $path }} {
|
||||||
return {{ $location.Redirect.Code }} {{ $location.Redirect.URL }};
|
return {{ $location.Redirect.Code }} {{ $location.Redirect.URL }};
|
||||||
}
|
}
|
||||||
{{ else }}
|
{{ else }}
|
||||||
|
|
||||||
{{ if not (empty $location.Rewrite.AppRoot) }}
|
{{ if not (empty $location.Redirect.AppRoot)}}
|
||||||
if ($uri = /) {
|
if ($uri = /) {
|
||||||
return 302 {{ $location.Rewrite.AppRoot }};
|
return 302 {{ $location.Redirect.AppRoot }};
|
||||||
}
|
}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
|
|
@ -359,7 +356,6 @@ http {
|
||||||
|
|
||||||
client_max_body_size "{{ $location.Proxy.BodySize }}";
|
client_max_body_size "{{ $location.Proxy.BodySize }}";
|
||||||
|
|
||||||
|
|
||||||
set $target {{ $location.ExternalAuth.URL }};
|
set $target {{ $location.ExternalAuth.URL }};
|
||||||
proxy_pass $target;
|
proxy_pass $target;
|
||||||
}
|
}
|
||||||
|
|
@ -387,13 +383,15 @@ http {
|
||||||
{{ if not (empty $authPath) }}
|
{{ if not (empty $authPath) }}
|
||||||
# this location requires authentication
|
# this location requires authentication
|
||||||
auth_request {{ $authPath }};
|
auth_request {{ $authPath }};
|
||||||
|
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
||||||
|
add_header Set-Cookie $auth_cookie;
|
||||||
{{- range $idx, $line := buildAuthResponseHeaders $location }}
|
{{- range $idx, $line := buildAuthResponseHeaders $location }}
|
||||||
{{ $line }}
|
{{ $line }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
{{ if not (empty $location.ExternalAuth.SigninURL) }}
|
{{ if not (empty $location.ExternalAuth.SigninURL) }}
|
||||||
error_page 401 = {{ $location.ExternalAuth.SigninURL }};
|
error_page 401 = {{ $location.ExternalAuth.SigninURL }}?rd=$request_uri;
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -465,7 +463,7 @@ http {
|
||||||
proxy_next_upstream {{ buildNextUpstream $location.Proxy.NextUpstream }}{{ if $cfg.RetryNonIdempotent }} non_idempotent{{ end }};
|
proxy_next_upstream {{ buildNextUpstream $location.Proxy.NextUpstream }}{{ if $cfg.RetryNonIdempotent }} non_idempotent{{ end }};
|
||||||
|
|
||||||
{{/* rewrite only works if the content is not compressed */}}
|
{{/* rewrite only works if the content is not compressed */}}
|
||||||
{{ if $location.Rewrite.AddBaseURL }}
|
{{ if $location.Redirect.AddBaseURL }}
|
||||||
proxy_set_header Accept-Encoding "";
|
proxy_set_header Accept-Encoding "";
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
|
|
@ -479,7 +477,6 @@ http {
|
||||||
{{ end }}
|
{{ end }}
|
||||||
}
|
}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{ end }}
|
|
||||||
|
|
||||||
{{ if eq $server.Hostname "_" }}
|
{{ if eq $server.Hostname "_" }}
|
||||||
# health checks in cloud providers require the use of port 80
|
# health checks in cloud providers require the use of port 80
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ package controller
|
||||||
import (
|
import (
|
||||||
"github.com/golang/glog"
|
"github.com/golang/glog"
|
||||||
extensions "k8s.io/api/extensions/v1beta1"
|
extensions "k8s.io/api/extensions/v1beta1"
|
||||||
|
"k8s.io/ingress/core/pkg/ingress/annotations/alias"
|
||||||
"k8s.io/ingress/core/pkg/ingress/annotations/auth"
|
"k8s.io/ingress/core/pkg/ingress/annotations/auth"
|
||||||
"k8s.io/ingress/core/pkg/ingress/annotations/authreq"
|
"k8s.io/ingress/core/pkg/ingress/annotations/authreq"
|
||||||
"k8s.io/ingress/core/pkg/ingress/annotations/authtls"
|
"k8s.io/ingress/core/pkg/ingress/annotations/authtls"
|
||||||
|
|
@ -63,14 +64,15 @@ func newAnnotationExtractor(cfg extractorConfig) annotationExtractor {
|
||||||
"Whitelist": ipwhitelist.NewParser(cfg),
|
"Whitelist": ipwhitelist.NewParser(cfg),
|
||||||
"UsePortInRedirects": portinredirect.NewParser(cfg),
|
"UsePortInRedirects": portinredirect.NewParser(cfg),
|
||||||
"Proxy": proxy.NewParser(cfg),
|
"Proxy": proxy.NewParser(cfg),
|
||||||
"RateLimit": ratelimit.NewParser(),
|
"RateLimit": ratelimit.NewParser(cfg),
|
||||||
"Redirect": redirect.NewParser(),
|
"Redirect": redirect.NewParser(cfg),
|
||||||
"Rewrite": rewrite.NewParser(cfg),
|
"Rewrite": rewrite.NewParser(cfg),
|
||||||
"SecureUpstream": secureupstream.NewParser(cfg),
|
"SecureUpstream": secureupstream.NewParser(cfg),
|
||||||
"ServiceUpstream": serviceupstream.NewParser(),
|
"ServiceUpstream": serviceupstream.NewParser(),
|
||||||
"SessionAffinity": sessionaffinity.NewParser(),
|
"SessionAffinity": sessionaffinity.NewParser(),
|
||||||
"SSLPassthrough": sslpassthrough.NewParser(),
|
"SSLPassthrough": sslpassthrough.NewParser(),
|
||||||
"ConfigurationSnippet": snippet.NewParser(),
|
"ConfigurationSnippet": snippet.NewParser(),
|
||||||
|
"Alias": alias.NewParser(),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -109,6 +111,7 @@ const (
|
||||||
sslPassthrough = "SSLPassthrough"
|
sslPassthrough = "SSLPassthrough"
|
||||||
sessionAffinity = "SessionAffinity"
|
sessionAffinity = "SessionAffinity"
|
||||||
serviceUpstream = "ServiceUpstream"
|
serviceUpstream = "ServiceUpstream"
|
||||||
|
serverAlias = "Alias"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (e *annotationExtractor) ServiceUpstream(ing *extensions.Ingress) bool {
|
func (e *annotationExtractor) ServiceUpstream(ing *extensions.Ingress) bool {
|
||||||
|
|
@ -135,6 +138,11 @@ func (e *annotationExtractor) SSLPassthrough(ing *extensions.Ingress) bool {
|
||||||
return val.(bool)
|
return val.(bool)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (e *annotationExtractor) Alias(ing *extensions.Ingress) string {
|
||||||
|
val, _ := e.annotations[serverAlias].Parse(ing)
|
||||||
|
return val.(string)
|
||||||
|
}
|
||||||
|
|
||||||
func (e *annotationExtractor) SessionAffinity(ing *extensions.Ingress) *sessionaffinity.AffinityConfig {
|
func (e *annotationExtractor) SessionAffinity(ing *extensions.Ingress) *sessionaffinity.AffinityConfig {
|
||||||
val, _ := e.annotations[sessionAffinity].Parse(ing)
|
val, _ := e.annotations[sessionAffinity].Parse(ing)
|
||||||
return val.(*sessionaffinity.AffinityConfig)
|
return val.(*sessionaffinity.AffinityConfig)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue