Fix the stream socket

internal/ingress/controller/nginx.go

@@ -431,7 +431,6 @@ func (n *NGINXController) DefaultEndpoint() ingress.Endpoint {
 //
 //nolint:gocritic // the cfg shouldn't be changed, and shouldn't be mutated by other processes while being rendered.
 func (n *NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressCfg ingress.Configuration) ([]byte, error) {
-
 	// NGINX cannot resize the hash tables used to store server names. For
 	// this reason we check if the current size is correct for the host
 	// names defined in the Ingress rules and adjust the value if
@@ -715,10 +714,12 @@ func nextPowerOf2(v int) int {
 }
 
 // TODO: Move to the right place
-type PassthroughConfig map[string]PassthrougBackend
-type PassthrougBackend struct {
-	Endpoint string `json:"endpoint,omitempty"`
-}
+type (
+	PassthroughConfig map[string]PassthrougBackend
+	PassthrougBackend struct {
+		Endpoint string `json:"endpoint,omitempty"`
+	}
+)
 
 func configurePassthroughBackends(backends []*ingress.SSLPassthroughBackend) error {
 	configPassthrough := make(PassthroughConfig)
@@ -754,13 +755,11 @@ func configurePassthroughBackends(backends []*ingress.SSLPassthroughBackend) err
 		return fmt.Errorf("error configuring passthrough: %s %v", status, err)
 	}
 	return nil
-
 }
 
 // configureDynamically encodes new Backends in JSON format and POSTs the
 // payload to an internal HTTP endpoint handled by Lua.
 func (n *NGINXController) configureDynamically(pcfg *ingress.Configuration) error {
-
 	if n.cfg.EnableSSLPassthrough {
 		if err := configurePassthroughBackends(pcfg.PassthroughBackends); err != nil {
 			return err

internal/nginx/main.go

@@ -107,7 +107,6 @@ func NewPostStatusRequest(path, contentType string, data interface{}) (statusCod
 
 // TODO: Turn port configurable
 func NewPassthroughConfigRequest(data interface{}) (status string, err error) {
-
 	buf, err := json.Marshal(data)
 	if err != nil {
 		return "NOK", err
@@ -130,9 +129,9 @@ func NewPassthroughConfigRequest(data interface{}) (status string, err error) {
 		return "NOK", err
 	}
 
-    if strings.Contains(string(reply), "NOK") {
-        return "NOK", fmt.Errorf("fail to reconfigure dynamically")
-    }
+	if strings.Contains(string(reply), "NOK") {
+		return "NOK", fmt.Errorf("fail to reconfigure dynamically")
+	}
 	return "OK", nil
 }
 

rootfs/Dockerfile

@@ -52,6 +52,7 @@ RUN bash -xeu -c ' \
     /etc/ingress-controller \
     /etc/ingress-controller/ssl \
     /etc/ingress-controller/auth \
+    /var/run/nginx \
     /var/log \
     /var/log/nginx \
     /tmp/nginx \

rootfs/etc/nginx/njs/passthrough.js

@@ -90,7 +90,7 @@ function configureWithData(configdata, s) {
     }
 }
 
-const PROXYSOCKET="unix:/var/run/nginxstreamproxy.sock";
+const PROXYSOCKET="unix:/var/run/nginx/streamproxy.sock";
 // getBackend fetches the backend given a hostname sent via SNI
 function getBackend(s) {
     try {

rootfs/etc/nginx/template/nginx.tmpl

@@ -851,7 +851,7 @@ stream {
     # This server is here just for proxy protocol enabled passthroughs
     server {
         ssl_preread on;
-        listen unix:/var/run/nginxstreamproxy.sock;
+        listen unix:/var/run/nginx/streamproxy.sock;
         js_set $proxyupstream passthrough.getProxiedBackend;
         proxy_pass $proxyupstream;
         proxy_protocol on;