diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index 8cda23345..4e5510a4c 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -431,7 +431,6 @@ func (n *NGINXController) DefaultEndpoint() ingress.Endpoint { // //nolint:gocritic // the cfg shouldn't be changed, and shouldn't be mutated by other processes while being rendered. func (n *NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressCfg ingress.Configuration) ([]byte, error) { - // NGINX cannot resize the hash tables used to store server names. For // this reason we check if the current size is correct for the host // names defined in the Ingress rules and adjust the value if @@ -715,10 +714,12 @@ func nextPowerOf2(v int) int { } // TODO: Move to the right place -type PassthroughConfig map[string]PassthrougBackend -type PassthrougBackend struct { - Endpoint string `json:"endpoint,omitempty"` -} +type ( + PassthroughConfig map[string]PassthrougBackend + PassthrougBackend struct { + Endpoint string `json:"endpoint,omitempty"` + } +) func configurePassthroughBackends(backends []*ingress.SSLPassthroughBackend) error { configPassthrough := make(PassthroughConfig) @@ -754,13 +755,11 @@ func configurePassthroughBackends(backends []*ingress.SSLPassthroughBackend) err return fmt.Errorf("error configuring passthrough: %s %v", status, err) } return nil - } // configureDynamically encodes new Backends in JSON format and POSTs the // payload to an internal HTTP endpoint handled by Lua. func (n *NGINXController) configureDynamically(pcfg *ingress.Configuration) error { - if n.cfg.EnableSSLPassthrough { if err := configurePassthroughBackends(pcfg.PassthroughBackends); err != nil { return err diff --git a/internal/nginx/main.go b/internal/nginx/main.go index 1502ab4da..85ca3d146 100644 --- a/internal/nginx/main.go +++ b/internal/nginx/main.go @@ -107,7 +107,6 @@ func NewPostStatusRequest(path, contentType string, data interface{}) (statusCod // TODO: Turn port configurable func NewPassthroughConfigRequest(data interface{}) (status string, err error) { - buf, err := json.Marshal(data) if err != nil { return "NOK", err @@ -130,9 +129,9 @@ func NewPassthroughConfigRequest(data interface{}) (status string, err error) { return "NOK", err } - if strings.Contains(string(reply), "NOK") { - return "NOK", fmt.Errorf("fail to reconfigure dynamically") - } + if strings.Contains(string(reply), "NOK") { + return "NOK", fmt.Errorf("fail to reconfigure dynamically") + } return "OK", nil } diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index 75cf3fc65..d74d3d182 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -52,6 +52,7 @@ RUN bash -xeu -c ' \ /etc/ingress-controller \ /etc/ingress-controller/ssl \ /etc/ingress-controller/auth \ + /var/run/nginx \ /var/log \ /var/log/nginx \ /tmp/nginx \ diff --git a/rootfs/etc/nginx/njs/passthrough.js b/rootfs/etc/nginx/njs/passthrough.js index 9239a8637..157058131 100644 --- a/rootfs/etc/nginx/njs/passthrough.js +++ b/rootfs/etc/nginx/njs/passthrough.js @@ -90,7 +90,7 @@ function configureWithData(configdata, s) { } } -const PROXYSOCKET="unix:/var/run/nginxstreamproxy.sock"; +const PROXYSOCKET="unix:/var/run/nginx/streamproxy.sock"; // getBackend fetches the backend given a hostname sent via SNI function getBackend(s) { try { diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 68a6c8323..be750291f 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -851,7 +851,7 @@ stream { # This server is here just for proxy protocol enabled passthroughs server { ssl_preread on; - listen unix:/var/run/nginxstreamproxy.sock; + listen unix:/var/run/nginx/streamproxy.sock; js_set $proxyupstream passthrough.getProxiedBackend; proxy_pass $proxyupstream; proxy_protocol on;