From 7f73916715842041f6e78c7e755cc73275c36234 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Tue, 7 Mar 2017 19:45:54 -0300 Subject: [PATCH 1/3] External auth method is optional --- core/pkg/ingress/annotations/authreq/main.go | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/core/pkg/ingress/annotations/authreq/main.go b/core/pkg/ingress/annotations/authreq/main.go index 31c208507..560a73868 100644 --- a/core/pkg/ingress/annotations/authreq/main.go +++ b/core/pkg/ingress/annotations/authreq/main.go @@ -92,11 +92,7 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) { return nil, ing_errors.NewLocationDenied("invalid url host") } - m, err := parser.GetStringAnnotation(authMethod, ing) - if err != nil { - return nil, err - } - + m, _ := parser.GetStringAnnotation(authMethod, ing) if len(m) != 0 && !validMethod(m) { return nil, ing_errors.NewLocationDenied("invalid HTTP method") } From bebd596b3fef42bef3b950970aa49ee6b4ede0fb Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Tue, 7 Mar 2017 19:50:24 -0300 Subject: [PATCH 2/3] Listen customization must be done just in one place --- controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 295117e70..2c97eb18b 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -208,10 +208,10 @@ http { {{ range $index, $server := .Servers }} server { server_name {{ $server.Hostname }}; - listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $index 0 }} ipv6only=off{{end}}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}}; + listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server ipv6only=off reuseport backlog={{ $backlogSize }}{{end}}; {{/* Listen on 442 because port 443 is used in the stream section */}} {{/* This listen on port 442 cannot contains proxy_protocol directive because port 443 is in charge of decoding the protocol */}} - {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}[::]:443 {{ if $cfg.UseProxyProtocol }} proxy_protocol {{ end }}{{ end }} {{ if eq $index 0 }} ipv6only=off{{end}} {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }}; + {{ if not (empty $server.SSLCertificate) }}listen {{ if gt (len $passthroughBackends) 0 }}442{{ else }}[::]:443 {{ if $cfg.UseProxyProtocol }} proxy_protocol {{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server ipv6only=off reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }}; {{/* comment PEM sha is required to detect changes in the generated configuration and force a reload */}} # PEM sha: {{ $server.SSLPemChecksum }} ssl_certificate {{ $server.SSLCertificate }}; From 9ed7bc6ad1aaba708eaa3b9b0c99f0c15e9a93d8 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Tue, 7 Mar 2017 20:07:43 -0300 Subject: [PATCH 3/3] Remove special check in sort server by name --- core/pkg/ingress/sort_ingress.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/core/pkg/ingress/sort_ingress.go b/core/pkg/ingress/sort_ingress.go index 621b95232..cc5f2d76d 100644 --- a/core/pkg/ingress/sort_ingress.go +++ b/core/pkg/ingress/sort_ingress.go @@ -54,10 +54,6 @@ type ServerByName []*Server func (c ServerByName) Len() int { return len(c) } func (c ServerByName) Swap(i, j int) { c[i], c[j] = c[j], c[i] } func (c ServerByName) Less(i, j int) bool { - // special case for catch all server - if c[j].Hostname == "_" { - return false - } return c[i].Hostname < c[j].Hostname }