Fix SSL Passthrough template issue and custom ports in redirect to HTTPS (#1870)
This commit is contained in:
Manuel Alejandro de Brito Fontes
GitHub
parent
2f202e5656
commit
da829748ec
3 changed files with 15 additions and 11 deletions
|
|
@ -476,6 +476,7 @@ func (n *NGINXController) getBackendServers(ingresses []*extensions.Ingress) ([]
|
|||
loc.Whitelist = anns.Whitelist
|
||||
loc.Denied = anns.Denied
|
||||
loc.XForwardedPrefix = anns.XForwardedPrefix
|
||||
loc.UsePortInRedirects = anns.UsePortInRedirects
|
||||
|
||||
if loc.Redirect.FromToWWW {
|
||||
server.RedirectFromToWWW = true
|
||||
|
|
@ -507,6 +508,7 @@ func (n *NGINXController) getBackendServers(ingresses []*extensions.Ingress) ([]
|
|||
Whitelist: anns.Whitelist,
|
||||
Denied: anns.Denied,
|
||||
XForwardedPrefix: anns.XForwardedPrefix,
|
||||
UsePortInRedirects: anns.UsePortInRedirects,
|
||||
}
|
||||
|
||||
if loc.Redirect.FromToWWW {
|
||||
|
|
@ -1219,9 +1221,12 @@ func (n *NGINXController) SetForceReload(shouldReload bool) {
|
|||
}
|
||||
|
||||
func (n *NGINXController) extractAnnotations(ing *extensions.Ingress) {
|
||||
glog.V(3).Infof("updating annotations information for ingress %v/%v", ing.Namespace, ing.Name)
|
||||
anns := n.annotations.Extract(ing)
|
||||
glog.V(3).Infof("updating annotations information for ingress %v/%v", anns.Namespace, anns.Name)
|
||||
n.listers.IngressAnnotation.Update(anns)
|
||||
err := n.listers.IngressAnnotation.Update(anns)
|
||||
if err != nil {
|
||||
glog.Errorf("unexpected error updating annotations information for ingress %v/%v: %v", anns.Namespace, anns.Name, err)
|
||||
}
|
||||
}
|
||||
|
||||
// getByIngress returns the parsed annotations from an Ingress
|
||||
|
|
|
|||
|
|
@ -234,8 +234,6 @@ type NGINXController struct {
|
|||
// returns true if proxy protocol es enabled
|
||||
IsProxyProtocolEnabled bool
|
||||
|
||||
isSSLPassthroughEnabled bool
|
||||
|
||||
isShuttingDown bool
|
||||
|
||||
Proxy *TCPProxy
|
||||
|
|
@ -490,7 +488,7 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
|
|||
})
|
||||
}
|
||||
|
||||
if n.isSSLPassthroughEnabled {
|
||||
if n.cfg.EnableSSLPassthrough {
|
||||
n.Proxy.ServerList = servers
|
||||
}
|
||||
|
||||
|
|
@ -636,7 +634,7 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
|
|||
Cfg: cfg,
|
||||
IsIPV6Enabled: n.isIPV6Enabled && !cfg.DisableIpv6,
|
||||
RedirectServers: redirectServers,
|
||||
IsSSLPassthroughEnabled: n.isSSLPassthroughEnabled,
|
||||
IsSSLPassthroughEnabled: n.cfg.EnableSSLPassthrough,
|
||||
ListenPorts: n.cfg.ListenPorts,
|
||||
PublishService: n.GetPublishService(),
|
||||
}
|
||||
|
|
|
|||
|
|
@ -214,7 +214,7 @@ http {
|
|||
}
|
||||
{{ else }}
|
||||
map $pass_server_port $pass_port {
|
||||
443 443;
|
||||
{{ $all.ListenPorts.HTTPS }} 443;
|
||||
default $pass_server_port;
|
||||
}
|
||||
{{ end }}
|
||||
|
|
@ -678,6 +678,8 @@ stream {
|
|||
{{ end }}
|
||||
|
||||
location {{ $path }} {
|
||||
port_in_redirect {{ if $location.UsePortInRedirects }}on{{ else }}off{{ end }};
|
||||
|
||||
{{ if $all.Cfg.EnableVtsStatus }}{{ if $location.VtsFilterKey }} vhost_traffic_status_filter_by_set_key {{ $location.VtsFilterKey }};{{ end }}{{ end }}
|
||||
|
||||
set $proxy_upstream_name "{{ buildUpstreamName $server.Hostname $all.Backends $location }}";
|
||||
|
|
@ -688,10 +690,11 @@ stream {
|
|||
set $ingress_name "{{ $ing.Rule }}";
|
||||
set $service_name "{{ $ing.Service }}";
|
||||
|
||||
{{/* redirect to HTTPS can be achieved forcing the redirect or having a SSL Certificate configured for the server */}}
|
||||
{{ if (or $location.Rewrite.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Rewrite.SSLRedirect)) }}
|
||||
# enforce ssl on server side
|
||||
if ($redirect_to_https) {
|
||||
{{ if ne $all.ListenPorts.HTTPS 443 }}
|
||||
{{ if $location.UsePortInRedirects }}
|
||||
{{ $redirect_port := (printf ":%v" $all.ListenPorts.HTTPS) }}
|
||||
return {{ $all.Cfg.HTTPRedirectCode }} https://$best_http_host{{ $redirect_port }}$request_uri;
|
||||
{{ else }}
|
||||
|
|
@ -716,8 +719,6 @@ stream {
|
|||
}
|
||||
{{ end }}
|
||||
|
||||
port_in_redirect {{ if $location.UsePortInRedirects }}on{{ else }}off{{ end }};
|
||||
|
||||
{{ if not (empty $authPath) }}
|
||||
# this location requires authentication
|
||||
auth_request {{ $authPath }};
|
||||
|
|
|
|||
Loading…
Reference in a new issue