From 6ead83512e67815c7f30187c98405c9b0fabc67f Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Thu, 19 May 2016 16:11:51 -0300 Subject: [PATCH 1/3] Revert redirect to ssl --- echoheaders/Dockerfile | 2 +- echoheaders/Makefile | 2 +- echoheaders/README.md | 1 + echoheaders/echo-app.yaml | 2 +- echoheaders/nginx.conf | 3 --- 5 files changed, 4 insertions(+), 6 deletions(-) diff --git a/echoheaders/Dockerfile b/echoheaders/Dockerfile index 2f320ab06..fd3b042f0 100644 --- a/echoheaders/Dockerfile +++ b/echoheaders/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM gcr.io/google_containers/nginx-slim:0.3 +FROM gcr.io/google_containers/nginx-slim:0.6 MAINTAINER Prashanth B ADD nginx.conf /etc/nginx/nginx.conf ADD README.md README.md diff --git a/echoheaders/Makefile b/echoheaders/Makefile index e51fdeea1..760e56ea6 100644 --- a/echoheaders/Makefile +++ b/echoheaders/Makefile @@ -1,7 +1,7 @@ all: push # TAG 0.0 shouldn't clobber any release builds -TAG = 1.3 +TAG = 1.4 PREFIX = gcr.io/google_containers/echoserver container: diff --git a/echoheaders/README.md b/echoheaders/README.md index b9cc0c54f..84349a235 100644 --- a/echoheaders/README.md +++ b/echoheaders/README.md @@ -1,6 +1,7 @@ # Echoserver This is a simple server that responds with the http headers it received. +Image versions >= 1.4 removes the redirect introduced in 1.3. Image versions >= 1.3 redirect requests on :80 with `X-Forwarded-Proto: http` to :443. Image versions > 1.0 run an nginx server, and implement the echoserver using lua in the nginx config. Image versions <= 1.0 run a python http server instead of nginx, and don't redirect any requests. diff --git a/echoheaders/echo-app.yaml b/echoheaders/echo-app.yaml index c4d357bf9..9c5a8b94a 100644 --- a/echoheaders/echo-app.yaml +++ b/echoheaders/echo-app.yaml @@ -27,6 +27,6 @@ spec: spec: containers: - name: echoheaders - image: gcr.io/google_containers/echoserver:1.3 + image: gcr.io/google_containers/echoserver:1.4 ports: - containerPort: 8080 diff --git a/echoheaders/nginx.conf b/echoheaders/nginx.conf index 5ce215a4b..0d663510c 100644 --- a/echoheaders/nginx.conf +++ b/echoheaders/nginx.conf @@ -17,9 +17,6 @@ http { # Replace '_' with your hostname. server_name _; - if ($http_x_forwarded_proto = "http") { - return 301 https://$host$request_uri; - } location / { lua_need_request_body on; From 076de3e8a7b1e2bac72eae81b38af240821a4717 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Thu, 19 May 2016 16:13:10 -0300 Subject: [PATCH 2/3] Update references to 1.3 --- controllers/nginx/README.md | 2 +- controllers/nginx/examples/README.md | 2 +- controllers/nginx/examples/multi-tls/multi-tls.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/controllers/nginx/README.md b/controllers/nginx/README.md index a0f9b7069..d69f53131 100644 --- a/controllers/nginx/README.md +++ b/controllers/nginx/README.md @@ -46,7 +46,7 @@ $ kubectl create -f examples/default/rc-default.yaml First we need to deploy some application to publish. To keep this simple we will use the [echoheaders app](https://github.com/kubernetes/contrib/blob/master/ingress/echoheaders/echo-app.yaml) that just returns information about the http request as output ``` -kubectl run echoheaders --image=gcr.io/google_containers/echoserver:1.3 --replicas=1 --port=8080 +kubectl run echoheaders --image=gcr.io/google_containers/echoserver:1.4 --replicas=1 --port=8080 ``` Now we expose the same application in two different services (so we can create different Ingress rules) diff --git a/controllers/nginx/examples/README.md b/controllers/nginx/examples/README.md index 30348b639..9ca7f024c 100644 --- a/controllers/nginx/examples/README.md +++ b/controllers/nginx/examples/README.md @@ -2,7 +2,7 @@ All the examples references the services `echoheaders-x` and `echoheaders-y` ``` -kubectl run echoheaders --image=gcr.io/google_containers/echoserver:1.3 --replicas=1 --port=8080 +kubectl run echoheaders --image=gcr.io/google_containers/echoserver:1.4 --replicas=1 --port=8080 kubectl expose deployment echoheaders --port=80 --target-port=8080 --name=echoheaders-x kubectl expose deployment echoheaders --port=80 --target-port=8080 --name=echoheaders-x ``` diff --git a/controllers/nginx/examples/multi-tls/multi-tls.yaml b/controllers/nginx/examples/multi-tls/multi-tls.yaml index ace26fab2..c23f3a193 100644 --- a/controllers/nginx/examples/multi-tls/multi-tls.yaml +++ b/controllers/nginx/examples/multi-tls/multi-tls.yaml @@ -58,7 +58,7 @@ spec: spec: containers: - name: echoheaders - image: gcr.io/google_containers/echoserver:1.3 + image: gcr.io/google_containers/echoserver:1.4 ports: - containerPort: 8080 --- From 78786009817f93e9fe314cc27da4fe373c1c0bc4 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Thu, 19 May 2016 21:30:04 -0300 Subject: [PATCH 3/3] Add image with redirect --- echoheaders-redirect/Dockerfile | 18 ++++++++++ echoheaders-redirect/Makefile | 11 ++++++ echoheaders-redirect/README.md | 6 ++++ echoheaders-redirect/echo-app.yaml | 32 +++++++++++++++++ echoheaders-redirect/nginx.conf | 57 ++++++++++++++++++++++++++++++ 5 files changed, 124 insertions(+) create mode 100644 echoheaders-redirect/Dockerfile create mode 100644 echoheaders-redirect/Makefile create mode 100644 echoheaders-redirect/README.md create mode 100644 echoheaders-redirect/echo-app.yaml create mode 100644 echoheaders-redirect/nginx.conf diff --git a/echoheaders-redirect/Dockerfile b/echoheaders-redirect/Dockerfile new file mode 100644 index 000000000..fd3b042f0 --- /dev/null +++ b/echoheaders-redirect/Dockerfile @@ -0,0 +1,18 @@ +# Copyright 2015 The Kubernetes Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/google_containers/nginx-slim:0.6 +MAINTAINER Prashanth B +ADD nginx.conf /etc/nginx/nginx.conf +ADD README.md README.md diff --git a/echoheaders-redirect/Makefile b/echoheaders-redirect/Makefile new file mode 100644 index 000000000..d6b347ec2 --- /dev/null +++ b/echoheaders-redirect/Makefile @@ -0,0 +1,11 @@ +all: push + +# TAG 0.0 shouldn't clobber any release builds +TAG = 1.3 +PREFIX = gcr.io/google_containers/echoserver-redirect + +container: + docker build -t $(PREFIX):$(TAG) . + +push: container + gcloud docker push $(PREFIX):$(TAG) diff --git a/echoheaders-redirect/README.md b/echoheaders-redirect/README.md new file mode 100644 index 000000000..0f1712e11 --- /dev/null +++ b/echoheaders-redirect/README.md @@ -0,0 +1,6 @@ +# Echoserver - forked from echoheaders-1.3 + +This is a simple server that responds with the http headers it received. +Image versions >= 1.3 redirect requests on :80 with `X-Forwarded-Proto: http` to :443. +Image versions > 1.0 run an nginx server, and implement the echoserver using lua in the nginx config. +Image versions <= 1.0 run a python http server instead of nginx, and don't redirect any requests. diff --git a/echoheaders-redirect/echo-app.yaml b/echoheaders-redirect/echo-app.yaml new file mode 100644 index 000000000..70d55cda8 --- /dev/null +++ b/echoheaders-redirect/echo-app.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Service +metadata: + name: echoheaders + labels: + app: echoheaders +spec: + type: NodePort + ports: + - port: 80 + targetPort: 8080 + protocol: TCP + name: http + selector: + app: echoheaders +--- +apiVersion: v1 +kind: ReplicationController +metadata: + name: echoheaders +spec: + replicas: 1 + template: + metadata: + labels: + app: echoheaders + spec: + containers: + - name: echoheaders + image: gcr.io/google_containers/echoserver-redirect:1.3 + ports: + - containerPort: 8080 diff --git a/echoheaders-redirect/nginx.conf b/echoheaders-redirect/nginx.conf new file mode 100644 index 000000000..ecb1c3cd5 --- /dev/null +++ b/echoheaders-redirect/nginx.conf @@ -0,0 +1,57 @@ +events { + worker_connections 1024; +} + +http { + default_type 'text/plain'; + # maximum allowed size of the client request body. By default this is 1m. + # Request with bigger bodies nginx will return error code 413. + # http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size + client_max_body_size 10m; + + server { + # please check the benefits of reuseport https://www.nginx.com/blog/socket-sharding-nginx-release-1-9-1 + # basically instructs to create an individual listening socket for each worker process (using the SO_REUSEPORT + # socket option), allowing a kernel to distribute incoming connections between worker processes. + listen 8080 default_server reuseport; + + # Replace '_' with your hostname. + server_name _; + if ($http_x_forwarded_proto = "http") { + return 301 https://$host$request_uri; + } + + location / { + lua_need_request_body on; + content_by_lua_block { + ngx.say("CLIENT VALUES:") + ngx.say("client_address=", ngx.var.remote_addr) + ngx.say("command=", ngx.req.get_method()) + ngx.say("real path=", ngx.var.request_uri) + ngx.say("query=", ngx.var.query_string) + ngx.say("request_version=", ngx.req.http_version()) + ngx.say("request_uri=", ngx.var.scheme.."://"..ngx.var.host..":"..ngx.var.server_port..ngx.var.request_uri) + ngx.say("") + + ngx.say("SERVER VALUES:") + ngx.say("server_version=", "nginx: "..ngx.var.nginx_version.." - lua: "..ngx.config.ngx_lua_version) + ngx.say("") + + ngx.say("HEADERS RECEIVED:") + local headers = ngx.req.get_headers() + local keys = {} + for key, val in pairs(headers) do + table.insert(keys, key) + end + + table.sort(keys) + for i, key in ipairs(keys) do + ngx.say(key, "=", headers[key]) + end + + ngx.say("BODY:") + ngx.print(ngx.var.request_body or "-no body in request-") + } + } + } +}