DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
Travis Bot 2019-07-22 14:01:48 +00:00
parent 75893db35d
commit ef0ffb3c5e
7 changed files with 125 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
search/search_index.json
View file

File diff suppressed because one or more lines are too long

96
sitemap.xml
View file

@ -2,242 +2,242 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2019-07-12</lastmod>
<lastmod>2019-07-22</lastmod>
<changefreq>daily</changefreq>
</url>
</urlset>

BIN
sitemap.xml.gz
View file

Binary file not shown.

4
user-guide/cli-arguments/index.html
View file

@ -1301,10 +1301,6 @@
<td>Namespace the controller watches for updates to Kubernetes objects. This includes Ingresses, Services and all configuration resources. All namespaces are watched if this parameter is left empty.</td>
</tr>
<tr>
<td><code class="codehilite">--disable-catch-all</code></td>
<td>Disable support for catch-all Ingresses.</td>
</tr>
<tr>
<td><code class="codehilite">--validating-webhook</code></td>
<td>The address to start an admission controller on</td>
</tr>

40
user-guide/nginx-configuration/annotations/index.html
View file

@ -1960,6 +1960,14 @@ table below.</p>
<td>string</td>
</tr>
<tr>
<td><a href="#external-authentication">nginx.ingress.kubernetes.io/auth-cache-key</a></td>
<td>string</td>
</tr>
<tr>
<td><a href="#external-authentication">nginx.ingress.kubernetes.io/auth-cache-duration</a></td>
<td>string</td>
</tr>
<tr>
<td><a href="#external-authentication">nginx.ingress.kubernetes.io/auth-snippet</a></td>
<td>string</td>
</tr>
@ -2287,17 +2295,17 @@ table below.</p>
<p><code class="codehilite">nginx.ingress.kubernetes.io/canary-by-header-value</code>: The header value to match for notifying the Ingress to route the request to the service specified in the Canary Ingress. When the request header is set to this value, it will be routed to the canary. For any other header value, the header will be ignored and the request compared against the other canary rules by precedence. This annotation has to be used together with . The annotation is an extension of the <code class="codehilite">nginx.ingress.kubernetes.io/canary-by-header</code> to allow customizing the header value instead of using hardcoded values. It doesn't have any effect if the <code class="codehilite">nginx.ingress.kubernetes.io/canary-by-header</code> annotation is not defined.</p>
</li>
<li>
<p><code class="codehilite">nginx.ingress.kubernetes.io/canary-by-cookie</code>: The cookie to use for notifying the Ingress to route the request to the service specified in the Canary Ingress. When the cookie value is set to <code class="codehilite">always</code>, it will be routed to the canary. When the cookie is set to <code class="codehilite">never</code>, it will never be routed to the canary. For any other value, the cookie will be ignored and the request compared against the other canary rules by precedence. </p>
<p><code class="codehilite">nginx.ingress.kubernetes.io/canary-by-cookie</code>: The cookie to use for notifying the Ingress to route the request to the service specified in the Canary Ingress. When the cookie value is set to <code class="codehilite">always</code>, it will be routed to the canary. When the cookie is set to <code class="codehilite">never</code>, it will never be routed to the canary. For any other value, the cookie will be ignored and the request compared against the other canary rules by precedence.</p>
</li>
<li>
<p><code class="codehilite">nginx.ingress.kubernetes.io/canary-weight</code>: The integer based (0 - 100) percent of random requests that should be routed to the service specified in the canary Ingress. A weight of 0 implies that no requests will be sent to the service in the Canary ingress by this canary rule. A weight of 100 means implies all requests will be sent to the alternative service specified in the Ingress. </p>
<p><code class="codehilite">nginx.ingress.kubernetes.io/canary-weight</code>: The integer based (0 - 100) percent of random requests that should be routed to the service specified in the canary Ingress. A weight of 0 implies that no requests will be sent to the service in the Canary ingress by this canary rule. A weight of 100 means implies all requests will be sent to the alternative service specified in the Ingress.</p>
</li>
</ul>
<p>Canary rules are evaluated in order of precedence. Precedence is as follows:
<code class="codehilite">canary-by-header -&gt; canary-by-cookie -&gt; canary-weight</code> </p>
<p>Canary rules are evaluated in order of precedence. Precedence is as follows:
<code class="codehilite">canary-by-header -&gt; canary-by-cookie -&gt; canary-weight</code></p>
<p><strong>Note</strong> that when you mark an ingress as canary, then all the other non-canary annotations will be ignored (inherited from the corresponding main ingress) except <code class="codehilite">nginx.ingress.kubernetes.io/load-balance</code> and <code class="codehilite">nginx.ingress.kubernetes.io/upstream-hash-by</code>.</p>
<p><strong>Known Limitations</strong></p>
<p>Currently a maximum of one canary ingress can be applied per Ingress rule. </p>
<p>Currently a maximum of one canary ingress can be applied per Ingress rule.</p>
<h3 id="rewrite">Rewrite<a class="headerlink" href="#rewrite" title="Permanent link">&para;</a></h3>
<p>In some scenarios the exposed URL in the backend service differs from the specified path in the Ingress rule. Without a rewrite any request will return 404.
Set the annotation <code class="codehilite">nginx.ingress.kubernetes.io/rewrite-target</code> to the path expected by the service.</p>
@ -2311,7 +2319,7 @@ Set the annotation <code class="codehilite">nginx.ingress.kubernetes.io/rewrite-
The only affinity type available for NGINX is <code class="codehilite">cookie</code>.</p>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>If more than one Ingress is defined for a host and at least one Ingress uses <code class="codehilite">nginx.ingress.kubernetes.io/affinity: cookie</code>, then only paths on the Ingress using <code class="codehilite">nginx.ingress.kubernetes.io/affinity</code> will use session cookie affinity. All paths defined on other Ingresses for the host will be load balanced through the random selection of a backend server. </p>
<p>If more than one Ingress is defined for a host and at least one Ingress uses <code class="codehilite">nginx.ingress.kubernetes.io/affinity: cookie</code>, then only paths on the Ingress using <code class="codehilite">nginx.ingress.kubernetes.io/affinity</code> will use session cookie affinity. All paths defined on other Ingresses for the host will be load balanced through the random selection of a backend server.</p>
</div>
<div class="admonition example">
<p class="admonition-title">Example</p>
@ -2319,7 +2327,7 @@ The only affinity type available for NGINX is <code class="codehilite">cookie</c
</div>
<h4 id="cookie-affinity">Cookie affinity<a class="headerlink" href="#cookie-affinity" title="Permanent link">&para;</a></h4>
<p>If you use the <code class="codehilite">cookie</code> affinity type you can also specify the name of the cookie that will be used to route the requests with the annotation <code class="codehilite">nginx.ingress.kubernetes.io/session-cookie-name</code>. The default is to create a cookie named 'INGRESSCOOKIE'.</p>
<p>The NGINX annotation <code class="codehilite">nginx.ingress.kubernetes.io/session-cookie-path</code> defines the path that will be set on the cookie. This is optional unless the annotation <code class="codehilite">nginx.ingress.kubernetes.io/use-regex</code> is set to true; Session cookie paths do not support regex. </p>
<p>The NGINX annotation <code class="codehilite">nginx.ingress.kubernetes.io/session-cookie-path</code> defines the path that will be set on the cookie. This is optional unless the annotation <code class="codehilite">nginx.ingress.kubernetes.io/use-regex</code> is set to true; Session cookie paths do not support regex.</p>
<h3 id="authentication">Authentication<a class="headerlink" href="#authentication" title="Permanent link">&para;</a></h3>
<p>Is possible to add authentication adding additional annotations in the Ingress rule. The source of the authentication is a secret that contains usernames and passwords inside the key <code class="codehilite">auth</code>.</p>
<p>The annotations are:
@ -2442,7 +2450,7 @@ location enabling this functionality.</p>
</ul>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>For more information please see <a href="https://enable-cors.org/server_nginx.html">https://enable-cors.org</a> </p>
<p>For more information please see <a href="https://enable-cors.org/server_nginx.html">https://enable-cors.org</a></p>
</div>
<h3 id="http2-push-preload">HTTP2 Push Preload.<a class="headerlink" href="#http2-push-preload" title="Permanent link">&para;</a></h3>
<p>Enables automatic conversion of preload links specified in the “Link” response header fields into push requests.</p>
@ -2519,6 +2527,10 @@ applied to each location provided in the ingress rule.</p>
<code class="codehilite">&lt;Response_Header_1, ..., Response_Header_n&gt;</code> to specify headers to pass to backend once authentication request completes.</li>
<li><code class="codehilite">nginx.ingress.kubernetes.io/auth-request-redirect</code>:
<code class="codehilite">&lt;Request_Redirect_URL&gt;</code> to specify the X-Auth-Request-Redirect header value.</li>
<li><code class="codehilite">nginx.ingress.kubernetes.io/auth-cache-key</code>:
<code class="codehilite">&lt;Cache_Key&gt;</code> this enables caching for auth requests. specify a lookup key for auth responses. e.g. <code class="codehilite">$remote_user$http_authorization</code>. Each server and location has it's own keyspace. Hence a cached response is only valid on a per-server and per-location basis.</li>
<li><code class="codehilite">nginx.ingress.kubernetes.io/auth-cache-duration</code>:
<code class="codehilite">&lt;Cache_duration&gt;</code> to specify a caching time for auth responses based on their response codes, e.g. <code class="codehilite">200 202 30m</code>. See <a href="http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid">proxy_cache_valid</a> for details. You may specify multiple, comma-separated values: <code class="codehilite">200 202 10m, 401 5m</code>. defaults to <code class="codehilite">200 202 401 5m</code>.</li>
<li><code class="codehilite">nginx.ingress.kubernetes.io/auth-snippet</code>:
<code class="codehilite">&lt;Auth_Snippet&gt;</code> to specify a custom snippet to use with external authentication, e.g.</li>
</ul>
@ -2738,7 +2750,7 @@ Reference for this <a href="https://github.com/p0pr0ck5/lua-resty-waf/issues/166
of ingress locations. The ModSecurity module must first be enabled by enabling ModSecurity in the
<a href="../configmap/#enable-modsecurity">ConfigMap</a>. Note this will enable ModSecurity for all paths, and each path
must be disabled manually.</p>
<p>It can be enabled using the following annotation:
<p>It can be enabled using the following annotation:
<div class="codehilite"><pre><span></span><span class="nt">nginx.ingress.kubernetes.io/enable-modsecurity</span><span class="p">:</span> <span class="s">&quot;true&quot;</span>
</pre></div>
ModSecurity will run in "Detection-Only" mode using the <a href="https://github.com/SpiderLabs/ModSecurity/blob/v3/master/modsecurity.conf-recommended">recommended configuration</a>.</p>
@ -2755,7 +2767,7 @@ setting the following annotation:
<span class="l l-Scalar l-Scalar-Plain">SecDebugLog /tmp/modsec_debug.log</span>
</pre></div></p>
<p>Note: If you use both <code class="codehilite">enable-owasp-core-rules</code> and <code class="codehilite">modsecurity-snippet</code> annotations together, only the
<code class="codehilite">modsecurity-snippet</code> will take effect. If you wish to include the <a href="https://www.modsecurity.org/CRS/Documentation/">OWASP Core Rule Set</a> or
<code class="codehilite">modsecurity-snippet</code> will take effect. If you wish to include the <a href="https://www.modsecurity.org/CRS/Documentation/">OWASP Core Rule Set</a> or
<a href="https://github.com/SpiderLabs/ModSecurity/blob/v3/master/modsecurity.conf-recommended">recommended configuration</a> simply use the include
statement:
<div class="codehilite"><pre><span></span><span class="nt">nginx.ingress.kubernetes.io/modsecurity-snippet</span><span class="p">:</span> <span class="p p-Indicator">|</span>
@ -2774,7 +2786,7 @@ using the <a href="https://github.com/influxdata/nginx-influxdb-module/">nginx-i
<p>For the <code class="codehilite">influxdb-host</code> parameter you have two options:</p>
<ul>
<li>Use an InfluxDB server configured with the <a href="https://docs.influxdata.com/influxdb/v1.5/supported_protocols/udp/">UDP protocol</a> enabled. </li>
<li>Use an InfluxDB server configured with the <a href="https://docs.influxdata.com/influxdb/v1.5/supported_protocols/udp/">UDP protocol</a> enabled.</li>
<li>Deploy Telegraf as a sidecar proxy to the Ingress controller configured to listen UDP with the <a href="https://github.com/influxdata/telegraf/tree/release-1.6/plugins/inputs/socket_listener">socket listener input</a> and to write using
anyone of the <a href="https://github.com/influxdata/telegraf/tree/release-1.7/plugins/outputs">outputs plugins</a> like InfluxDB, Apache Kafka,
Prometheus, etc.. (recommended)</li>
@ -2793,7 +2805,7 @@ Valid Values: HTTP, HTTPS, GRPC, GRPCS and AJP</p>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
</div>
<p>When using this annotation with the NGINX annotation <code class="codehilite">nginx.ingress.kubernetes.io/affinity</code> of type <code class="codehilite">cookie</code>, <code class="codehilite">nginx.ingress.kubernetes.io/session-cookie-path</code> must be also set; Session cookie paths do not support regex. </p>
<p>When using this annotation with the NGINX annotation <code class="codehilite">nginx.ingress.kubernetes.io/affinity</code> of type <code class="codehilite">cookie</code>, <code class="codehilite">nginx.ingress.kubernetes.io/session-cookie-path</code> must be also set; Session cookie paths do not support regex.</p>
<p>Using the <code class="codehilite">nginx.ingress.kubernetes.io/use-regex</code> annotation will indicate whether or not the paths defined on an Ingress use regular expressions. The default value is <code class="codehilite">false</code>.</p>
<p>The following will indicate that regular expression paths are being used:
<div class="codehilite"><pre><span></span><span class="nt">nginx.ingress.kubernetes.io/use-regex</span><span class="p">:</span> <span class="s">&quot;true&quot;</span>
@ -2802,8 +2814,8 @@ Valid Values: HTTP, HTTPS, GRPC, GRPCS and AJP</p>
<div class="codehilite"><pre><span></span><span class="nt">nginx.ingress.kubernetes.io/use-regex</span><span class="p">:</span> <span class="s">&quot;false&quot;</span>
</pre></div></p>
<p>When this annotation is set to <code class="codehilite">true</code>, the case insensitive regular expression <a href="https://nginx.org/en/docs/http/ngx_http_core_module.html#location">location modifier</a> will be enforced on ALL paths for a given host regardless of what Ingress they are defined on.</p>
<p>Additionally, if the <a href="#rewrite"><code class="codehilite">rewrite-target</code> annotation</a> is used on any Ingress for a given host, then the case insensitive regular expression <a href="https://nginx.org/en/docs/http/ngx_http_core_module.html#location">location modifier</a> will be enforced on ALL paths for a given host regardless of what Ingress they are defined on. </p>
<p>Please read about <a href="../../ingress-path-matching/">ingress path matching</a> before using this modifier. </p>
<p>Additionally, if the <a href="#rewrite"><code class="codehilite">rewrite-target</code> annotation</a> is used on any Ingress for a given host, then the case insensitive regular expression <a href="https://nginx.org/en/docs/http/ngx_http_core_module.html#location">location modifier</a> will be enforced on ALL paths for a given host regardless of what Ingress they are defined on.</p>
<p>Please read about <a href="../../ingress-path-matching/">ingress path matching</a> before using this modifier.</p>
<h3 id="satisfy">Satisfy<a class="headerlink" href="#satisfy" title="Permanent link">&para;</a></h3>
<p>By default, a request would need to satisfy all authentication requirements in order to be allowed. By using this annotation, requests that satisfy either any or all authentication requirements are allowed, based on the configuration value.</p>
<div class="codehilite"><pre><span></span><span class="nt">nginx.ingress.kubernetes.io/satisfy</span><span class="p">:</span> <span class="s">&quot;any&quot;</span>

48
user-guide/nginx-configuration/configmap/index.html
View file

@ -1528,6 +1528,20 @@
global-auth-snippet
</a>
</li>
<li class="md-nav__item">
<a href="#global-auth-cache-key" title="global-auth-cache-key" class="md-nav__link">
global-auth-cache-key
</a>
</li>
<li class="md-nav__item">
<a href="#global-auth-cache-duration" title="global-auth-cache-duration" class="md-nav__link">
global-auth-cache-duration
</a>
</li>
<li class="md-nav__item">
@ -3025,6 +3039,20 @@
global-auth-snippet
</a>
</li>
<li class="md-nav__item">
<a href="#global-auth-cache-key" title="global-auth-cache-key" class="md-nav__link">
global-auth-cache-key
</a>
</li>
<li class="md-nav__item">
<a href="#global-auth-cache-duration" title="global-auth-cache-duration" class="md-nav__link">
global-auth-cache-duration
</a>
</li>
<li class="md-nav__item">
@ -3769,6 +3797,16 @@ Same for numbers, like "100".</p>
<td align="left">""</td>
</tr>
<tr>
<td align="left"><a href="#global-auth-cache-key">global-auth-cache-key</a></td>
<td align="left">string</td>
<td align="left">""</td>
</tr>
<tr>
<td align="left"><a href="#global-auth-cache-duration">global-auth-cache-duration</a></td>
<td align="left">string</td>
<td align="left">"200 202 401 5m"</td>
</tr>
<tr>
<td align="left"><a href="#no-auth-locations">no-auth-locations</a></td>
<td align="left">string</td>
<td align="left">"/.well-known/acme-challenge"</td>
@ -3807,7 +3845,7 @@ Same for numbers, like "100".</p>
<p>Access log path. Goes to <code class="codehilite">/var/log/nginx/access.log</code> by default.</p>
<p><strong>Note:</strong> the file <code class="codehilite">/var/log/nginx/access.log</code> is a symlink to <code class="codehilite">/dev/stdout</code></p>
<h2 id="enable-access-log-for-default-backend">enable-access-log-for-default-backend<a class="headerlink" href="#enable-access-log-for-default-backend" title="Permanent link">&para;</a></h2>
<p>Enables logging access to default backend. <em><strong>default:</strong></em> is disabled. </p>
<p>Enables logging access to default backend. <em><strong>default:</strong></em> is disabled.</p>
<h2 id="error-log-path">error-log-path<a class="headerlink" href="#error-log-path" title="Permanent link">&para;</a></h2>
<p>Error log path. Goes to <code class="codehilite">/var/log/nginx/error.log</code> by default.</p>
<p><strong>Note:</strong> the file <code class="codehilite">/var/log/nginx/error.log</code> is a symlink to <code class="codehilite">/dev/stderr</code></p>
@ -3986,7 +4024,7 @@ The default of 0 means "max open files (system's limit) / <a href="#worker-proce
<h2 id="ssl-session-ticket-key">ssl-session-ticket-key<a class="headerlink" href="#ssl-session-ticket-key" title="Permanent link">&para;</a></h2>
<p>Sets the secret key used to encrypt and decrypt TLS session tickets. The value must be a valid base64 string.
To create a ticket: <code class="codehilite">openssl rand 80 | openssl enc -A -base64</code></p>
<p><a href="http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets">TLS session ticket-key</a>, by default, a randomly generated key is used. </p>
<p><a href="http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets">TLS session ticket-key</a>, by default, a randomly generated key is used.</p>
<h2 id="ssl-session-timeout">ssl-session-timeout<a class="headerlink" href="#ssl-session-timeout" title="Permanent link">&para;</a></h2>
<p>Sets the time during which a client may <a href="http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_timeout">reuse the session</a> parameters stored in a cache.</p>
<h2 id="ssl-buffer-size">ssl-buffer-size<a class="headerlink" href="#ssl-buffer-size" title="Permanent link">&para;</a></h2>
@ -4065,7 +4103,7 @@ The value can either be:</p>
<h2 id="upstream-keepalive-connections">upstream-keepalive-connections<a class="headerlink" href="#upstream-keepalive-connections" title="Permanent link">&para;</a></h2>
<p>Activates the cache for connections to upstream servers. The connections parameter sets the maximum number of idle
keepalive connections to upstream servers that are preserved in the cache of each worker process. When this number is
exceeded, the least recently used connections are closed.
exceeded, the least recently used connections are closed.
<em><strong>default:</strong></em> 32</p>
<p><em>References:</em>
<a href="http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive">http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive</a></p>
@ -4232,6 +4270,10 @@ Similar to the Ingress rule annotation <code class="codehilite">nginx.ingress.ku
<p>Sets a custom snippet to use with external authentication. Applied to all the locations.
Similar to the Ingress rule annotation <code class="codehilite">nginx.ingress.kubernetes.io/auth-request-redirect</code>.
<em><strong>default:</strong></em> ""</p>
<h2 id="global-auth-cache-key">global-auth-cache-key<a class="headerlink" href="#global-auth-cache-key" title="Permanent link">&para;</a></h2>
<p>Enables caching for global auth requests. Specify a lookup key for auth responses, e.g. <code class="codehilite">$remote_user$http_authorization</code>.</p>
<h2 id="global-auth-cache-duration">global-auth-cache-duration<a class="headerlink" href="#global-auth-cache-duration" title="Permanent link">&para;</a></h2>
<p>Set a caching time for auth responses based on their response codes, e.g. <code class="codehilite">200 202 30m</code>. See <a href="http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid">proxy_cache_valid</a> for details. You may specify multiple, comma-separated values: <code class="codehilite">200 202 10m, 401 5m</code>. defaults to <code class="codehilite">200 202 401 5m</code>.</p>
<h2 id="no-auth-locations">no-auth-locations<a class="headerlink" href="#no-auth-locations" title="Permanent link">&para;</a></h2>
<p>A comma-separated list of locations that should not get authenticated.
<em><strong>default:</strong></em> "/.well-known/acme-challenge"</p>

6
user-guide/nginx-configuration/log-format/index.html
View file

@ -1145,7 +1145,7 @@
<span class="x"> &#39;</span><span class="cp">{{</span> <span class="k">if</span> <span class="err">$</span><span class="nv">cfg.useProxyProtocol</span> <span class="cp">}}</span><span class="x">$proxy_protocol_addr</span><span class="cp">{{</span> <span class="k">else</span> <span class="cp">}}</span><span class="x">$remote_addr</span><span class="cp">{{</span> <span class="nv">end</span> <span class="cp">}}</span><span class="x"> - &#39;</span>
<span class="x"> &#39;[$the_real_ip] - $remote_user [$time_local] &quot;$request&quot; &#39;</span>
<span class="x"> &#39;$status $body_bytes_sent &quot;$http_referer&quot; &quot;$http_user_agent&quot; &#39;</span>
<span class="x"> &#39;$request_length $request_time [$proxy_upstream_name] $upstream_addr &#39;</span>
<span class="x"> &#39;$request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr &#39;</span>
<span class="x"> &#39;$upstream_response_length $upstream_response_time $upstream_status $req_id&#39;;</span>
</pre></div>
@ -1210,6 +1210,10 @@
<td>name of the upstream. The format is <code class="codehilite">upstream-&lt;namespace&gt;-&lt;service name&gt;-&lt;service port&gt;</code></td>
</tr>
<tr>
<td><code class="codehilite">$proxy_alternative_upstream_name</code></td>
<td>name of the alternative upstream. The format is <code class="codehilite">upstream-&lt;namespace&gt;-&lt;service name&gt;-&lt;service port&gt;</code></td>
</tr>
<tr>
<td><code class="codehilite">$upstream_addr</code></td>
<td>the IP address and port (or the path to the domain socket) of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas.</td>
</tr>