DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7394 commits 4 branches 217 tags 166 MiB
Commit graph

411 commits

Author SHA1 Message Date
Matthew Silverman
9b00a4912f set x-forwarded-scheme like x-forwarded-proto 2021-05-13 09:26:27 -04:00
Ricardo Pchevuzinske Katz
0dceedfad7 Remove localhost calls from external names 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
 2021-04-30 16:49:35 -03:00
Adam Renberg Tamm
9123820584 Expose Geo IP subdivision 1 as variables 2021-03-22 17:30:16 +00:00
afrouz
ed6debb194 add body_filter_by_lua_block lua plugin to ingress-nginx 2021-01-05 20:56:13 +03:30
Elvin Efendi
e0dece48f7 Add Global Rate Limiting support 2021-01-04 17:47:07 -05:00
Manuel Alejandro de Brito Fontes
9c0a39636d Refactor ingress nginx variables 2020-12-12 08:52:47 -03:00
Matthew Tuusberg
1c6a1a0e23
feat: add support for country databases 2020-12-07 21:43:38 +03:00
agile6v
06f53bcf05 feat: allow user to specify the maxmium number of retries in stream block. 2020-12-02 14:54:14 +08:00
m22r
612a604fa4 Fix ErrorLogLevel in stream contexts 2020-11-27 14:29:43 +09:00
Kubernetes Prow Robot
e3a3ea8826
Merge pull request #6294 from ianbuss/auth-error-redirect-param 
Allow customisation of redirect URL parameter in external auth redirects
 2020-11-23 01:27:37 -08:00
Julien Vey
fd8af11392
Fix opentracing propagation on auth-url 
Currently, the opentracing propagation instructions are set only if opentracing is configured globally.
This fix set the propagation instructions if opentracing is disabled globally, but enabled per ingress
 2020-11-20 01:32:20 +01:00
Minji Chun
2e7967cc99 Add comment indicating server-snippet section 2020-11-04 18:59:39 +09:00
Manuel Alejandro de Brito Fontes
d74ea25df8 Add validation for wildcard server names 2020-10-26 10:51:14 -03:00
Kubernetes Prow Robot
524c3a50ea
Merge pull request #6037 from aledbf/redirect 
Do not append a trailing slash on redirects
 2020-10-08 11:51:06 -07:00
Ian Buss
41cf628bdf Add a configurable URL redirect parameter for error URLs 2020-10-08 12:53:46 +01:00
Kubernetes Prow Robot
8d45bb39a4
Merge pull request #5348 from Antiarchitect/stream-log-annotations 
Ability to separately disable access log in http and stream contexts
 2020-09-28 11:02:53 -07:00
Manuel Alejandro de Brito Fontes
493dd6726d
Replace request_uri 2020-09-27 20:26:39 -03:00
shrpne
2948e3e109 better cors 2020-09-27 21:44:24 +03:00
Maxime LUCE
b7b85175f6 Add annotation to configure CORS Access-Control-Expose-Headers 2020-09-23 17:41:52 +02:00
Elvin Efendi
8e83d4e84a delete redundant NGINX config about X-Forwarded-Proto 2020-09-15 13:22:26 -04:00
Manuel Alejandro de Brito Fontes
e659efbfdb Use dynamic load of modules 2020-09-10 11:39:35 -03:00
agile6v
609e1b5775 feat: support to define trusted addresses for proxy protocol in stream block 2020-08-28 14:37:16 +08:00
Kubernetes Prow Robot
e825af86e1
Merge pull request #5887 from dschwar/force-use-forwarded-for 
Add force-enable-realip-module
 2020-07-17 07:17:02 -07:00
David Schwartz
d52141c2b9 Add enable-real-ip 2020-07-15 15:25:29 -04:00
Manuel Alejandro de Brito Fontes
dc3876666b Revert "use-regex annotation should be applied to only one Location" 
This reverts commit a8a8b5f6e9.
 2020-07-15 11:20:47 -04:00
Manuel Alejandro de Brito Fontes
a8a8b5f6e9 use-regex annotation should be applied to only one Location 2020-07-06 19:29:39 -04:00
Manuel Alejandro de Brito Fontes
ec4fb05cad Fix proxy ssl e2e test 2020-07-06 18:41:42 -04:00
Zhongcheng Lao
c0629e92c2
Add proxy-ssl-server-name to enable passing SNI 2020-07-03 14:14:32 +08:00
Kubernetes Prow Robot
baa2b2cd33
Merge pull request #5709 from agile6v/master 
fix: remove duplicated X-Forwarded-Proto header.
 2020-07-02 17:50:47 -07:00
agile6v
e8aaa15ce8 Remove duplicated X-Forwarded-Proto header. 2020-06-25 11:11:00 +08:00
Kubernetes Prow Robot
803a76cf8a
Merge pull request #5749 from Bo0km4n/feat-configurable-max-batch-size 
[Fix/metrics] Be configurable max batch size of metrics
 2020-06-22 22:07:40 -07:00
mengqi.wmq
f232a264ab Add default-type as a configurable for default_type 2020-06-21 11:10:51 +08:00
Bo0km4n
7ab0916c92 Resolve conflicts 2020-06-20 17:13:31 +09:00
Bo0km4n
53a6b0fd3b Configurable metrics max batch size 2020-06-20 15:58:14 +09:00
Jeff Hui
7767230e6a fix undefined variable $auth_cookie error when location is denied 
(add) isLocationAllowed check before setting the cookie
 2020-06-08 13:59:52 -04:00
agile6v
fc1c043437 Add http-access-log-path and stream-access-log-path options in configMap 2020-06-05 01:27:26 +08:00
Kubernetes Prow Robot
ee02d897d5
Merge pull request #5534 from agile6v/master 
Add annotation ssl-prefer-server-ciphers.
 2020-05-29 08:35:16 -07:00
adiov
d03266d505
Add MaxMind GeoIP2 Anonymous IP support 2020-05-21 06:50:57 +03:00
Andrey Voronkov
bced1ed8b8 Ability to separately disable access log in http and stream contexts 
Two new configuration options:
`disable-http-access-log`
`disable-stream-access-log`

Should resolve issue with enormous amount of `TCP 200` useless entries in logs

Signed-off-by: Andrey Voronkov <voronkovaa@gmail.com>
 2020-05-13 21:23:37 +03:00
agile6v
41d82005ec Add annotation ssl-prefer-server-ciphers. 2020-05-11 16:31:08 +08:00
Manuel Alejandro de Brito Fontes
d18fa90cfd Add e2e test for OCSP and new configmap setting 2020-04-17 12:53:47 -04:00
Elvin Efendi
1dab12fb81 Lua OCSP stapling 2020-04-16 21:29:16 -04:00
Manuel Alejandro de Brito Fontes
c0db19b0ec Enable configuration of plugins using configmap 2020-04-13 11:38:42 -04:00
Artem Miroshnychenko
eefb32c667 fix: remove unnecessary if statement when redirect annotation is defined 2020-04-08 19:02:15 +03:00
Manuel Alejandro de Brito Fontes
6037883c4a
Forward X-Request-ID to auth service (#5301) 2020-03-29 19:58:36 -03:00
Manuel Alejandro de Brito Fontes
07b70f68bd
Redirect for app-root should preserve current scheme (#5266) 2020-03-19 15:49:18 -03:00
Maxim Pogozhiy
78576a9bbc Add Maxmind Editions support 2020-03-19 19:36:10 +07:00
Jorge Niedbalski
1d1b857cb7 Add a forwarded protocol map for included x-forwarded-proto. 
This change adds a new map for including the passed x-forwarded-proto
header in case is provided as an extra header.

Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
 2020-03-10 18:26:28 -03:00
Laszlo Janosi
2de30bf451 Add proxy-ssl-name to location level 2020-02-25 13:52:34 +01:00
schaefec
141ea59b7f Allows overriding the server name used to verify the certificate of the proxied HTTPS server 2020-02-25 13:32:14 +01:00
Manuel Alejandro de Brito Fontes
351307280e Clean template 2020-02-21 16:14:49 -03:00
Karl Stoney
5c64c52a60 Ensured that opentracing on auth request is only enabled for people that have opentracing 2020-02-20 14:12:54 +00:00
Karl Stoney
08471b527b Fixes https://github.com/kubernetes/ingress-nginx/issues/5120 2020-02-20 14:03:09 +00:00
Daniel Arifin
d48d5a61ae Add gzip-min-length as a configurable 2020-02-14 13:29:51 +07:00
Manuel Alejandro de Brito Fontes
71e35c9100
Make sure set-cookie is retained from external auth endpoint (#5067) 2020-02-14 01:41:11 -03:00
Manuel Alejandro de Brito Fontes
b3146354d4 Refactor mirror feature 2020-02-05 10:39:55 -03:00
Manuel Alejandro de Brito Fontes
b9e944a8a6
Move mod-security logic from template to go code (#5009) 2020-02-04 14:04:11 -03:00
Manuel Alejandro de Brito Fontes
5d05e19cc3
Fix enable opentracing per location (#4983) 2020-01-29 12:20:05 -03:00
Kubernetes Prow Robot
2f8cbeb8fa
Merge pull request #4956 from djboris9/proxy-protocol-port 
Fix proxy protocol support for X-Forwarded-Port
 2020-01-26 12:27:02 -08:00
Manuel Alejandro de Brito Fontes
7ff49b25d6
Move opentracing configuration for location to go (#4965) 2020-01-25 21:39:20 -03:00
Boris Djurdjevic
665f924e9e Add proxy protocol support for X-Forwarded-Port 
Fixes https://github.com/kubernetes/ingress-nginx/issues/4951
 2020-01-24 13:50:35 +01:00
Manuel Alejandro de Brito Fontes
fbdd924a45 Update nginx image 2020-01-04 13:23:16 -03:00
Manuel Alejandro de Brito Fontes
a0523c3c8a
Use a named location for authSignURL (#4859) 2019-12-24 22:50:25 -03:00
Elvin Efendi
54918c0ff2 fix duplicate hsts bug 2019-12-12 13:49:13 -05:00
MMeent
75e8d37d71
Fix issue in logic of modsec template 
according to go templates: `(and ((not false) false))` == `true`

the only way to remove the owasp rules from every location is to disable modsec on that location, or to enable owasp globally, both not-so-great choices.

This commit fixes the logic issue by fixing the and-clause in the if-statement. As a result this reduces global resource usages when modsecurity is configured globally, but not on every location.
 2019-11-28 14:56:41 +01:00
Kubernetes Prow Robot
a85d5ed93a
Merge pull request #4779 from aledbf/update-image 
Remove lua-resty-waf feature
 2019-11-27 11:45:05 -08:00
Kubernetes Prow Robot
b286c2a336
Merge pull request #4732 from willthames/enable-opentracing-annotation 
Allow enabling/disabling opentracing for ingresses
 2019-11-26 17:31:21 -08:00
Will Thames
0ae463a5f3 Provide annotation to control opentracing 
By default you might want opentracing off, but on for a particular
ingress.

Similarly, you might want opentracing globally on, but disabled for
a specific endpoint. To achieve this, `opentracing_propagate_context`
cannot be set when combined with `opentracing off`

A new annotation, `enable-opentracing` allows more fine grained control
of opentracing for specific ingresses.
 2019-11-27 11:07:26 +10:00
Manuel Alejandro de Brito Fontes
61d902db14 Remove Lua resty waf feature 2019-11-26 10:37:43 -03:00
Kubernetes Prow Robot
62518b60b4
Merge pull request #4689 from janosi/upstream_ssl 
Server-only authentication of backends and per-location SSL config
 2019-11-18 19:49:43 -08:00
Rustam Zagirov
d9cfad1894 add configuration for http2_max_concurrent_streams 2019-10-31 15:13:38 +03:00
Laszlo Janosi
cc84bd4ab6 Server level proxy_ssl parameters are applied again, following the comments received. 
Also writing tls.crt and tls.key to disk is according to the original code.
 2019-10-26 20:20:18 +02:00
Laszlo Janosi
37fe9c9876 Enabling per-location proxy-ssl parameters, so locations of the same server but with own unique Ingress definitions can have different SSL configs 2019-10-17 10:15:53 +02:00
Kubernetes Prow Robot
69880ac9ad
Merge pull request #4650 from DaveAurionix/master 
Expose GeoIP2 Organization as variable $geoip2_org
 2019-10-12 15:34:36 -07:00
Sergei Turchanov
0476715022 Need to quote expansion of $cfg.LogFormatStream in log_stream access log 
format in nginx.tmpl otherwise individual variables are just glued together
without separating spaces so that you would get these in access logs:

[10/Oct/2019:05:03:30 +0000]TCP200000.003
[10/Oct/2019:05:03:30 +0000]TCP200000.000
[10/Oct/2019:05:05:04 +0000]TCP200000.000

which supposed to be someting like these:
[10/Oct/2019:05:03:30 +0000] TCP 200 0 0 0.003
[10/Oct/2019:05:03:30 +0000] TCP 200 0 0 0.000
[10/Oct/2019:05:05:04 +0000] TCP 200 0 0 0.000
 2019-10-10 17:27:15 +10:00
Dave Thompson
8e926b21d1 Expose GeoIP2 Organization as variable $geoip2_org 2019-10-09 09:47:48 +01:00
MRoci
72c4ffa8b5
add modsecurity-snippet key 2019-09-28 09:54:07 +02:00
Elvin Efendi
c5a8357f1d handle hsts header injection in lua 2019-09-24 21:17:22 -04:00
Elvin Efendi
c93d384fb1 delete redundant config 2019-09-24 18:51:35 -04:00
Elvin Efendi
8c64b12a96 refactor force ssl redirect logic 2019-09-24 14:57:52 -04:00
A Gardner
786a3b6862 Add support for configmap of headers to be sent to external auth service 2019-09-24 10:53:23 -04:00
Manuel Alejandro de Brito Fontes
4b4176c830
Fix log format after #4557 2019-09-18 12:52:09 -03:00
Manuel Alejandro de Brito Fontes
9af574a234
Remove the_real_ip variable 2019-09-12 20:01:33 -03:00
Manuel Alejandro de Brito Fontes
ce3e3d51c3
WIP Remove nginx unix sockets (#4531) 
* Remove nginx unix sockets
* Use an emptyDir volume for /tmp in PSP e2e tests
 2019-09-08 18:14:54 -03:00
Ricardo Katz
9c51676f17 Add support to CRL (#3164) 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Add support to CRL

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
 2019-09-03 16:47:28 -04:00
Manuel Alejandro de Brito Fontes
c2935ca35c
Refactor health checks and wait until NGINX process ends 2019-09-01 15:31:27 -04:00
Manuel Alejandro de Brito Fontes
c7d2444cf4
Fix nginx variable service_port (nginx) (#4500) 2019-08-31 11:24:01 -04:00
Elvin Efendi
06f03a2af6 point users to kubectl ingress-nginx plugin 2019-08-27 07:42:42 -04:00
Manuel Alejandro de Brito Fontes
8def5ef7ca
Add support for multiple alias and remove duplication of SSL certificates (#4472) 2019-08-26 10:58:44 -04:00
Kubernetes Prow Robot
f0e71cf688
Merge pull request #4463 from zerda/fix-add-headers 
Always set headers with add-headers option
 2019-08-25 09:16:21 -07:00
SilverFox
a44b5cf3f3 Always set headers with add-headers option 
It should work regardless of the response code or add_header directive in location.
 2019-08-18 14:28:43 +08:00
Gabor Lekeny
4624b5bc77 Change PemSHA to CASHA 2019-08-16 06:31:15 +02:00
Gabor Lekeny
65b9e2c574 Merge branch 'master' of https://github.com/kubernetes/ingress-nginx into proxyssl 2019-08-16 06:21:53 +02:00
Maxime Ginters
d8bd8c5619 Add nginx proxy_max_temp_file_size configuration option 2019-08-15 13:47:42 -04:00
Kubernetes Prow Robot
0b375989f3
Merge pull request #4412 from Shopify/ssl-early-data 
Add nginx ssl_early_data option support
 2019-08-15 10:08:35 -07:00
Elvin Efendi
6a293c7e11 set /configuration client body size dynamically 2019-08-14 22:10:56 -04:00
Kubernetes Prow Robot
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode 
Only support SSL dynamic mode
 2019-08-14 17:08:35 -07:00
Kubernetes Prow Robot
adef152db8
Merge pull request #4379 from diazjf/mirror 
Allow Requests to be Mirrored to different backends
 2019-08-13 17:52:24 -07:00
Elvin Efendi
d46b4148fa Lua /etc/resolv.conf parser and some refactoring 2019-08-13 18:34:54 -04:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00