DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4158 commits 4 branches 217 tags 166 MiB
Commit graph

374 commits

Author SHA1 Message Date
Bryan Shelton
3dc131bd57 Make literal $ character work in set $location_path 2018-10-07 12:58:39 -07:00
Manuel Alejandro de Brito Fontes
44bdc7eb59 Remove support for TCP and UDP services 2018-10-07 10:53:37 -03:00
k8s-ci-robot
b46523a1f4
Merge pull request #3149 from diazjf/proxy-e2e-tests 
Add e2e Tests for Proxy Annotations
 2018-10-05 05:15:09 -07:00
Globegitter
8848c1864a Move mainSnippet before events. 2018-10-02 15:24:44 +02:00
Fernando Diaz
e5dca9353e Remove Unneeded Quotes from Nginx Directives 
Removes quotes from nginx directives which my cause issues with
their functionality

Fixes #3152
 2018-10-01 16:10:33 -05:00
k8s-ci-robot
d9f58144eb
Merge pull request #3145 from Shopify/regex-modifier 
Add "use-regex" Annotation to Toggle Regular Expression Location Modifier
 2018-10-01 11:31:43 -07:00
Zenara Daley
f29bdc3e8d Add 'use regex' annotation to toggle nginx regex location modifier 2018-10-01 13:54:11 -04:00
Markus Padourek
bf4be49c02 Fix incorrect .DisableLua access. (#3144) 
* Fix incorrect .DisableLua access.

* Address comment.
 2018-09-26 14:05:05 -03:00
Globegitter
a2ccd1f224 Fix usage for $all. 2018-09-26 16:38:16 +02:00
Markus Padourek
fe219db231
Ensure monitoring for custom error pages 
Fixes #3140
 2018-09-26 16:26:38 +02:00
Elvin Efendi
b3a22f7fc0 do not require --default-backend-service 2018-09-25 21:14:28 -04:00
Manuel Alejandro de Brito Fontes
1e72774609 Docker run as user 2018-09-25 20:42:26 -03:00
Manuel Alejandro de Brito Fontes
3f29e436f3 Update nginx image 2018-09-25 18:35:01 -03:00
k8s-ci-robot
c4a562dded
Merge pull request #3130 from alanbover/fix/newlines_location_denied 
fix newlines location denied
 2018-09-25 07:04:50 -07:00
Alan Bover
6454608c6c fix newlines location denied 2018-09-25 15:36:23 +02:00
k8s-ci-robot
6393ca6aaf
Merge pull request #2997 from StarOfService/global-block-ip-ua-ref 
Provide possibility to block IPs, User-Agents and Referers globally
 2018-09-25 05:51:56 -07:00
Pavel Sinkevych
7212d0081b Provide possibility to block CIDRs, User-Agents and Referers globally 2018-09-25 14:16:20 +03:00
k8s-ci-robot
8d8cdb044d
Merge pull request #3073 from hchenxa/hchenxa_fix3071 
do not hardcode the path
 2018-09-16 20:20:15 -07:00
Hui Chen
3dc21ead49 do not hardcode the path 2018-09-17 10:52:21 +08:00
k8s-ci-robot
6ed5c95562
Merge pull request #3098 from ElvinEfendi/make-keepalive-work 
make upstream keepalive work for http
 2018-09-15 07:36:27 -07:00
Elvin Efendi
6511fa9f58 make upstream keepalive work for http 2018-09-14 19:40:54 -04:00
Zenara Daley
0e6f0bb88d enforce ^~ location modifier when rewrite-target annotation is set 2018-09-13 10:39:52 -04:00
k8s-ci-robot
0a9db37e0f
Merge pull request #3062 from lahsivjar/issue-fix-host-header 
Pass Host header for custom errors
 2018-09-09 09:51:13 -07:00
Vishal Raj
4e14b809df Pass Host header for custom errors 2018-09-09 19:39:10 +08:00
Lei Gong
e73510d818 fix some typos 
Signed-off-by: Lei Gong <lgong@alauda.io>
 2018-09-08 21:49:04 +08:00
Derek Perkins
9099f3b4db add support for http2-max-requests in configmap 2018-09-02 23:53:30 -06:00
Manuel de Brito Fontes
b0e242fe73 Add support for valgrind 2018-08-30 21:32:06 -03:00
k8s-ci-robot
72112fe9d0
Merge pull request #2966 from Shopify/add-sticky-unit-tests 
Add unit tests for sticky lua module
 2018-08-23 20:32:16 -07:00
k8s-ci-robot
b0b575db33
Merge pull request #2965 from Shopify/dynamic-certificates-nginx 
Add Lua module to serve SSL Certificates dynamically
 2018-08-23 20:27:55 -07:00
Henry Tran
cbf041fc3e Add Lua module to serve SSL Certificates dynamically 2018-08-23 22:15:54 -04:00
Francisco Mejia
32426b95e6 Add reset_ngx method to sticky_test.lua 2018-08-23 14:09:08 -04:00
Francisco Mejia
c7b75970ca Refactor ngx mock and indent using 2 spaces 2018-08-23 14:02:42 -04:00
Manuel de Brito Fontes
f6905ae0ff Pass real source IP address to auth request 2018-08-23 10:37:33 -03:00
Francisco Mejia
14145b3129 Update tests to account for balance() return value 2018-08-21 15:07:32 -04:00
Francisco Mejia
86c1b1211c Add unit tests for sticky lua module 2018-08-21 14:22:44 -04:00
Elvin Efendi
27cd1af4a7 fix variable parsing when key is number 2018-08-21 13:42:21 -04:00
Elvin Efendi
2207d7694d batch metrics and flush periodically 2018-08-18 13:17:21 -04:00
k8s-ci-robot
b4942ccd03
Merge pull request #2616 from Dirbaio/xff 
Add use-forwarded-headers configmap option.
 2018-08-16 16:30:08 -07:00
Elvin Efendi
7a3c8f2536 suppress stdout during lua test run 2018-08-16 14:12:33 -04:00
Elvin Efendi
589069d566 wrap IPv6 addresses into square brackets 2018-08-16 14:12:10 -04:00
Elvin Efendi
4b07e73e5d refactor lua balancer and fix ipv6 issue 2018-08-16 13:03:41 -04:00
Dario Nieuwenhuis
b5bcb93a4b
Merge branch 'master' into xff 2018-08-16 18:15:14 +02:00
Francisco Mejia
9d26a68b17 Add Backends unit tests to configuration_test.lua 2018-08-15 15:59:26 -04:00
k8s-ci-robot
3f5af6eecf
Merge pull request #2889 from hnrytrn/dynamic-cert-endpoint 
Add Lua endpoint to support dynamic certificate serving functionality
 2018-08-13 10:49:43 -07:00
Elvin Efendi
bc37ba14e8 dont restrict status page to localhost only 2018-08-08 12:46:12 -04:00
Henry Tran
5200a38bd7 Add lua endpoint to handle certificates in dynamic configuration mode 2018-08-07 08:18:34 -04:00
Manuel Alejandro de Brito Fontes
a68820808a
Fix documentation (#2902) 2018-08-05 22:30:46 -04:00
k8s-ci-robot
7f7f59df79
Merge pull request #2894 from aledbf/authbind 
Use authbind to bind privileged ports
 2018-08-05 08:43:43 -07:00
Manuel de Brito Fontes
b148f113ae
Use authbind to bind privileged ports 2018-08-05 11:18:50 -04:00
k8s-ci-robot
060704c624
Merge pull request #2682 from aledbf/listen-localhost 
Use localhost to expose status server
 2018-08-04 17:16:56 -07:00
Manuel de Brito Fontes
6b2c7e08db Use localhost to expose status server 2018-08-04 18:57:56 -04:00
Tom Reznik
b7bcf92480 support configuring multi_accept directive via configmap 2018-08-04 19:20:01 +03:00
Tom Reznik
1bacf1655e support custom configuration to main context of nginx config 2018-08-04 00:53:06 +03:00
Manuel de Brito Fontes
69a2a27170 Refactor entrypoint to avoid issues with volumes 2018-07-30 16:10:40 -04:00
Elvin Efendi
a2692ce946 fix issues introduced in #2804 2018-07-26 14:23:51 -04:00
Elvin Efendi
ed19dc3bc6 fix custom-error-pages functionality in dynamic mode 2018-07-26 13:36:09 -04:00
Elvin Efendi
d4faf68416 add support for ExternalName service type in dynamic mode 2018-07-25 09:05:47 -04:00
k8s-ci-robot
43aabfc813
Merge pull request #2825 from aledbf/update-image 
Refactoring of how we run as user
 2018-07-22 07:11:17 -07:00
Elvin Efendi
fcaf337b30 cleanup lua tests 2018-07-21 22:36:05 -04:00
Manuel de Brito Fontes
7210518f80
Remove setcap and use authbind instead 2018-07-21 18:56:28 -04:00
takonomura
587c2a8765 Escape $request_uri for external auth 2018-07-19 15:22:05 +09:00
k8s-ci-robot
29ecae5b64
Merge pull request #2752 from dongqi1990/master 
use format "range v := iterative object" and "range k, v := iterative object" when the type of iterative object is slice and map in the file nginx.tmpl
 2018-07-18 04:34:20 -07:00
dongqi1990
50084b1167 use format "range v := iterative object" and "range k, v := iterative 
object" when the type of iterative object is slice and map in the file nginx.tmpl
 2018-07-18 15:02:55 +08:00
Manuel de Brito Fontes
1542a12764
Refactor controller metrics interface 2018-07-12 12:46:34 -04:00
Jason Stangroome
8e06afbb45 Allow gzip compress level to be controlled via ConfigMap 2018-07-09 10:30:59 +10:00
Manuel de Brito Fontes
479a519630
Use docker to build go binaries 2018-07-06 23:48:40 -04:00
Manuel de Brito Fontes
6c8647a27d
Remove prometheus labels with high cardinality 2018-06-25 09:43:56 -04:00
Brian Findlay
3b25f3438f Replace more_set_headers directive with more_clear_headers 2018-06-23 10:01:33 -04:00
k8s-ci-robot
700a2275d1
Merge pull request #2678 from hnrytrn/refactor-cert 
Refactor server type to include SSLCert
 2018-06-22 12:34:04 -07:00
Manuel Alejandro de Brito Fontes
df76d4b481
Update opentracing configuration (#2676) 2018-06-21 18:15:18 -04:00
Henry Tran
86def984a3 Merge remote-tracking branch 'origin' into refactor-cert 2018-06-21 11:43:47 -04:00
Henry Tran
2751cbf06d Refactor to add SSLCert as a field in server type 2018-06-21 11:34:29 -04:00
Manuel Alejandro de Brito Fontes
aec40c171f
Improve configuration change detection (#2656) 
* Use information about the configuration configmap to determine changes

* Add hashstructure dependency

* Rename queue functions

* Add test for configmap checksum
 2018-06-21 10:50:57 -04:00
k8s-ci-robot
fe9a5aec44
Merge pull request #2660 from aledbf/fix-modesecurity 
Change modsecurity directories
 2018-06-20 11:15:05 -07:00
Manuel de Brito Fontes
8107e0f659
Change modsecurity directories 2018-06-20 12:04:30 -04:00
Elvin Efendi
cb4755835e refactor some lua code 2018-06-19 12:46:49 +04:00
Manuel Alejandro de Brito Fontes
c4ec773966
Use a unix socket instead udp for reception of metrics (#2652) 2018-06-17 11:04:03 -04:00
Manuel Alejandro de Brito Fontes
fee8704b53
Add support for IPV6 in stream upstream servers (#2649) 2018-06-15 10:26:33 -04:00
k8s-ci-robot
3cbd2d66bf
Merge pull request #2643 from aledbf/remove-vts 
Remove VTS from the ingress controller
 2018-06-14 23:59:29 -07:00
k8s-ci-robot
dfca2a0d8d
Merge pull request #2451 from nusx/set-sticky-path-for-backend 
fix for #1930, make sessions sticky, for ingress with multiple rules …
 2018-06-14 20:47:28 -07:00
Manuel de Brito Fontes
63b38e1c21
Remove VTS from the ingress controller 2018-06-14 11:11:29 -04:00
Francisco Mejia
966e9f5e25 Add monitor lua module 2018-06-13 22:54:31 -04:00
Manuel de Brito Fontes
79199dd84c
Run as user dropping privileges 2018-06-12 10:18:36 -04:00
Stefan Schwärzler
1a320ae289 fix for #1930, make sessions sticky, for ingress with multiple rules and backends 
* for an ingress with session affinity cookie, set the location as path on the cookie when unique
* the previous behaviour ( cookie path=/ ) is preserved for ingresses with multiple rules for the same backend (locations not unique)

added e2e tests for session affinity, setting path on sticky config

added tests:
* it should set the path to /something on the generated cookie
* it should set the path to / on the generated cookie if there's more than one rule referring to the same backend
 2018-06-11 10:43:13 +02:00
Dario Nieuwenhuis
67b253a149 Add use-forwarded-headers configmap option. 2018-06-11 00:06:14 +02:00
Dmitry Stolyarov
02ff8244a2 Add $location_path variable 
When you define rules in ingress resource, you use path. So it would be
very useful to be able to use the same path in logs.
 2018-06-07 13:43:29 +03:00
Dmitry Stolyarov
59aac73785 Add $service_port variable 
According to TCP/IP (and common sense), $service_name is not enough to
uniquely identify service, we need $service_port for that.
 2018-06-07 13:43:20 +03:00
Dmitry Stolyarov
eafb1890d6 Move vars to the very beginning of the location 
To make it more clear, that you could use $namespace, $ingress_name and
$service_name variables anywhere in location (especialy in lua), move
their definition to the very begining of the location.
 2018-06-07 13:43:09 +03:00
Paul DeCarlo
3159384480 Use lua-platform-path symlink for all platforms 2018-06-04 18:15:59 -05:00
Elvin Efendi
d4e6c0dfd8 access_log should be off for internal /configuration endpoint 2018-05-31 16:01:54 -04:00
Elvin Efendi
b4e6513fc8 make sure after_balance is actually otional 
add inline comment to make LB algorithm change detection logic clearer

also require port in addition to host
 2018-05-28 16:08:53 -04:00
Elvin Efendi
04b7356190 fix ewma.balance and add unit tests for it 2018-05-28 15:51:58 -04:00
Elvin Efendi
da3a87646a make sure balancer gets deleted when ther is no backend 2018-05-28 15:51:58 -04:00
Elvin Efendi
e9dc275b81 refactor balancer into more testable and extensible interface 2018-05-28 15:51:58 -04:00
k8s-ci-robot
b8b5e5bc51
Merge pull request #2548 from Stono/master 
Implement generate-request-id
 2018-05-21 13:55:12 -07:00
Karl Stoney
206d32a2cd Implement generate-request-id 
Fixes https://github.com/kubernetes/ingress-nginx/issues/2546
 2018-05-21 08:32:50 +01:00
Lorenzo Fontana
d434583b53
InfluxDB configuration string template builder helper 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2018-05-19 09:22:49 +02:00
Lorenzo Fontana
93be8db612
Annotations for the InfluxDB Module 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2018-05-19 09:22:46 +02:00
Fernando Diaz
e224259e38 Resolves issue with proxy-redirect nginx configuration 
Resolves an issue where the proxy-redirect annotations were not generating the
correct configuration possibly because of user error. This is done by only
setting the proxy_redirect if both proxy-redirect-from and proxy-redirect-to
have valid values. Also adds the e2e tests.

Fixes #2074
 2018-05-17 11:22:31 -05:00
Manuel de Brito Fontes
ff3e182350 Add support for grpc_set_header 2018-05-17 08:35:11 -04:00
Manuel de Brito Fontes
692ab5e53c
Remove go-bindata 2018-05-17 07:58:50 -04:00
Elvin Efendi
7ac4e1db30 fix bug with lua sticky session implementation and refactor balancer 2018-05-16 21:00:39 -04:00
Elvin Efendi
44ddd8abba force backend sync when worker starts 2018-05-14 17:08:23 -04:00
Elvin Efendi
992a68de23 upstream-hash-by should override load-balance annotation 2018-05-10 13:47:19 -04:00
Elvin Efendi
6cb28e059c use roundrobin from lua-resty-balancer library and refactor balancer.lua 2018-05-10 13:47:19 -04:00
Elvin Efendi
51cf184c51 always use x-request-id 2018-04-28 00:31:23 -04:00
Elvin Efendi
2ce9196ecf upstream-hash-by annotation support for dynamic configuraton mode 2018-04-27 14:28:43 -04:00
JordanP
c995031ffd Add annotation to enable rewrite logs in a location 2018-04-27 17:50:14 +02:00
Adam Netočný
8b6f043fd8 Add buffer configuration to external auth location config 2018-04-26 16:04:12 +02:00
k8s-ci-robot
9533aa45cc
Merge pull request #2408 from Shopify/updated-buffered-backends 
Read backends data even if buffered to temp file
 2018-04-24 14:09:02 -07:00
Andrew Louis
d3d383d1cc Endpoint Awareness: Read backends data from tmp file as well 
Actually read from the file

Logs probably shouldn't assume knowledge of implementation detail

Typos

Added integration test, and dynamic update config refactor

Don't force the 8k default

Minimal test case to make the configuration/backends request body write to temp file

Leverage new safe config updating methods, and use 2 replicas instead of 4

Small refactor

Better integration test, addresses other feedback

Update bindata
 2018-04-24 15:07:59 -04:00
Zenara Daley
0d0d33aec9 add balancer unit tests 2018-04-24 12:10:57 -04:00
Zenara Daley
4f9865529a Add busted unit testing framework for lua code 2018-04-23 10:46:28 -04:00
Nick Novitski
8886b8a50e Add vts-sum-key config flag 2018-04-17 11:39:32 -07:00
Giancarlo Rubio
c60ed24f4b Detect if header injected request_id before creating one 2018-04-17 15:49:35 +02:00
Bastian Hofmann
1c17962ba0 Add proxy-add-original-uri-header config flag 
This makes it configurable if a location adds an X-Original-Uri header to the backend request. Default is "true", the current behaviour.
 2018-04-16 12:34:26 +02:00
k8s-ci-robot
8855460817
Merge pull request #2341 from Shopify/custom-sticky 
Add session affinity to custom load balancing
 2018-04-12 17:22:59 -07:00
Zenara Daley
4b11fe4d25 Fix nginx template 2018-04-12 15:43:13 -04:00
Zenara Daley
6ed256dde6 Add session affinity to custom load balancing 2018-04-12 14:21:42 -04:00
Zenara Daley
4b76ad14bb Fix buildupstream name to work with dynamic session affinity 2018-04-12 14:01:46 -04:00
oilbeater
1be1f658b4 disable lua for arch s390x and ppc64le 
LuaJIT is not available for s390x and ppc64le, disable the lua part in nginx.tmpl on these platform.
 2018-04-12 08:30:56 +08:00
Elvin Efendi
d6eb44376d run lua-resty-waf in different modes (#2317) 
* run lua-resty-waf in different modes

* update docs
 2018-04-09 09:19:13 -03:00
Elvin Efendi
bad8295a42 extra waf rules per ingress (#2315) 
* extra waf rules per ingress

* document annotation nginx.ingress.kubernetes.io/lua-resty-waf-extra-rules

* regenerate internal/file/bindata.go
 2018-04-09 07:14:30 -03:00
Elvin Efendi
16faf309ca annotation to ignore given list of WAF rulesets (#2314) 2018-04-08 22:55:23 -03:00
Elvin Efendi
a6fe800a47 lua-resty-waf controller (#2304) 2018-04-08 17:37:13 -03:00
Manuel Alejandro de Brito Fontes
b17ed7b6fd
Configure upload limits for setup of lua load balancer (#2309) 2018-04-08 15:47:49 -03:00
Manuel Alejandro de Brito Fontes
1c65320618
Add verification of lua load balancer to health check (#2308) 2018-04-08 15:24:37 -03:00
Manuel Alejandro de Brito Fontes
ab8349008a
Improve indentation of generated nginx.conf (#2296) 2018-04-05 18:19:30 -03:00
Manuel Alejandro de Brito Fontes
dd2bc91018
Fix HSTS without preload (#2294) 2018-04-04 23:17:51 -03:00
Alvaro Aleman
e7aa74b5d4 Add NoAuthLocations and default it to "/.well-known/acme-challenge" (#2243) 
* Add NoAuthLocations and default it to "/.well-known/acme-challenge"

* Add e2e tests for no-auth-location

* Improve wording of no-auth-location tests
 2018-04-01 21:02:34 -03:00
Elvin Efendi
931e541fb7 Fix bug when auth req is enabled(external authentication) (#2280) 
* set proxy_upstream_name correctly when auth_req module is used

* log a more meaningful message when backend is not found
 2018-03-30 14:19:33 -03:00
Manuel Alejandro de Brito Fontes
146db43794
Disable opentracing for nginx internal urls (#2272) 2018-03-29 13:47:13 -03:00
Oilbeater
c6c219a7d1 clean up tmpl (#2263) 
The nginx.conf generated now is too messy remove some section only useful when dynamic configure enabled and headers only useful for https.
 2018-03-29 09:36:00 -03:00
Sylvain Rabot
385368990c Managing a whitelist for _/nginx_status (#2187) 
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
 2018-03-28 09:27:34 -03:00
Zenara Daley
6e099c5f57 Add EWMA as configurable load balancing algorithm (#2229) 2018-03-23 12:06:21 -03:00
Oilbeater
0b0a274a9a fix: cannot set $service_name if use rewrite (#2220) 
$path here is the regular expression formatted nginx location not the origin path in ingress rules. Fix https://github.com/kubernetes/ingress-nginx/issues/2131
 2018-03-22 09:43:45 -03:00
halfcrazy
b45ee8d85f Add missing configuration in #2235 (#2236) 2018-03-22 08:53:29 -03:00
maxlaverse
8575769781 Make proxy_next_upstream_tries configurable (#2232) 
* Make proxy_next_upstream_tries configurable

* Code generation
 2018-03-22 08:12:36 -03:00
halfcrazy
4f5fa47d27 add proxy header ssl-client-issuer-dn, fix #2178 (#2235) 2018-03-22 01:38:47 -03:00
Elvin Efendi
634959fd79 do not hardcode keepalive for upstream_balancer (#2227) 2018-03-21 00:42:22 -03:00
Elvin Efendi
08252e2eef allow ipv6 localhost when enabled (#2210) 2018-03-19 13:32:55 -03:00
Manuel Alejandro de Brito Fontes
6b7491f432
Fix dynamic configuration when custom errors are enabled (#2212) 2018-03-19 12:55:17 -03:00
turettn
de30e53d62 Expose SSL client cert data to external auth provider. (#2078) 2018-03-19 09:30:36 -03:00
Alvaro Aleman
94deb3a01a Add configoption to exclude routes from tls upgrading (#2203) 
* Add configoption to exclude routes from tls upgrading

* Add tests for IsLocationInLocationList

* Seperate elements in NoTLSRedirectLocations by comma

* Set NoTLSRedirectLocations to "/.well-known/acme-challenge/" by default

* Remove trailing slash from "/.well-known/acme-challenge" default
 2018-03-18 17:44:59 -03:00
halfcrazy
977cfcb4c7 add luacheck to lint lua files (#2205) 2018-03-18 13:31:49 -03:00
Oilbeater
5c02d700cb Allow config to disable geoip (#2202) 
For a offline or private cloud environment, geoip is not needed.
Implementing https://github.com/kubernetes/ingress-nginx/issues/2179
 2018-03-18 13:30:05 -03:00
Elvin Efendi
c90a4e811e Live Nginx (re)configuration without reloading (#2174) 2018-03-18 10:13:41 -03:00
Oilbeater
41cefeb178 Add worker-cpu-affinity nginx option (#2201) 
worker_cpu_affinity is a common optimization method for improving nginx performance, adding this as a custom configuration. Also fix some format issues found during editing.
 2018-03-16 13:32:45 -03:00
Elvin Efendi
36cce00fdd configuring load balancing per ingress (#2167) 
* configure load balancing through a ingress annotation

* update docs
 2018-03-09 13:09:41 -08:00
Manuel Alejandro de Brito Fontes
3c67976969
In case of TLS errors do not allow traffic (#2146) 2018-02-25 17:20:14 -03:00
Manuel Alejandro de Brito Fontes
216fe01a07
Add option in the configuration configmap to enable remote logging (syslog) (#2145) 2018-02-25 12:47:14 -03:00
Manuel Alejandro de Brito Fontes
0dee303ac2
Add annotation to disable logs in a location (#2144) 2018-02-25 11:38:54 -03:00
Manuel Alejandro de Brito Fontes
edb3be64ea
Only add HSTS headers in HTTPS (#2143) 2018-02-25 11:18:42 -03:00
Manuel Alejandro de Brito Fontes
94a85c99f7
Cors header should always be returned (#2140) 2018-02-24 17:52:23 -03:00
Karl Stoney
d1b6f32981 Enabled the dynamic reload of GeoIP data (#2107) 
* Moved geoip data into its own folder so it can be volume mounted

* Added FS watches for the geoip data

* Fixed single quotes issue (interpolation)

* Fixed gofmt errors

* Updated to directory crawl
 2018-02-17 12:24:50 -08:00
Karl Stoney
769f11df60 Added GeoIP Organisational data (#2099) 2018-02-15 14:10:20 -08:00
Manuel Alejandro de Brito Fontes
33475b7184
Fix opentracing configuration when multiple options are configured (#2075) 2018-02-12 16:08:49 -08:00
Elvin Efendi
a30bf2154e do not ignore $http_host and $http_x_forwarded_host (#2030) 2018-02-06 10:59:59 -08:00
Luke Jolly
42076e8ed0 Added configmap option to disable IPv6 in nginx DNS resolver (#1992) 2018-02-02 11:53:28 -08:00
Anish Ramasekar
d7ef6b3fc7 Add support for enabling ssl_ciphers per host (#2006) 
* Add support for adding ssl_ciphers

* Add documentation
 2018-01-31 08:53:07 -08:00
Anish Ramasekar
2f700a9ad5 Add limit-request-status-code option (#2001) 
* Add support for limit_req_status

* Add documentation

* Fix comment
 2018-01-30 07:24:44 -06:00
Qiu Jian
951a704cec Add connection-proxy-header annotation (#1999) 
This is the override the default connection header
 2018-01-29 22:29:03 -06:00
Anish Ramasekar
b020686599 Add support to enable/disable proxy buffering (#1998) 
* Enable proxy buffering using configmap and annotation

* add documentation
 2018-01-29 08:43:55 -06:00
Fernando Diaz
d1ae7ff29c Enable Customization of Auth Request Redirect (#1993) 
Adds the 'nginx.ingress.kubernetes.io/auth-request-redirect'
annotation, which allows the customization of the
'X-Auth-Request-Redirect' Header. Fixes: #1979
 2018-01-27 21:32:08 -03:00
Manuel Alejandro de Brito Fontes
fb3a317f4d
Rollback #1854 (#1969) 2018-01-24 14:28:34 -03:00
Manuel Alejandro de Brito Fontes
8975800740
Add support to hide headers from upstream servers (#1928) 2018-01-18 16:37:22 -02:00
Manuel Alejandro de Brito Fontes
858f3398f8
Remove sendfile configuration (#1927) 2018-01-18 15:22:59 -02:00
Manuel Alejandro de Brito Fontes
52794ae22d
Do not use port from host header (#1926) 2018-01-18 14:51:58 -02:00
Manuel Alejandro de Brito Fontes
b50cdc0256
Add option for reuseport in nginx listen section (#1919) 2018-01-17 21:12:46 -02:00
Manuel Alejandro de Brito Fontes
28058f0edc
Add support for jaeger backend (#1916) 2018-01-17 19:28:59 -02:00
Manuel Alejandro de Brito Fontes
807932259e
If server_tokens is disabled remove the Server header (#1903) 
* If server_tokens is disabled remove the Server header

* Add server-tokens tests

* Fix tests
 2018-01-17 10:26:53 -02:00
Manuel Alejandro de Brito Fontes
b0e0712984
Fix custom port in redirects (#1907) 2018-01-17 10:20:41 -02:00
Márk Sági-Kazár
313fdd2d1a Add CORS max age annotation (#1888) 
Add cors-max-age annotation
 2018-01-09 09:19:42 -02:00
Manuel Alejandro de Brito Fontes
da829748ec
Fix SSL Passthrough template issue and custom ports in redirect to HTTPS (#1870) 2018-01-02 14:48:42 -03:00
Tang Le
d22038b3af "proxy_redirect default" should be placed after the "proxy_pass" (#1869) 
When use nginx.ingress.kubernetes.io/proxy-redirect-from: default
annotation. ingress controller will report:
"""
Error: exit status 1
2018/01/02 07:03:11 [emerg] 181#181: "proxy_redirect default" should be placed after the "proxy_pass" directive in /tmp/nginx-cfg632387194:366
nginx: [emerg] "proxy_redirect default" should be placed after the "proxy_pass" directive in /tmp/nginx-cfg632387194:366
nginx: configuration file /tmp/nginx-cfg632387194 test failed
"""

Signed-off-by: Tang <at28997146@163.com>
 2018-01-02 08:34:20 -03:00
Manuel Alejandro de Brito Fontes
54cfad0a07
When upstream-hash-by annotation is used do not configure a lb algorithm (#1858) 2017-12-27 07:48:06 -03:00
Manuel Alejandro de Brito Fontes
6a34e9c261
Fix redirect to ssl (#1854) 2017-12-26 22:53:43 -03:00
Manuel Alejandro de Brito Fontes
fead9087ac
Validate x-forwarded-proto and connection scheme before redirecting to https (#1844) 2017-12-21 12:44:08 -03:00
Gabi Davar
8325ca9934
force external_auth requests to http/1.1 2017-12-02 17:05:13 +02:00
Manuel de Brito Fontes
3058e7758d Add setting to configure proxy responses in the stream section 2017-11-30 17:53:23 -03:00
Manuel de Brito Fontes
161b485ae0 Add option to configure the redirect code 2017-11-30 12:08:43 -03:00
Manuel de Brito Fontes
be185b9743 Use custom https port in redirects 2017-11-29 17:16:45 -03:00
Ricardo Katz
e93c75f46e
Changes ssl-client-cert header 2017-11-20 15:15:31 -02:00
Manuel de Brito Fontes
2223ea9600 Add annotation to enable passing the certificate to the upstream server 2017-11-17 21:28:45 -03:00
Manuel de Brito Fontes
c5b0c8ab0d Add annotation for setting proxy_redirect 2017-11-13 20:19:41 -03:00
Manuel de Brito Fontes
a858c549d9 Add e2e tests for auth annotation 2017-11-12 20:08:32 -03:00
Manuel de Brito Fontes
fdd231816c Disable features not availables in some platforms 2017-11-12 11:12:58 -03:00
Manuel Alejandro de Brito Fontes
d7f72ad8f3
Merge pull request #1696 from aledbf/cors-headers 
Always add cors headers when enabled
 2017-11-12 10:38:40 -03:00
Manuel de Brito Fontes
f4cbf7b888 Update nginx to v0.29 2017-11-12 10:16:52 -03:00
Manuel de Brito Fontes
e7d412c3e8 Always add cors headers when enabled 2017-11-12 01:58:52 -03:00
Manuel de Brito Fontes
cf42d3b275 Fix docker build 2017-11-12 01:46:53 -03:00
Manuel de Brito Fontes
896b407c05 Rollback to nginx-slim 0.28 until new nginx-slim-release 2017-11-12 01:26:04 -03:00
Manuel de Brito Fontes
1cee16f96a Enable s390x 2017-11-12 00:40:10 -03:00
chrisblu
2dfaaa7b9d Add the original http request method to the auth request 2017-11-08 12:14:04 +01:00
Manuel de Brito Fontes
5115adef82 Update nginx to 0.28 and enable brotli 2017-11-01 22:54:22 -03:00
Manuel de Brito Fontes
ff87480070 Disable brotli temporarily [ci skip] 2017-11-01 20:49:53 -03:00
Manuel Alejandro de Brito Fontes
dc3225e5ee
Merge pull request #1627 from estaleiro/brotli 
Add brotli support
 2017-11-01 17:49:11 -03:00
Manuel de Brito Fontes
9015aadc83 Install deumb-init using apt-get 2017-11-01 17:25:14 -03:00
Ricardo Pchevuzinske Katz
fddcfd0340 Adds Brotli support 2017-11-01 17:53:18 -02:00
Joao Morais
29d90a6f18 Add client-dn header 2017-10-31 13:50:06 -02:00