DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
5519 commits 4 branches 217 tags 166 MiB
Commit graph

347 commits

Author SHA1 Message Date
k8s-ci-robot
bf7ad0daca
Merge pull request #3374 from aledbf/restore-tcp-udp 
Revert removal of support for TCP and UDP services
 2018-11-18 08:33:29 -08:00
k8s-ci-robot
34598e71e0
Merge pull request #3428 from aledbf/set-variables 
Set proxy_host variable to avoid using default value from proxy_pass
 2018-11-18 02:17:49 -08:00
k8s-ci-robot
442b01e5e8
Merge pull request #3400 from diazjf/more-modsecurity 
Add Snippet for ModSecurity
 2018-11-17 03:35:53 -08:00
Manuel Alejandro de Brito Fontes
a2d50c2cd6
Set proxy_host variable to avoid using default value from proxy_pass 2018-11-16 14:55:53 -03:00
Manuel Alejandro de Brito Fontes
168f30d1ec Revert removal of support for TCP and UDP services 2018-11-16 13:48:47 -03:00
Fernando Diaz
95b3042b6e Add a Snippet for ModSecurity 
Allows for the configuration of Mod Security rules via
a Snippet.
 2018-11-14 23:31:27 -06:00
Maxime Ginters
20b095f444 Fix X-Forwarded-Proto typo 2018-11-14 10:19:31 -05:00
Maxime Ginters
0f3e2b9bf0 Convert isValidClientBodyBufferSize to something more generic and use it for client_max_body_size 2018-11-13 10:11:40 -05:00
Maxime Ginters
e1720d62f4 Prevent X-Forwarded-Proto forward during external auth subrequest 2018-11-12 09:13:48 -05:00
Fernando Diaz
5195600841 Allows ModSecurity to be configured per location 
The following annotations will be added:

- enable-modsecurity
- enable-owasp-core-rules
- modsecurity-transaction-id

Fixes #3167
 2018-11-06 22:24:31 -06:00
k8s-ci-robot
265f96bf14
Merge pull request #3344 from ecosia/jg-customerrors-per-ingress 
Adds CustomHTTPErrors ingress annotation and test
 2018-11-06 09:21:49 -08:00
jasongwartz
0ebf0354cb Adds CustomHTTPErrors ingress annotation and test 
Adds per-server/location error-catch functionality to nginx template

Adds documentation

Reduces template duplication with helper function for CUSTOM_ERRORS data

Updates documentation

Adds e2e test for customerrors

Removes AllCustomHTTPErrors, replaces with template function with deduplication and adds e2e test of deduplication

Fixes copy-paste error in test, adds additional test cases

Reverts noop change in controller.go (unused now)
 2018-11-06 16:47:52 +01:00
Adnan Baruni
b511333130 add support for auth-snippet annotation 
add test for new auth-snippet annotation

document auth-snippet annotation

add e2e test for auth-snippet annotation

add log warning and update documentation
 2018-11-05 16:02:29 -06:00
Manuel Alejandro de Brito Fontes
36aceded32
Avoid reloads when endpoints are not available 2018-11-01 10:00:49 -03:00
Manuel Alejandro de Brito Fontes
71ebe1cba5 Code linting 2018-10-30 20:46:48 -03:00
Maximilian Bode
c27c57dc8b Add configuration for geoip2 module 
Based on closed PRs #2551, #2755
 2018-10-29 21:25:23 +01:00
k8s-ci-robot
063f652711
Merge pull request #3187 from DesmondHoLLM/feature/annotations-resty-lua 
UPT: annotation enhancement for resty-lua-waf
 2018-10-25 00:06:03 -07:00
Desmond Ho
bf03046a80 UPT: updated e2e test and default true for process-multipart-body annotation 2018-10-25 14:17:38 +08:00
Elvin Efendi
5cc116fa10 fix bug with balancer.lua configuration 2018-10-24 22:42:40 +04:00
Desmond Ho
bab521e81a UPT: align waf options 2018-10-20 12:46:39 +08:00
Desmond Ho
04a89ce234 UPT: annotation enhancement for resty-lua-waf 2018-10-20 12:09:38 +08:00
Fernando Diaz
12955a4a1b Allow Ability to Configure Upstream Keepalive 
Allows Upstream Keepalive values like keepalive_timeout and
keepalive_requests to be configured via ConfigMap.

Fixes #3099
 2018-10-11 20:46:42 -05:00
k8s-ci-robot
3edf11b85f
Merge pull request #3198 from aledbf/only-dynamic 
Only support dynamic configuration
 2018-10-10 05:07:34 -07:00
Manuel Alejandro de Brito Fontes
74c2f93de6
Only support dynamic configuration 2018-10-09 22:05:45 -03:00
k8s-ci-robot
f56ab42cd2
Merge pull request #3194 from bshelton229/literal-dollar-character 
Make literal $ character work in set $location_path
 2018-10-09 15:52:39 -07:00
Bryan Shelton
3686e4f366 Move escapeLocationPathVar to escapeLiteralDollar 2018-10-09 12:58:50 -07:00
Elvin Efendi
78f12c25c5 delete upstream healthcheck annotation 2018-10-09 09:14:13 -04:00
k8s-ci-robot
3cf00b2fd8
Merge pull request #3197 from aledbf/remove-tcp-udp 
Remove support for TCP and UDP services
 2018-10-08 07:19:39 -07:00
k8s-ci-robot
182767b06b
Merge pull request #3170 from Globegitter/move-mainsnippet 
Move mainSnippet before events to fix load_module issue.
 2018-10-08 06:22:25 -07:00
Bryan Shelton
3dc131bd57 Make literal $ character work in set $location_path 2018-10-07 12:58:39 -07:00
Manuel Alejandro de Brito Fontes
44bdc7eb59 Remove support for TCP and UDP services 2018-10-07 10:53:37 -03:00
k8s-ci-robot
b46523a1f4
Merge pull request #3149 from diazjf/proxy-e2e-tests 
Add e2e Tests for Proxy Annotations
 2018-10-05 05:15:09 -07:00
Globegitter
8848c1864a Move mainSnippet before events. 2018-10-02 15:24:44 +02:00
Fernando Diaz
e5dca9353e Remove Unneeded Quotes from Nginx Directives 
Removes quotes from nginx directives which my cause issues with
their functionality

Fixes #3152
 2018-10-01 16:10:33 -05:00
k8s-ci-robot
d9f58144eb
Merge pull request #3145 from Shopify/regex-modifier 
Add "use-regex" Annotation to Toggle Regular Expression Location Modifier
 2018-10-01 11:31:43 -07:00
Zenara Daley
f29bdc3e8d Add 'use regex' annotation to toggle nginx regex location modifier 2018-10-01 13:54:11 -04:00
Markus Padourek
bf4be49c02 Fix incorrect .DisableLua access. (#3144) 
* Fix incorrect .DisableLua access.

* Address comment.
 2018-09-26 14:05:05 -03:00
Globegitter
a2ccd1f224 Fix usage for $all. 2018-09-26 16:38:16 +02:00
Markus Padourek
fe219db231
Ensure monitoring for custom error pages 
Fixes #3140
 2018-09-26 16:26:38 +02:00
Elvin Efendi
b3a22f7fc0 do not require --default-backend-service 2018-09-25 21:14:28 -04:00
k8s-ci-robot
c4a562dded
Merge pull request #3130 from alanbover/fix/newlines_location_denied 
fix newlines location denied
 2018-09-25 07:04:50 -07:00
Alan Bover
6454608c6c fix newlines location denied 2018-09-25 15:36:23 +02:00
k8s-ci-robot
6393ca6aaf
Merge pull request #2997 from StarOfService/global-block-ip-ua-ref 
Provide possibility to block IPs, User-Agents and Referers globally
 2018-09-25 05:51:56 -07:00
Pavel Sinkevych
7212d0081b Provide possibility to block CIDRs, User-Agents and Referers globally 2018-09-25 14:16:20 +03:00
k8s-ci-robot
6ed5c95562
Merge pull request #3098 from ElvinEfendi/make-keepalive-work 
make upstream keepalive work for http
 2018-09-15 07:36:27 -07:00
Elvin Efendi
6511fa9f58 make upstream keepalive work for http 2018-09-14 19:40:54 -04:00
Zenara Daley
0e6f0bb88d enforce ^~ location modifier when rewrite-target annotation is set 2018-09-13 10:39:52 -04:00
k8s-ci-robot
0a9db37e0f
Merge pull request #3062 from lahsivjar/issue-fix-host-header 
Pass Host header for custom errors
 2018-09-09 09:51:13 -07:00
Vishal Raj
4e14b809df Pass Host header for custom errors 2018-09-09 19:39:10 +08:00
Derek Perkins
9099f3b4db add support for http2-max-requests in configmap 2018-09-02 23:53:30 -06:00
k8s-ci-robot
b0b575db33
Merge pull request #2965 from Shopify/dynamic-certificates-nginx 
Add Lua module to serve SSL Certificates dynamically
 2018-08-23 20:27:55 -07:00
Henry Tran
cbf041fc3e Add Lua module to serve SSL Certificates dynamically 2018-08-23 22:15:54 -04:00
Manuel de Brito Fontes
f6905ae0ff Pass real source IP address to auth request 2018-08-23 10:37:33 -03:00
Elvin Efendi
2207d7694d batch metrics and flush periodically 2018-08-18 13:17:21 -04:00
Dario Nieuwenhuis
b5bcb93a4b
Merge branch 'master' into xff 2018-08-16 18:15:14 +02:00
Elvin Efendi
bc37ba14e8 dont restrict status page to localhost only 2018-08-08 12:46:12 -04:00
Manuel Alejandro de Brito Fontes
a68820808a
Fix documentation (#2902) 2018-08-05 22:30:46 -04:00
k8s-ci-robot
7f7f59df79
Merge pull request #2894 from aledbf/authbind 
Use authbind to bind privileged ports
 2018-08-05 08:43:43 -07:00
Manuel de Brito Fontes
b148f113ae
Use authbind to bind privileged ports 2018-08-05 11:18:50 -04:00
k8s-ci-robot
060704c624
Merge pull request #2682 from aledbf/listen-localhost 
Use localhost to expose status server
 2018-08-04 17:16:56 -07:00
Manuel de Brito Fontes
6b2c7e08db Use localhost to expose status server 2018-08-04 18:57:56 -04:00
Tom Reznik
b7bcf92480 support configuring multi_accept directive via configmap 2018-08-04 19:20:01 +03:00
Tom Reznik
1bacf1655e support custom configuration to main context of nginx config 2018-08-04 00:53:06 +03:00
Elvin Efendi
ed19dc3bc6 fix custom-error-pages functionality in dynamic mode 2018-07-26 13:36:09 -04:00
Elvin Efendi
d4faf68416 add support for ExternalName service type in dynamic mode 2018-07-25 09:05:47 -04:00
takonomura
587c2a8765 Escape $request_uri for external auth 2018-07-19 15:22:05 +09:00
k8s-ci-robot
29ecae5b64
Merge pull request #2752 from dongqi1990/master 
use format "range v := iterative object" and "range k, v := iterative object" when the type of iterative object is slice and map in the file nginx.tmpl
 2018-07-18 04:34:20 -07:00
dongqi1990
50084b1167 use format "range v := iterative object" and "range k, v := iterative 
object" when the type of iterative object is slice and map in the file nginx.tmpl
 2018-07-18 15:02:55 +08:00
Jason Stangroome
8e06afbb45 Allow gzip compress level to be controlled via ConfigMap 2018-07-09 10:30:59 +10:00
Brian Findlay
3b25f3438f Replace more_set_headers directive with more_clear_headers 2018-06-23 10:01:33 -04:00
k8s-ci-robot
700a2275d1
Merge pull request #2678 from hnrytrn/refactor-cert 
Refactor server type to include SSLCert
 2018-06-22 12:34:04 -07:00
Manuel Alejandro de Brito Fontes
df76d4b481
Update opentracing configuration (#2676) 2018-06-21 18:15:18 -04:00
Henry Tran
86def984a3 Merge remote-tracking branch 'origin' into refactor-cert 2018-06-21 11:43:47 -04:00
Henry Tran
2751cbf06d Refactor to add SSLCert as a field in server type 2018-06-21 11:34:29 -04:00
Manuel Alejandro de Brito Fontes
aec40c171f
Improve configuration change detection (#2656) 
* Use information about the configuration configmap to determine changes

* Add hashstructure dependency

* Rename queue functions

* Add test for configmap checksum
 2018-06-21 10:50:57 -04:00
Elvin Efendi
cb4755835e refactor some lua code 2018-06-19 12:46:49 +04:00
Manuel Alejandro de Brito Fontes
fee8704b53
Add support for IPV6 in stream upstream servers (#2649) 2018-06-15 10:26:33 -04:00
k8s-ci-robot
3cbd2d66bf
Merge pull request #2643 from aledbf/remove-vts 
Remove VTS from the ingress controller
 2018-06-14 23:59:29 -07:00
k8s-ci-robot
dfca2a0d8d
Merge pull request #2451 from nusx/set-sticky-path-for-backend 
fix for #1930, make sessions sticky, for ingress with multiple rules …
 2018-06-14 20:47:28 -07:00
Manuel de Brito Fontes
63b38e1c21
Remove VTS from the ingress controller 2018-06-14 11:11:29 -04:00
Francisco Mejia
966e9f5e25 Add monitor lua module 2018-06-13 22:54:31 -04:00
Manuel de Brito Fontes
79199dd84c
Run as user dropping privileges 2018-06-12 10:18:36 -04:00
Stefan Schwärzler
1a320ae289 fix for #1930, make sessions sticky, for ingress with multiple rules and backends 
* for an ingress with session affinity cookie, set the location as path on the cookie when unique
* the previous behaviour ( cookie path=/ ) is preserved for ingresses with multiple rules for the same backend (locations not unique)

added e2e tests for session affinity, setting path on sticky config

added tests:
* it should set the path to /something on the generated cookie
* it should set the path to / on the generated cookie if there's more than one rule referring to the same backend
 2018-06-11 10:43:13 +02:00
Dario Nieuwenhuis
67b253a149 Add use-forwarded-headers configmap option. 2018-06-11 00:06:14 +02:00
Dmitry Stolyarov
02ff8244a2 Add $location_path variable 
When you define rules in ingress resource, you use path. So it would be
very useful to be able to use the same path in logs.
 2018-06-07 13:43:29 +03:00
Dmitry Stolyarov
59aac73785 Add $service_port variable 
According to TCP/IP (and common sense), $service_name is not enough to
uniquely identify service, we need $service_port for that.
 2018-06-07 13:43:20 +03:00
Dmitry Stolyarov
eafb1890d6 Move vars to the very beginning of the location 
To make it more clear, that you could use $namespace, $ingress_name and
$service_name variables anywhere in location (especialy in lua), move
their definition to the very begining of the location.
 2018-06-07 13:43:09 +03:00
Paul DeCarlo
3159384480 Use lua-platform-path symlink for all platforms 2018-06-04 18:15:59 -05:00
Elvin Efendi
d4e6c0dfd8 access_log should be off for internal /configuration endpoint 2018-05-31 16:01:54 -04:00
Elvin Efendi
da3a87646a make sure balancer gets deleted when ther is no backend 2018-05-28 15:51:58 -04:00
k8s-ci-robot
b8b5e5bc51
Merge pull request #2548 from Stono/master 
Implement generate-request-id
 2018-05-21 13:55:12 -07:00
Karl Stoney
206d32a2cd Implement generate-request-id 
Fixes https://github.com/kubernetes/ingress-nginx/issues/2546
 2018-05-21 08:32:50 +01:00
Lorenzo Fontana
d434583b53
InfluxDB configuration string template builder helper 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2018-05-19 09:22:49 +02:00
Lorenzo Fontana
93be8db612
Annotations for the InfluxDB Module 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2018-05-19 09:22:46 +02:00
Fernando Diaz
e224259e38 Resolves issue with proxy-redirect nginx configuration 
Resolves an issue where the proxy-redirect annotations were not generating the
correct configuration possibly because of user error. This is done by only
setting the proxy_redirect if both proxy-redirect-from and proxy-redirect-to
have valid values. Also adds the e2e tests.

Fixes #2074
 2018-05-17 11:22:31 -05:00
Manuel de Brito Fontes
ff3e182350 Add support for grpc_set_header 2018-05-17 08:35:11 -04:00
Elvin Efendi
51cf184c51 always use x-request-id 2018-04-28 00:31:23 -04:00
JordanP
c995031ffd Add annotation to enable rewrite logs in a location 2018-04-27 17:50:14 +02:00
Adam Netočný
8b6f043fd8 Add buffer configuration to external auth location config 2018-04-26 16:04:12 +02:00
Nick Novitski
8886b8a50e Add vts-sum-key config flag 2018-04-17 11:39:32 -07:00
Giancarlo Rubio
c60ed24f4b Detect if header injected request_id before creating one 2018-04-17 15:49:35 +02:00
Bastian Hofmann
1c17962ba0 Add proxy-add-original-uri-header config flag 
This makes it configurable if a location adds an X-Original-Uri header to the backend request. Default is "true", the current behaviour.
 2018-04-16 12:34:26 +02:00
Zenara Daley
4b11fe4d25 Fix nginx template 2018-04-12 15:43:13 -04:00
Zenara Daley
4b76ad14bb Fix buildupstream name to work with dynamic session affinity 2018-04-12 14:01:46 -04:00
oilbeater
1be1f658b4 disable lua for arch s390x and ppc64le 
LuaJIT is not available for s390x and ppc64le, disable the lua part in nginx.tmpl on these platform.
 2018-04-12 08:30:56 +08:00
Elvin Efendi
d6eb44376d run lua-resty-waf in different modes (#2317) 
* run lua-resty-waf in different modes

* update docs
 2018-04-09 09:19:13 -03:00
Elvin Efendi
bad8295a42 extra waf rules per ingress (#2315) 
* extra waf rules per ingress

* document annotation nginx.ingress.kubernetes.io/lua-resty-waf-extra-rules

* regenerate internal/file/bindata.go
 2018-04-09 07:14:30 -03:00
Elvin Efendi
16faf309ca annotation to ignore given list of WAF rulesets (#2314) 2018-04-08 22:55:23 -03:00
Elvin Efendi
a6fe800a47 lua-resty-waf controller (#2304) 2018-04-08 17:37:13 -03:00
Manuel Alejandro de Brito Fontes
b17ed7b6fd
Configure upload limits for setup of lua load balancer (#2309) 2018-04-08 15:47:49 -03:00
Manuel Alejandro de Brito Fontes
1c65320618
Add verification of lua load balancer to health check (#2308) 2018-04-08 15:24:37 -03:00
Manuel Alejandro de Brito Fontes
dd2bc91018
Fix HSTS without preload (#2294) 2018-04-04 23:17:51 -03:00
Alvaro Aleman
e7aa74b5d4 Add NoAuthLocations and default it to "/.well-known/acme-challenge" (#2243) 
* Add NoAuthLocations and default it to "/.well-known/acme-challenge"

* Add e2e tests for no-auth-location

* Improve wording of no-auth-location tests
 2018-04-01 21:02:34 -03:00
Elvin Efendi
931e541fb7 Fix bug when auth req is enabled(external authentication) (#2280) 
* set proxy_upstream_name correctly when auth_req module is used

* log a more meaningful message when backend is not found
 2018-03-30 14:19:33 -03:00
Manuel Alejandro de Brito Fontes
146db43794
Disable opentracing for nginx internal urls (#2272) 2018-03-29 13:47:13 -03:00
Oilbeater
c6c219a7d1 clean up tmpl (#2263) 
The nginx.conf generated now is too messy remove some section only useful when dynamic configure enabled and headers only useful for https.
 2018-03-29 09:36:00 -03:00
Sylvain Rabot
385368990c Managing a whitelist for _/nginx_status (#2187) 
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
 2018-03-28 09:27:34 -03:00
Zenara Daley
6e099c5f57 Add EWMA as configurable load balancing algorithm (#2229) 2018-03-23 12:06:21 -03:00
Oilbeater
0b0a274a9a fix: cannot set $service_name if use rewrite (#2220) 
$path here is the regular expression formatted nginx location not the origin path in ingress rules. Fix https://github.com/kubernetes/ingress-nginx/issues/2131
 2018-03-22 09:43:45 -03:00
halfcrazy
b45ee8d85f Add missing configuration in #2235 (#2236) 2018-03-22 08:53:29 -03:00
maxlaverse
8575769781 Make proxy_next_upstream_tries configurable (#2232) 
* Make proxy_next_upstream_tries configurable

* Code generation
 2018-03-22 08:12:36 -03:00
halfcrazy
4f5fa47d27 add proxy header ssl-client-issuer-dn, fix #2178 (#2235) 2018-03-22 01:38:47 -03:00
Elvin Efendi
634959fd79 do not hardcode keepalive for upstream_balancer (#2227) 2018-03-21 00:42:22 -03:00
Elvin Efendi
08252e2eef allow ipv6 localhost when enabled (#2210) 2018-03-19 13:32:55 -03:00
Manuel Alejandro de Brito Fontes
6b7491f432
Fix dynamic configuration when custom errors are enabled (#2212) 2018-03-19 12:55:17 -03:00
turettn
de30e53d62 Expose SSL client cert data to external auth provider. (#2078) 2018-03-19 09:30:36 -03:00
Alvaro Aleman
94deb3a01a Add configoption to exclude routes from tls upgrading (#2203) 
* Add configoption to exclude routes from tls upgrading

* Add tests for IsLocationInLocationList

* Seperate elements in NoTLSRedirectLocations by comma

* Set NoTLSRedirectLocations to "/.well-known/acme-challenge/" by default

* Remove trailing slash from "/.well-known/acme-challenge" default
 2018-03-18 17:44:59 -03:00
Oilbeater
5c02d700cb Allow config to disable geoip (#2202) 
For a offline or private cloud environment, geoip is not needed.
Implementing https://github.com/kubernetes/ingress-nginx/issues/2179
 2018-03-18 13:30:05 -03:00
Elvin Efendi
c90a4e811e Live Nginx (re)configuration without reloading (#2174) 2018-03-18 10:13:41 -03:00
Oilbeater
41cefeb178 Add worker-cpu-affinity nginx option (#2201) 
worker_cpu_affinity is a common optimization method for improving nginx performance, adding this as a custom configuration. Also fix some format issues found during editing.
 2018-03-16 13:32:45 -03:00
Elvin Efendi
36cce00fdd configuring load balancing per ingress (#2167) 
* configure load balancing through a ingress annotation

* update docs
 2018-03-09 13:09:41 -08:00
Manuel Alejandro de Brito Fontes
3c67976969
In case of TLS errors do not allow traffic (#2146) 2018-02-25 17:20:14 -03:00
Manuel Alejandro de Brito Fontes
216fe01a07
Add option in the configuration configmap to enable remote logging (syslog) (#2145) 2018-02-25 12:47:14 -03:00
Manuel Alejandro de Brito Fontes
0dee303ac2
Add annotation to disable logs in a location (#2144) 2018-02-25 11:38:54 -03:00
Manuel Alejandro de Brito Fontes
edb3be64ea
Only add HSTS headers in HTTPS (#2143) 2018-02-25 11:18:42 -03:00
Manuel Alejandro de Brito Fontes
94a85c99f7
Cors header should always be returned (#2140) 2018-02-24 17:52:23 -03:00
Karl Stoney
d1b6f32981 Enabled the dynamic reload of GeoIP data (#2107) 
* Moved geoip data into its own folder so it can be volume mounted

* Added FS watches for the geoip data

* Fixed single quotes issue (interpolation)

* Fixed gofmt errors

* Updated to directory crawl
 2018-02-17 12:24:50 -08:00
Karl Stoney
769f11df60 Added GeoIP Organisational data (#2099) 2018-02-15 14:10:20 -08:00
Manuel Alejandro de Brito Fontes
33475b7184
Fix opentracing configuration when multiple options are configured (#2075) 2018-02-12 16:08:49 -08:00
Elvin Efendi
a30bf2154e do not ignore $http_host and $http_x_forwarded_host (#2030) 2018-02-06 10:59:59 -08:00
Luke Jolly
42076e8ed0 Added configmap option to disable IPv6 in nginx DNS resolver (#1992) 2018-02-02 11:53:28 -08:00
Anish Ramasekar
d7ef6b3fc7 Add support for enabling ssl_ciphers per host (#2006) 
* Add support for adding ssl_ciphers

* Add documentation
 2018-01-31 08:53:07 -08:00
Anish Ramasekar
2f700a9ad5 Add limit-request-status-code option (#2001) 
* Add support for limit_req_status

* Add documentation

* Fix comment
 2018-01-30 07:24:44 -06:00
Qiu Jian
951a704cec Add connection-proxy-header annotation (#1999) 
This is the override the default connection header
 2018-01-29 22:29:03 -06:00
Anish Ramasekar
b020686599 Add support to enable/disable proxy buffering (#1998) 
* Enable proxy buffering using configmap and annotation

* add documentation
 2018-01-29 08:43:55 -06:00
Fernando Diaz
d1ae7ff29c Enable Customization of Auth Request Redirect (#1993) 
Adds the 'nginx.ingress.kubernetes.io/auth-request-redirect'
annotation, which allows the customization of the
'X-Auth-Request-Redirect' Header. Fixes: #1979
 2018-01-27 21:32:08 -03:00
Manuel Alejandro de Brito Fontes
fb3a317f4d
Rollback #1854 (#1969) 2018-01-24 14:28:34 -03:00
Manuel Alejandro de Brito Fontes
8975800740
Add support to hide headers from upstream servers (#1928) 2018-01-18 16:37:22 -02:00
Manuel Alejandro de Brito Fontes
858f3398f8
Remove sendfile configuration (#1927) 2018-01-18 15:22:59 -02:00
Manuel Alejandro de Brito Fontes
52794ae22d
Do not use port from host header (#1926) 2018-01-18 14:51:58 -02:00
Manuel Alejandro de Brito Fontes
b50cdc0256
Add option for reuseport in nginx listen section (#1919) 2018-01-17 21:12:46 -02:00
Manuel Alejandro de Brito Fontes
28058f0edc
Add support for jaeger backend (#1916) 2018-01-17 19:28:59 -02:00
Manuel Alejandro de Brito Fontes
807932259e
If server_tokens is disabled remove the Server header (#1903) 
* If server_tokens is disabled remove the Server header

* Add server-tokens tests

* Fix tests
 2018-01-17 10:26:53 -02:00
Manuel Alejandro de Brito Fontes
b0e0712984
Fix custom port in redirects (#1907) 2018-01-17 10:20:41 -02:00
Márk Sági-Kazár
313fdd2d1a Add CORS max age annotation (#1888) 
Add cors-max-age annotation
 2018-01-09 09:19:42 -02:00
Manuel Alejandro de Brito Fontes
da829748ec
Fix SSL Passthrough template issue and custom ports in redirect to HTTPS (#1870) 2018-01-02 14:48:42 -03:00
Tang Le
d22038b3af "proxy_redirect default" should be placed after the "proxy_pass" (#1869) 
When use nginx.ingress.kubernetes.io/proxy-redirect-from: default
annotation. ingress controller will report:
"""
Error: exit status 1
2018/01/02 07:03:11 [emerg] 181#181: "proxy_redirect default" should be placed after the "proxy_pass" directive in /tmp/nginx-cfg632387194:366
nginx: [emerg] "proxy_redirect default" should be placed after the "proxy_pass" directive in /tmp/nginx-cfg632387194:366
nginx: configuration file /tmp/nginx-cfg632387194 test failed
"""

Signed-off-by: Tang <at28997146@163.com>
 2018-01-02 08:34:20 -03:00
Manuel Alejandro de Brito Fontes
54cfad0a07
When upstream-hash-by annotation is used do not configure a lb algorithm (#1858) 2017-12-27 07:48:06 -03:00
Manuel Alejandro de Brito Fontes
6a34e9c261
Fix redirect to ssl (#1854) 2017-12-26 22:53:43 -03:00
Manuel Alejandro de Brito Fontes
fead9087ac
Validate x-forwarded-proto and connection scheme before redirecting to https (#1844) 2017-12-21 12:44:08 -03:00
Gabi Davar
8325ca9934
force external_auth requests to http/1.1 2017-12-02 17:05:13 +02:00
Manuel de Brito Fontes
3058e7758d Add setting to configure proxy responses in the stream section 2017-11-30 17:53:23 -03:00
Manuel de Brito Fontes
161b485ae0 Add option to configure the redirect code 2017-11-30 12:08:43 -03:00
Manuel de Brito Fontes
be185b9743 Use custom https port in redirects 2017-11-29 17:16:45 -03:00
Ricardo Katz
e93c75f46e
Changes ssl-client-cert header 2017-11-20 15:15:31 -02:00
Manuel de Brito Fontes
2223ea9600 Add annotation to enable passing the certificate to the upstream server 2017-11-17 21:28:45 -03:00
Manuel de Brito Fontes
c5b0c8ab0d Add annotation for setting proxy_redirect 2017-11-13 20:19:41 -03:00
Manuel de Brito Fontes
a858c549d9 Add e2e tests for auth annotation 2017-11-12 20:08:32 -03:00
Manuel de Brito Fontes
fdd231816c Disable features not availables in some platforms 2017-11-12 11:12:58 -03:00
Manuel de Brito Fontes
e7d412c3e8 Always add cors headers when enabled 2017-11-12 01:58:52 -03:00
chrisblu
2dfaaa7b9d Add the original http request method to the auth request 2017-11-08 12:14:04 +01:00
Manuel de Brito Fontes
5115adef82 Update nginx to 0.28 and enable brotli 2017-11-01 22:54:22 -03:00
Manuel de Brito Fontes
ff87480070 Disable brotli temporarily [ci skip] 2017-11-01 20:49:53 -03:00
Manuel Alejandro de Brito Fontes
dc3225e5ee
Merge pull request #1627 from estaleiro/brotli 
Add brotli support
 2017-11-01 17:49:11 -03:00
Ricardo Pchevuzinske Katz
fddcfd0340 Adds Brotli support 2017-11-01 17:53:18 -02:00
Joao Morais
29d90a6f18 Add client-dn header 2017-10-31 13:50:06 -02:00
acoshift
589b358311 Add gzip_vary 2017-10-29 20:54:25 +07:00
Max Laverse
b85055a976 Fix full XFF with PROXY 2017-10-28 17:43:16 +02:00
Max Laverse
bfe20306a0 Make X-Forwarded-For computation configurable 2017-10-26 17:44:17 +02:00
Max Laverse
a43833c621 Compute a real X-Forwarded-For 2017-10-26 17:42:13 +02:00
rnburn
888375acef Upgrade nginx-opentracing. 2017-10-24 13:49:30 -07:00
Ricardo Pchevuzinske Katz
c9fbfa34e7
Certiifcate Auth Bugfix 2017-10-22 20:52:54 -02:00
Ricardo Pchevuzinske Katz
2097676ca8 Adds support for other Cors directives 
CORS annotations improvements

Cors improvements

Cors improevements

Cors improvements

Cors improvements
 2017-10-22 19:22:12 -02:00
Ilya Saulenko
9a9c612f5a Allow usage of non_idempotent option in proxy_next_upstream 2017-10-16 21:50:17 +03:00
Manuel de Brito Fontes
16c1198980 Merge remote-tracking branch 'master/master' into docs 2017-10-16 09:02:10 -03:00
Manuel de Brito Fontes
8506e1ca67 Remove authentication send body annotation 2017-10-15 18:26:43 -03:00
Manuel de Brito Fontes
a30d3775c4 Merge remote-tracking branch 'master/master' into docs 2017-10-13 18:17:38 -03:00
Manuel de Brito Fontes
a9168f276e Split documentation 2017-10-13 18:13:51 -03:00
Chris Reinhardt
0aae81114a Include the serversnippet from the config map in servers that aren't aliaes 2017-10-12 14:30:26 -04:00
Petr Gregor
e78ad92c87 Change alias behaviour not to create new server section needlessly 2017-10-11 15:24:33 +02:00
Manuel de Brito Fontes
7632465ce3 Enable modsecurity feature 2017-10-10 11:24:21 -03:00
Manuel Alejandro de Brito Fontes
63155ee5bd Merge pull request #1511 from sapcc/sso 
fix deprecated ssl_client_cert. add ssl_client_verify header
 2017-10-09 10:40:32 -04:00
Max Laverse
1062340b0d Return 503 by default when no endpoint is available 2017-10-09 14:30:28 +02:00
Arno Uhlig
788eb58bfe ssl_client_cert is deprecated. use ssl_client_escaped_cert. add ssl_client_verify to enable client certificate verification. 2017-10-09 13:13:50 +02:00
Manuel de Brito Fontes
29c0304921 Add tls session ticket key setting 2017-10-08 19:37:19 -03:00
Lourens Naudé
d607cf6dd7 Introduce an upstream-hash-by annotation to support consistent hashing by nginx variable or text 2017-10-07 15:12:20 +01:00
Manuel de Brito Fontes
2139ee85e7 Move nginx to root directory 2017-10-06 16:58:36 -03:00
Renamed from controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl (Browse further)