DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1885 commits 4 branches 217 tags 166 MiB
Commit graph

227 commits

Author SHA1 Message Date
Manuel de Brito Fontes
0459674931 Add flags to customize listen ports and detect port collisions 2017-08-24 10:56:08 -03:00
Daniel Fernandes Martins
d57bc292c3 Add support for 'client_body_timeout' and 'client_header_timeout' 2017-08-24 09:33:35 -03:00
Fernando Diaz
86357332e3 Add Validation for Client Body Buffer Size 
Adds validation so that if a bad value is input into the client
body buffer size annotation then client_body_buffer_size is not set.
That way a log error is thrown and it fails gracefully rather than
killing the ingress controller.
 2017-08-23 20:04:51 -05:00
Manuel de Brito Fontes
210ddb797a Fix Equal comparison 2017-08-23 17:52:17 -03:00
Manuel Alejandro de Brito Fontes
f593cb8e2f Merge pull request #1226 from danielqsj/useless-variable 
Remove useless variable in nginx.tmpl
 2017-08-23 13:01:34 -04:00
danielqsj
77c9556dde Remove useless variable in nginx.tmpl 2017-08-23 15:06:13 +08:00
Manuel de Brito Fontes
806144421e Move certificate authentication from location to server 2017-08-23 00:39:38 -03:00
Seth Pollack
f045fa6d88 refactor rate limit whitelist 2017-08-22 20:47:29 -04:00
Seth Pollack
a3594f6c4c keep zones unique per ingress resource 2017-08-22 14:54:08 -04:00
Manuel de Brito Fontes
a392f29956 Replace base64 encoding with random uuid 2017-08-22 10:53:13 -03:00
Manuel Alejandro de Brito Fontes
def5155aa6 Merge pull request #1210 from sethpollack/whitelist 
add rate limit whitelist
 2017-08-22 08:23:45 -04:00
Manuel Alejandro de Brito Fontes
9863140b8c Merge pull request #1186 from diazjf/client-body-buffer-size 
Add annotation for client-body-buffer-size per location
 2017-08-22 08:02:35 -04:00
Seth Pollack
6253c34266 add rate limit whitelist 2017-08-22 07:53:52 -04:00
Fernando Diaz
e9ffbf0f87 Add annotation for client-body-buffer-size per location 
Adds an annotation which allows for client-body-buffer-size to
be configured per specific locations specified in the ingress
resource yaml.
 2017-08-21 23:12:30 -05:00
Manuel de Brito Fontes
884b388438 Fix template error 2017-08-21 16:06:38 -03:00
Manuel Alejandro de Brito Fontes
6ef63438b6 Merge pull request #1190 from aledbf/disable-ssl-passthrough 
Add flag to disable SSL passthrough
 2017-08-20 22:25:06 -04:00
Manuel de Brito Fontes
daa9fea41a Add flag to disable SSL Passthrough 2017-08-20 22:34:31 -03:00
Manuel de Brito Fontes
b2be9f0e04 Fix sign in URL 2017-08-20 20:39:58 -03:00
Manuel de Brito Fontes
ed68194688 Add support for temporal and permanent redirects 2017-08-20 15:07:25 -03:00
Fernando Diaz
47e4dd59a8 Merge branch 'master' into server-alias 2017-08-17 17:32:48 -05:00
Fernando Diaz
e12138f4dc Remove any aliases that conflict with a hostname 
Removes the alias association if an existing server
with the same hostname as the alias exists. This is
done to disallow any duplicate server creation when
the alias annotation is provided.
 2017-08-17 13:05:52 -05:00
Manuel de Brito Fontes
5e08600d2f Use variable request_uri as redirect after auth 2017-08-17 14:49:44 -03:00
Fernando Diaz
62fea9aa01 Update Server Alias Annotation with Review Changes 
Updates the Server-Alias annotation to create another server
containing the same configuration as the current server, but
with the name provided in the annotation.
 2017-08-15 14:49:04 -05:00
Fernando Diaz
ac504bdbc0 Add support for Server Alias in Nginx 
Adds support for server alias in nginx. Adds a new annotation
which allows us to specify a server alias that will be appended
to the server name.
 2017-08-13 13:01:00 -05:00
Manuel de Brito Fontes
fb3c7c3714 Cleanup remote address in nginx template 2017-08-10 11:41:14 -04:00
Manuel Alejandro de Brito Fontes
91077a2ed8 Merge pull request #1088 from aledbf/worker-timeout 
Configure nginx worker timeout
 2017-08-08 14:41:33 -04:00
Manuel de Brito Fontes
106cfca1a6 Configure nginx worker timeout 2017-08-08 14:17:49 -04:00
zhengjiajin
f8c4c0da21 Fix some broken link 2017-08-08 17:50:14 +08:00
Manuel Alejandro de Brito Fontes
cf732e846e Merge pull request #1074 from aledbf/rem-lua 
Remove lua and use fastcgi to render errors
 2017-08-07 22:15:32 -04:00
zhengjiajin
13ab894e6f feat/proxytimeout support proxy timeout for stream type 2017-08-08 02:01:12 +08:00
Manuel de Brito Fontes
a091d3ede7 Remove lua and use fastcgi to render errors 2017-08-05 16:29:58 -04:00
Bastian Hofmann
38d198bfde Make proxy_headers_hash_bucket_size and proxy_headers_hash_max_size configurable in the nginx controller 
See https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_headers_hash_bucket_size and https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_headers_hash_max_size
 2017-07-13 13:57:03 +02:00
n1koo
02832dec6c Add support for add_headers 2017-07-10 09:55:07 +03:00
Georgiy Kutsurua
d56e261835 Sets parameters for a shared memory zone that will keep states for various keys. 2017-07-07 15:45:13 +04:00
Remington Reackhof
1b3f0acde1 add configmap and template changes for comma separated proxy-real-ip-cidr list 2017-07-06 10:54:36 -05:00
Manuel de Brito Fontes
6a4679b028 Add support for proxy protocol in TCP services 2017-07-02 17:09:09 -04:00
Manuel de Brito Fontes
844ea6a864 Add arm and ppc64le support 2017-06-28 20:22:59 -04:00
Manuel Alejandro de Brito Fontes
3c9ac43058 Merge pull request #919 from Collaborne/pr/redirect-per-location 
Apply the 'ssl-redirect' annotation per-location
 2017-06-28 13:43:44 -04:00
Andreas Kohn
04346a8ec2
Apply the 'ssl-redirect' redirect per-location 
This is needed to avoid ingress definitions with different settings for SSL
redirection conflicting with each other.

NB: This was discussed in the review of #427, but ultimately not addressed.
 2017-06-28 11:18:06 +02:00
Manuel Alejandro de Brito Fontes
005ed5243f Merge pull request #907 from glerchundi/master 
nginx/proxy: allow specifying next upstream behaviour
 2017-06-27 19:24:16 -04:00
Gorka Lerchundi Osa
5503e8d0e9 nginx/proxy: allow specifying next upstream behaviour 2017-06-27 23:30:43 +02:00
Manuel de Brito Fontes
5f02858623 Improve X-Forwarded-Host support 2017-06-27 10:08:14 -04:00
Manuel de Brito Fontes
83d03a19a6 Add feature to allow sticky sessions per location 2017-06-22 14:12:57 -04:00
Manuel de Brito Fontes
6e2203594e Add upstream keepalive connections cache 2017-06-21 23:52:06 -04:00
Manuel de Brito Fontes
85e6d30844 Improve variable configuration for source IP address 2017-06-21 00:52:12 -04:00
Manuel de Brito Fontes
df6795c0af Update nginx-slim to 0.19 2017-06-20 22:23:24 -04:00
Manuel de Brito Fontes
92e3b5ba78 Lint nginx code 2017-06-14 23:05:04 -04:00
Manuel de Brito Fontes
51b2e0f2cb Fix IPv6 UDP stream section 2017-06-13 08:45:30 -04:00
Giancarlo Rubio
fffddebdf8 add semicolon 2017-06-13 13:05:43 +02:00
Manuel Alejandro de Brito Fontes
cdbf2aad37 Merge pull request #824 from aledbf/update-nginx-controller 
Update nginx-slim to 0.18
 2017-06-12 18:39:15 -04:00
Cory Klein
fa70e5e905 Make log format json escaping configurable 
This will allow json logging in nginx ingress controllers which greatly
improves ease of log indexing and searching via elasticsearch.

After this change is made, users could set the following property in the
ingress configmap to enable json logging:

log-format-upstream: '{"proxy_protocol_addr": "$proxy_protocol_addr", "proxy_add_x_forwarded_for": "$proxy_add_x_forwarded_for", "remote_user": "$remote_user", "time_iso8601": "$time_iso8601", "request": "$request", "status": "$status", "body_bytes_sent": "$body_bytes_sent", "http_referer": "$http_referer", "http_user_agent": "$http_user_agent", "request_length": "$request_length", "request_time": "$request_time", "proxy_upstream_name": "$proxy_upstream_name", "upstream_addr": "$upstream_addr", "upstream_response_length": "$upstream_response_length", "upstream_response_time": "$upstream_response_time", "upstream_status": "$upstream_status"}'
 2017-06-09 15:32:11 -06:00
Manuel Alejandro de Brito Fontes
dbb12afbb9 Merge pull request #829 from rlguarino/ross/2017-06-08T18-48-35-07-00 
feat(template): wrap IPv6 addresses in []
 2017-06-09 13:21:30 -04:00
Ross Guarino
54f6729dc8 feat(template): wrap IPv6 addresses in [] 
Add formatIP helper function which will wrap IPv6 addresses
in [] and print IPv4 addresses as is.

Closes #828
 2017-06-08 20:11:00 -07:00
Manuel de Brito Fontes
a4793eda8c Update nginx-slim to 0.18 2017-06-07 11:33:13 -04:00
Olve Sæther Hansen
d4600a87b5 Added client_max_body_size to authPath location 
Seems like nginx denies the request because it would be over the max body size,
event if `proxy_pass_request_body` is `off`.

This fixes 811
 2017-06-02 22:40:29 +02:00
Manuel Alejandro de Brito Fontes
66b4c2606b Merge pull request #809 from aledbf/fix-variables-map 
Fix dynamic variable name
 2017-06-02 11:59:32 -04:00
Manuel de Brito Fontes
b70e9ca078 Fix dynamic variable name 2017-06-02 11:12:02 -04:00
Arjan Schaaf
a854dc71b2 #789 removing duplicate X-Real-IP header introduced 4bd4bf3be6 2017-05-29 11:43:05 +02:00
Manuel Alejandro de Brito Fontes
32f24380ec Merge pull request #787 from aledbf/pass-server-header 
Add setting to allow returning the Server header from the backend
 2017-05-28 19:16:58 -04:00
Manuel de Brito Fontes
2f20c6bfcb Add setting to allow returning the Server header from the backend 2017-05-28 17:40:25 -04:00
Manuel de Brito Fontes
8837cf93e2 Allow customization of variables hash tables 2017-05-28 16:05:49 -04:00
Manuel de Brito Fontes
40cd78d0b8 Add support for IPv6 in TCP and UDP stream section 2017-05-26 12:19:54 -04:00
Manuel de Brito Fontes
30343c489a Fix bad variable assignment in template nginx 2017-05-24 00:25:42 -04:00
Manuel de Brito Fontes
07cdee5ca8 Refactoring whitelist source IP verification 2017-05-20 19:32:03 -04:00
Manuel de Brito Fontes
d742dcb55c Specify nginx image arch 2017-05-18 17:57:33 -04:00
Manuel de Brito Fontes
7ceb0a8025 Update nginx image 2017-05-17 14:54:27 -04:00
Manuel Alejandro de Brito Fontes
c831359733 Merge pull request #709 from phekmat/patch-1 
Add config for X-Forwarded-For trust
 2017-05-17 07:45:49 -04:00
Manuel Alejandro de Brito Fontes
b4032f0648 Merge pull request #722 from aledbf/remove-go-reaper 
Remove go-reap and use tini as process reaper
 2017-05-17 07:37:23 -04:00
Vlad Gorodetsky
3bd2cb331f Add keepalive_requests and client_boxy_buffer_size options 2017-05-17 09:36:10 +03:00
Manuel de Brito Fontes
22d63d0ad0 Auto stash before merge of "master" and "master/master" 
Remove go-reap and use tini as process reaper
 2017-05-16 16:06:33 -04:00
Kwok-kuen Cheung
a83f17c716 Set $proxy_upstream_name before location directive 
When nginx performs ssl redirect, $proxy_upstream_name used in log
is not initialized because it is set after nginx matched a location directive,
which is not the case when performing a ssl redirect.

refs #711
 2017-05-14 08:59:30 +08:00
Manuel Alejandro de Brito Fontes
12d2c4f689 Merge pull request #690 from aledbf/avoid-empty-secret 
Fix IP in logs for https traffic
 2017-05-12 10:44:20 -03:00
Payam Hekmat
dd894f0f73 Add config for X-Forwarded-For trust 
Use the same config option for `set_real_ip_from` when not using proxy protocol. The default remains `0.0.0.0/0`, which is insecure if the ingress is publicly accessible. This at least provides a workaround for #200
 2017-05-11 21:55:35 -05:00
Manuel de Brito Fontes
4bd4bf3be6 Fix remote address in log when protocol is https 2017-05-11 15:04:19 -03:00
Dan Cech
485098fd69 use nginx vts module version 0.1.14 2017-05-11 13:56:42 -04:00
David Pratt
d56d8b7da1 Use proxy-protocol to pass through source IP to nginx 2017-05-10 16:22:48 -05:00
Matjaz Pancur
d402e16eb8 Fix error in generated nginx.conf hsts-preload 2017-05-04 11:29:32 +02:00
Jeff Pearce
a5d58cc521 Override load balancer alg view config map 2017-04-29 08:37:24 -07:00
Manuel de Brito Fontes
ab1f04b9c2 Add support for https in proxy request for external authentication 2017-04-24 22:14:38 -03:00
Manuel de Brito Fontes
12d4aadf74 Allow configuration of features underscores_in_headers and ignore_invalid_headers 2017-04-20 18:12:16 -03:00
Manuel de Brito Fontes
de14e2f4f1 Refactor ssl-passthroug using go to handle TLS hello 2017-04-19 01:39:14 -03:00
Jonas Kint
a7b09e71a1 Fixing wildcard in hostname for the upstream map 2017-04-13 17:27:20 +02:00
Manuel Alejandro de Brito Fontes
3810515663 Merge pull request #583 from stibi/patch-1 
fixed lua_package_path in nginx.tmpl
 2017-04-12 17:04:05 -03:00
Manuel de Brito Fontes
6038e17728 Remove Host header from auth_request proxy configuration 2017-04-12 09:37:03 -03:00
Martin Stiborsky
beb17f39ab fixed lua_package_path in nginx.tmpl 
I did my own build of the nginx-ingress-controller and its docker image, but I had troubles with the `error_page.lua` module, which couldn't be loaded, there was an error in the log, module was not found.

I think the lua package path is wrong, here is a fix.
 2017-04-11 09:43:33 +02:00
Manuel de Brito Fontes
25bb7e4311 Set different listeners per protocol version 2017-04-09 15:03:27 -03:00
Manuel Alejandro de Brito Fontes
7ca7652ab2 Merge pull request #563 from aledbf/hsts-preload 
Add option to disable hsts preload
 2017-04-05 23:20:35 -03:00
Manuel de Brito Fontes
cbe4029597 Add option to disable hsts preload 2017-04-05 22:48:43 -03:00
Manuel de Brito Fontes
62c13fb7bc Update nginx version and remove dumb-init 2017-04-04 17:59:54 -03:00
Manuel de Brito Fontes
bc68f9eea3 Update nginx and vts module 2017-04-02 16:07:38 -03:00
Manuel Alejandro de Brito Fontes
02cd3ce885 Merge pull request #225 from electroma/nginx/extauth_headers 
Support for http header passing from external authentication service
 2017-04-01 20:40:29 -03:00
Manuel de Brito Fontes
8e41bdd3d4 Add setting to configure ecdh curve 2017-03-30 23:23:14 -03:00
Manuel Alejandro de Brito Fontes
f5211458ce Merge pull request #454 from danielqsj/master 
Pass request port to real server
 2017-03-26 08:01:11 -03:00
rsafronov
6d07d32003 Merge branch 'upstream' into nginx/extauth_headers 2017-03-24 20:25:18 -04:00
Canh Ngo
46a42a2905 Adds support for CORS with Authorization header 2017-03-23 16:17:47 +01:00
Canh Ngo
df76382055 Adds support for CORS on error responses 2017-03-23 16:17:37 +01:00
shijunqian
43469a8179 Pass request port to real server 2017-03-21 10:33:11 +08:00
Manuel Alejandro de Brito Fontes
c25936df62 Merge pull request #427 from rikatz/app-root-redirect 
Adds support for root context redirection
 2017-03-16 07:32:30 -03:00
Kirill Levin
23c45340be fix nginx-udp-and-udp on same port 2017-03-15 20:45:21 +03:00
Manuel de Brito Fontes
350c5f2c03 Remove snake oil certificate generation 2017-03-15 08:23:25 -03:00