DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1846 commits 4 branches 217 tags 166 MiB
Commit graph

224 commits

Author SHA1 Message Date
Manuel de Brito Fontes
a4793eda8c Update nginx-slim to 0.18 2017-06-07 11:33:13 -04:00
Olve Sæther Hansen
d4600a87b5 Added client_max_body_size to authPath location 
Seems like nginx denies the request because it would be over the max body size,
event if `proxy_pass_request_body` is `off`.

This fixes 811
 2017-06-02 22:40:29 +02:00
Manuel Alejandro de Brito Fontes
66b4c2606b Merge pull request #809 from aledbf/fix-variables-map 
Fix dynamic variable name
 2017-06-02 11:59:32 -04:00
Manuel de Brito Fontes
b70e9ca078 Fix dynamic variable name 2017-06-02 11:12:02 -04:00
Arjan Schaaf
a854dc71b2 #789 removing duplicate X-Real-IP header introduced 4bd4bf3be6 2017-05-29 11:43:05 +02:00
Manuel Alejandro de Brito Fontes
32f24380ec Merge pull request #787 from aledbf/pass-server-header 
Add setting to allow returning the Server header from the backend
 2017-05-28 19:16:58 -04:00
Manuel de Brito Fontes
2f20c6bfcb Add setting to allow returning the Server header from the backend 2017-05-28 17:40:25 -04:00
Manuel de Brito Fontes
8837cf93e2 Allow customization of variables hash tables 2017-05-28 16:05:49 -04:00
Manuel de Brito Fontes
40cd78d0b8 Add support for IPv6 in TCP and UDP stream section 2017-05-26 12:19:54 -04:00
Manuel de Brito Fontes
30343c489a Fix bad variable assignment in template nginx 2017-05-24 00:25:42 -04:00
Manuel de Brito Fontes
07cdee5ca8 Refactoring whitelist source IP verification 2017-05-20 19:32:03 -04:00
Manuel de Brito Fontes
d742dcb55c Specify nginx image arch 2017-05-18 17:57:33 -04:00
Manuel de Brito Fontes
7ceb0a8025 Update nginx image 2017-05-17 14:54:27 -04:00
Manuel Alejandro de Brito Fontes
c831359733 Merge pull request #709 from phekmat/patch-1 
Add config for X-Forwarded-For trust
 2017-05-17 07:45:49 -04:00
Manuel Alejandro de Brito Fontes
b4032f0648 Merge pull request #722 from aledbf/remove-go-reaper 
Remove go-reap and use tini as process reaper
 2017-05-17 07:37:23 -04:00
Vlad Gorodetsky
3bd2cb331f Add keepalive_requests and client_boxy_buffer_size options 2017-05-17 09:36:10 +03:00
Manuel de Brito Fontes
22d63d0ad0 Auto stash before merge of "master" and "master/master" 
Remove go-reap and use tini as process reaper
 2017-05-16 16:06:33 -04:00
Kwok-kuen Cheung
a83f17c716 Set $proxy_upstream_name before location directive 
When nginx performs ssl redirect, $proxy_upstream_name used in log
is not initialized because it is set after nginx matched a location directive,
which is not the case when performing a ssl redirect.

refs #711
 2017-05-14 08:59:30 +08:00
Manuel Alejandro de Brito Fontes
12d2c4f689 Merge pull request #690 from aledbf/avoid-empty-secret 
Fix IP in logs for https traffic
 2017-05-12 10:44:20 -03:00
Payam Hekmat
dd894f0f73 Add config for X-Forwarded-For trust 
Use the same config option for `set_real_ip_from` when not using proxy protocol. The default remains `0.0.0.0/0`, which is insecure if the ingress is publicly accessible. This at least provides a workaround for #200
 2017-05-11 21:55:35 -05:00
Manuel de Brito Fontes
4bd4bf3be6 Fix remote address in log when protocol is https 2017-05-11 15:04:19 -03:00
Dan Cech
485098fd69 use nginx vts module version 0.1.14 2017-05-11 13:56:42 -04:00
David Pratt
d56d8b7da1 Use proxy-protocol to pass through source IP to nginx 2017-05-10 16:22:48 -05:00
Matjaz Pancur
d402e16eb8 Fix error in generated nginx.conf hsts-preload 2017-05-04 11:29:32 +02:00
Jeff Pearce
a5d58cc521 Override load balancer alg view config map 2017-04-29 08:37:24 -07:00
Manuel de Brito Fontes
ab1f04b9c2 Add support for https in proxy request for external authentication 2017-04-24 22:14:38 -03:00
Manuel de Brito Fontes
12d4aadf74 Allow configuration of features underscores_in_headers and ignore_invalid_headers 2017-04-20 18:12:16 -03:00
Manuel de Brito Fontes
de14e2f4f1 Refactor ssl-passthroug using go to handle TLS hello 2017-04-19 01:39:14 -03:00
Jonas Kint
a7b09e71a1 Fixing wildcard in hostname for the upstream map 2017-04-13 17:27:20 +02:00
Manuel Alejandro de Brito Fontes
3810515663 Merge pull request #583 from stibi/patch-1 
fixed lua_package_path in nginx.tmpl
 2017-04-12 17:04:05 -03:00
Manuel de Brito Fontes
6038e17728 Remove Host header from auth_request proxy configuration 2017-04-12 09:37:03 -03:00
Martin Stiborsky
beb17f39ab fixed lua_package_path in nginx.tmpl 
I did my own build of the nginx-ingress-controller and its docker image, but I had troubles with the `error_page.lua` module, which couldn't be loaded, there was an error in the log, module was not found.

I think the lua package path is wrong, here is a fix.
 2017-04-11 09:43:33 +02:00
Manuel de Brito Fontes
25bb7e4311 Set different listeners per protocol version 2017-04-09 15:03:27 -03:00
Manuel Alejandro de Brito Fontes
7ca7652ab2 Merge pull request #563 from aledbf/hsts-preload 
Add option to disable hsts preload
 2017-04-05 23:20:35 -03:00
Manuel de Brito Fontes
cbe4029597 Add option to disable hsts preload 2017-04-05 22:48:43 -03:00
Manuel de Brito Fontes
62c13fb7bc Update nginx version and remove dumb-init 2017-04-04 17:59:54 -03:00
Manuel de Brito Fontes
bc68f9eea3 Update nginx and vts module 2017-04-02 16:07:38 -03:00
Manuel Alejandro de Brito Fontes
02cd3ce885 Merge pull request #225 from electroma/nginx/extauth_headers 
Support for http header passing from external authentication service
 2017-04-01 20:40:29 -03:00
Manuel de Brito Fontes
8e41bdd3d4 Add setting to configure ecdh curve 2017-03-30 23:23:14 -03:00
Manuel Alejandro de Brito Fontes
f5211458ce Merge pull request #454 from danielqsj/master 
Pass request port to real server
 2017-03-26 08:01:11 -03:00
rsafronov
6d07d32003 Merge branch 'upstream' into nginx/extauth_headers 2017-03-24 20:25:18 -04:00
Canh Ngo
46a42a2905 Adds support for CORS with Authorization header 2017-03-23 16:17:47 +01:00
Canh Ngo
df76382055 Adds support for CORS on error responses 2017-03-23 16:17:37 +01:00
shijunqian
43469a8179 Pass request port to real server 2017-03-21 10:33:11 +08:00
Manuel Alejandro de Brito Fontes
c25936df62 Merge pull request #427 from rikatz/app-root-redirect 
Adds support for root context redirection
 2017-03-16 07:32:30 -03:00
Kirill Levin
23c45340be fix nginx-udp-and-udp on same port 2017-03-15 20:45:21 +03:00
Manuel de Brito Fontes
350c5f2c03 Remove snake oil certificate generation 2017-03-15 08:23:25 -03:00
rsafronov
7034e1de69 Merge remote-tracking branch 'upstream/master' into nginx/extauth_headers 
# Conflicts:
#	core/pkg/ingress/annotations/authreq/main.go
 2017-03-13 15:04:37 -04:00
Ricardo Pchevuzinske Katz
0e5d3ca9e9 Adds support for root redirection, and improves rewrite documentation 2017-03-13 12:03:47 -03:00
Ricardo Katz
c41e6bd82f Merge 04af55af3c into 0cb8f59f70 2017-03-12 22:09:42 +00:00
Ricardo Pchevuzinske Katz
04af55af3c Adds support for root context redirection 2017-03-12 19:06:10 -03:00
Manuel de Brito Fontes
e702c55820 Fix build 2017-03-12 18:11:03 -03:00
Manuel de Brito Fontes
7ba389c1d0 Cleanup collection of prometheus metrics 2017-03-10 16:47:08 -03:00
Giancarlo Rubio
1d38e3a384 Scrap json metrics from nginx vts 
upgrade vts to the latest version
 2017-03-10 09:25:56 -03:00
Manuel Alejandro de Brito Fontes
a5f8af70bf Merge pull request #410 from aledbf/colemickens-signin-url 
Add support for "signin url"
 2017-03-09 11:21:42 -03:00
Cole Mickens
09e6aabce4 Add auth-signin annotation 2017-03-08 20:24:01 -03:00
Manuel de Brito Fontes
c173985af0 Allow custom http2 header sizes 2017-03-08 20:00:16 -03:00
Giancarlo Rubio
63b5f2f1c5 add configuration to disable listening on ipv6 2017-03-08 13:29:02 +01:00
Manuel de Brito Fontes
bebd596b3f Listen customization must be done just in one place 2017-03-07 19:50:24 -03:00
Manuel de Brito Fontes
484bd43111 Fix http2 header size 2017-03-07 14:42:59 -03:00
Manuel de Brito Fontes
2399be867e Cleanup custom log format configuration 2017-03-04 18:35:33 -03:00
Manuel Alejandro de Brito Fontes
75124bc9f1 Merge pull request #356 from gianrubio/patch-1 
Disable listen only on ipv6 and fix proxy_protocol
 2017-03-03 09:50:43 -03:00
Peter Wilson
1a72b3f775 add ForceSSLRedirect ingress annotation 2017-03-03 16:44:29 +11:00
Aaron Roydhouse
336f3cb108 Fix error caused by increasing proxy_buffer_size (#363) 
This fixes the bug raised in #363, by increasing the size of the proxy_buffers (memory allocation) to match the size of the proxy buffer. This leaves the default values (with no ingress setting) unchanged:
```
proxy_buffer_size      4k
proxy_buffers            4 4k
```
If 'proxy-buffer-size' is set, then now both the buffer size and the memory allocation size is increased:
```
proxy_buffer_size     "{{ $location.Proxy.BufferSize }}";
proxy_buffers           4 "{{ $location.Proxy.BufferSize }}";
```
I have been using this patch with 0.8.3 and 0.9.0-beta.2.
 2017-03-02 16:11:27 -05:00
rsafronov
05526e4a66 Merge remote-tracking branch 'upstream/master' into nginx/extauth_headers 
# Conflicts:
#	controllers/nginx/pkg/template/template.go
 2017-03-02 14:46:18 -05:00
Giancarlo Rubio
0ca3aef0f5 Add ability to customize upstream and stream log format 2017-03-01 18:47:11 +01:00
Giancarlo Rubio
90fdea751b Disable listen only on ipv6 and fix proxy_protocol 
- Always listen on ipv4 address for port 443
- Rollback previous PR #227 that broke the proxy_protocol when passthroughBackends is disabled
 2017-03-01 15:31:00 +01:00
electroma
c8eda8f17f Merge branch 'master' into nginx/extauth_headers 2017-02-27 16:28:11 -05:00
Manuel de Brito Fontes
02d44ccbaa Fix client source IP address 2017-02-26 19:01:07 -03:00
Ricardo Pchevuzinske Katz
a342c0bce3 Adds correct support for TLS Muthual autentication and depth verification 
modified:   controllers/nginx/configuration.md
	modified:   controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
	modified:   core/pkg/ingress/annotations/authtls/main.go
	modified:   core/pkg/ingress/controller/backend_ssl.go
	modified:   core/pkg/ingress/controller/controller.go
	modified:   core/pkg/ingress/controller/util_test.go
	modified:   core/pkg/ingress/resolver/main.go
	modified:   core/pkg/ingress/types.go
	modified:   core/pkg/net/ssl/ssl.go
	modified:   examples/PREREQUISITES.md
	new file:   examples/auth/client-certs/nginx/README.md
	new file:   examples/auth/client-certs/nginx/nginx-tls-auth.yaml
 2017-02-24 22:49:01 -03:00
Manuel de Brito Fontes
84324af140 Refactoring of TCP and UDP services 2017-02-24 20:14:43 -03:00
Manuel Alejandro de Brito Fontes
33ab550290 Merge pull request #332 from aledbf/snippets 
Add annotation to customize nginx configuration
 2017-02-24 18:39:45 -03:00
Giancarlo Rubio
704a18cec9 Add support for proxy cookie path/proxy cookie domain 2017-02-24 16:06:30 +01:00
Manuel de Brito Fontes
a20c287614 Add annotation to customize nginx location configuration 2017-02-23 16:48:59 -03:00
caiyixiang
e68abf067b change 'buildSSPassthrouthUpstreams' to 'buildSSLPassthroughUpstreams' 2017-02-20 10:30:37 +08:00
Manuel de Brito Fontes
8fd12b26ba Change nginx variable to use in filter of access_log 2017-02-17 18:21:46 -03:00
Manuel Alejandro de Brito Fontes
e603066d92 Merge pull request #290 from aledbf/update-nginx 
Update nginx version in ingress controller to 1.11.10
 2017-02-17 15:46:52 -03:00
Prashanth B
698c08402a Merge pull request #258 from rikatz/nginx-sticky-annotations 
Nginx sticky annotations
 2017-02-17 05:27:18 +05:30
Manuel de Brito Fontes
2d0971d6b0 Update nginx version in ingress controller to 1.11.10 2017-02-16 15:10:14 -03:00
Manuel Alejandro de Brito Fontes
b5819d8f4d Merge pull request #246 from aledbf/set-headers 
Add support for custom proxy headers using a ConfigMap
 2017-02-16 07:35:57 -03:00
Manuel de Brito Fontes
0cdc4bd8ba Pass headers to custom error backend 2017-02-14 17:43:31 -03:00
Ricardo Pchevuzinske Katz
a158e5fc5a Improve the session affinity feature 2017-02-12 21:13:39 -02:00
Ricardo Pchevuzinske Katz
6809319318 Adds support for configuring stickness per Ingress 2017-02-10 12:24:16 -02:00
Ricardo Pchevuzinske Katz
79e186cb77 New sticky session configuration 2017-02-10 01:33:23 -02:00
Ricardo Pchevuzinske Katz
d0c4e0d713 Adds support for disabling the entire access_log 2017-02-09 21:20:12 -02:00
rsafronov
4c2b2512f5 Merge branch 'upstream' into nginx/extauth_headers 2017-02-08 16:57:03 -05:00
Manuel de Brito Fontes
5cc5669938 Add support for custom proxy headers using a ConfigMap 2017-02-07 17:00:23 -03:00
Manuel de Brito Fontes
36f842c011 Add information about proxy_protocol in port 442 2017-02-04 21:29:35 -03:00
Justin Santa Barbara
8d71557b13 Remove proxy_protocol from 442 listener 
The proxy_protocol processing should only happen once, on the
"external-facing" listeners.
 2017-02-04 19:02:24 -05:00
Justin Santa Barbara
6fa461c2a7 proxy_protocol on ssl_passthrough listener 
Move proxy_protocol to listener.

Fix #207
 2017-02-04 02:38:36 -05:00
rsafronov
302fa5f4bb Added: support for http header passing from external authentication service response 2017-02-03 19:43:15 -05:00
Manuel de Brito Fontes
c3ac562429 Fix template error 2017-01-27 17:52:09 -03:00
Manuel Alejandro de Brito Fontes
87d4145c76 Merge pull request #178 from aledbf/proxy-name 
Add initialization of proxy variable
 2017-01-26 16:50:20 -03:00
Ricardo Pchevuzinske Katz
cc1413261f Allows the usage of Default SSL Cert 2017-01-26 16:51:55 -02:00
Manuel de Brito Fontes
2baa1def46 Add initialization of proxy variable 2017-01-26 11:52:48 -03:00
Manuel de Brito Fontes
08eda50ebb Update nginx to 1.11.9 2017-01-25 15:16:31 -03:00
Manuel de Brito Fontes
3df139cb56 Add configuration and annotation for port_in_redirect 2017-01-21 23:01:21 -03:00
Manuel de Brito Fontes
87322b84ba Add support for custom header sizes 2017-01-21 12:46:20 -03:00
Manuel de Brito Fontes
b0c2619594 Add annotation to allow custom body sizes 2017-01-21 11:50:05 -03:00
Manuel Alejandro de Brito Fontes
0ed8260704 Merge pull request #133 from aledbf/fix-tcp-stream 
Add TCP and UDP services removed in migration
 2017-01-19 09:06:03 -03:00
Justin Santa Barbara
f1520a1232 Merge pull request #142 from aledbf/file-max 
Use system fs.max-files as limits instead of hard-coded value
 2017-01-19 01:46:49 -05:00
Manuel de Brito Fontes
9ce52c51f1 Use system fs.max-files as limits instead of hard-coded value 2017-01-19 00:29:31 -03:00
Manuel de Brito Fontes
ba98383c2d Add TCP and UDP services removed in migration 2017-01-18 23:46:03 -03:00
Manuel de Brito Fontes
7fa5aecd71 Add reuse port and backlog to port 80 and 443 2017-01-18 23:04:00 -03:00
Manuel Alejandro de Brito Fontes
71492a6f8f Merge pull request #115 from safework/master 
add default_server to listen statement for default backend
 2017-01-13 09:11:25 -03:00
Manuel Alejandro de Brito Fontes
43a3d67561 Merge pull request #99 from aledbf/update-nginx 
Update nginx to 1.11.8
 2017-01-12 21:17:17 -03:00
Manuel de Brito Fontes
597a0e691a Deny location mapping in case of specific errors 2017-01-12 13:40:32 -03:00
Mark Cola
939c6d9128 add default_server to listen statement for default backend 2017-01-09 11:30:44 +11:00
Manuel de Brito Fontes
af9375aa96 Add support to disable server_tokens directive 2017-01-02 16:27:57 -03:00
Prashanth B
5cdb8fe4fb Merge pull request #77 from aledbf/dns-resolver 
Add support for IPV6 in dns resolvers
 2017-01-01 20:21:52 -08:00
Manuel de Brito Fontes
def1e034d8 Update nginx to 1.11.8 2016-12-29 20:27:21 -03:00
Justin Santa Barbara
fb8208cf8b Fix typo PassthrougBackends -> PassthroughBackends 2016-12-29 17:57:51 -05:00
Manuel de Brito Fontes
99209ad33d Add support for IPV6 in dns resolvers 2016-12-28 07:30:58 -03:00
Manuel de Brito Fontes
3b4358b861 Fix x-forwarded-port mapping 2016-12-26 10:56:22 -03:00
Manuel de Brito Fontes
99fb1f4874 Fix incorrect X-Forwarded-Port for TLS 2016-12-22 10:03:58 -03:00
Manuel Alejandro de Brito Fontes
f0762ba144 Merge pull request #34 from euank/nginx-ipv6ish 
nginx: also listen on ipv6
 2016-12-21 13:53:49 -03:00
Euan Kemp
8fe1efe396 nginx: also listen on ivp6 
This allows a brave user to run this in host networking mode and support
ipv6.
 2016-12-12 09:56:42 -08:00
Giancarlo Rubio
bd9ec42042 fix typo in variable ProxyRealIPCIDR 2016-12-12 14:23:45 +01:00
Manuel de Brito Fontes
86dbf979cb Add nginx metrics to prometheus 2016-11-29 18:10:06 -03:00
Manuel de Brito Fontes
81cd7782c6 Restart nginx if master process dies 2016-11-29 14:21:44 -03:00
Manuel de Brito Fontes
16c5800545 Add e2e boilerplate 2016-11-23 21:34:30 -03:00
Manuel de Brito Fontes
5a8e090736 Add Generic interface 2016-11-23 21:17:49 -03:00
Manuel de Brito Fontes
f2b627486d Remove interface 2016-11-23 21:17:49 -03:00
Manuel de Brito Fontes
ed9a416b01 Split implementations from generic code 2016-11-23 21:17:49 -03:00