493dd6726d
Replace request_uri
2020-09-27 20:26:39 -03:00
87e79da16a
Move ocsp_response_cache:delete after certificate_data:set
2020-09-19 23:16:00 +08:00
16f970d8bb
Use was_not_called without check args match
2020-09-19 00:15:42 +08:00
724646bd73
Delete OCSP Response cache when certificate renewed
2020-09-18 14:30:18 +08:00
e9059eef01
fixed some typos
...
Signed-off-by: Frank Gadban <frankgad@outlook.de>
2020-07-21 22:02:23 +02:00
3402d07ff0
doc: update docs and fixed typos ( #5821 )
2020-07-01 10:02:52 -04:00
bcc3cfaa65
Dynamic LB sync non-external backends only when necessary
2020-06-29 18:11:51 -04:00
7ab0916c92
Resolve conflicts
2020-06-20 17:13:31 +09:00
53a6b0fd3b
Configurable metrics max batch size
2020-06-20 15:58:14 +09:00
5b0f7d7d6e
Improve performance.
2020-06-10 17:36:56 +08:00
1d4c7ec65c
Fix lua lint error
2020-06-09 17:19:16 -04:00
f27b404421
Serve correct TLS certificate for requests with uppercase host
2020-06-09 16:47:03 -04:00
bafbd4cccf
Enable lj-releng tool to lint lua code.
2020-06-09 18:01:35 +08:00
c035a144f8
Support the combination of nginx variables and text value for annotation upstream-hash-by.
2020-06-01 06:37:41 +08:00
3b217cf766
make sure first backend sync happens in timer phase
2020-04-30 19:44:24 -04:00
c8eb914d8a
Remove noisy dns log
2020-04-28 18:34:51 -04:00
b569d2357a
staple only when OCSP response status is "good"
2020-04-19 13:53:47 -04:00
1dab12fb81
Lua OCSP stapling
2020-04-16 21:29:16 -04:00
b60e25f1db
ingress-nginx lua plugins documentation
2020-04-14 09:47:58 -04:00
8527f774f7
Change condition order that produces endless loop
2020-04-03 10:53:40 -03:00
5cf7018b6d
Merge pull request #5277 from ElvinEfendi/small-refactoring
...
refactoring: use more specific var name
2020-03-23 06:02:51 -07:00
6ea6d47044
Empty directory
2020-03-22 17:16:30 -03:00
1894579455
Remove unnecessary logs
2020-03-22 17:09:39 -03:00
eb112ea06c
refactoring: use more specific var name
2020-03-21 21:23:24 -04:00
f2e5d6f8a5
Migrate the backends handler logic to function
2020-02-27 09:31:04 +08:00
0b33650bb8
Feat: canary supports using specific match strategy to match header value.
2020-02-21 10:02:20 +08:00
ad78425852
also expose pem cert uid in certificate.call function
2020-02-19 13:41:50 -05:00
4bb9106be2
refactor ssl handling in preperation of OCSP stapling
2020-02-19 13:14:35 -05:00
b2beeeab25
Add case for when user agent is nil
...
Add test for nil user agent
2020-02-16 21:07:45 -06:00
5e54f66ab2
Merge pull request #5040 from BrianKopp/samesite-followup
...
Update documentation and remove hack fixed by upstream cookie library
2020-02-10 10:25:53 -08:00
46a3e0a6fd
Fix X-Forwarded-Proto based on proxy-protocol server port
2020-02-10 18:08:34 +03:00
7c7a1b9c8b
Update samesite tests
2020-02-08 12:58:52 -07:00
34b194c770
Update documentation and remove hack fixed by upstream cookie library
2020-02-08 11:54:52 -07:00
1b523390bb
Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility
2020-01-29 14:30:00 -07:00
665f924e9e
Add proxy protocol support for X-Forwarded-Port
...
Fixes https://github.com/kubernetes/ingress-nginx/issues/4951
2020-01-24 13:50:35 +01:00
a8c2c9c6bc
Remove todo from lua test ( #4894 )
2020-01-08 19:46:52 -03:00
5ce93d98c2
Fix lua test
2020-01-05 16:00:54 -03:00
6c92c80073
Fix sticky session for ingress without host
2020-01-02 16:52:49 -03:00
54918c0ff2
fix duplicate hsts bug
2019-12-12 13:49:13 -05:00
31227d61c2
Removing secure-verify-ca-secret support and writing an error log if that annotation is used in an Ingress definition
2019-10-18 10:58:57 +02:00
7fc442c7f1
update test cases
2019-10-14 08:14:35 -07:00
b698699fdd
More helpful DNS failure message
...
Previously if dns.lua failed to resolve a name you'd see the following in your logs:
```
2019/10/12 23:39:34 [error] 41#41: *6474 [lua] dns.lua:121: dns_lookup(): failed to query the DNS server:
server returned error code: 3: name error
server returned error code: 3: name error, context: ngx.timer
```
Unfortunately this doesn't tell you what name is failing (so you have to start guessing). To alleviate the pain this simply adds the host name we are attempting to resolve to the log line so users don't have to guess.
2019-10-14 08:14:35 -07:00
e4571fdeef
optimize: local cache global variable and reduce string object creation.
...
and some code style.
2019-09-25 09:43:11 -04:00
73e659f5fc
improve certificate configuration detection per request
2019-09-24 21:17:22 -04:00
c5a8357f1d
handle hsts header injection in lua
2019-09-24 21:17:22 -04:00
8c64b12a96
refactor force ssl redirect logic
2019-09-24 14:57:52 -04:00
e392c8a8af
cleanup unused certificates
2019-09-24 14:16:03 -04:00
0f378154a0
Merge pull request #4591 from membphis/change/lua-code-style
...
optimize: local cache global variable and avoid single lines over 80
2019-09-24 07:55:29 -07:00
1ce68c8723
optimize: local cache global variable and avoid single lines over 80
...
characters.
2019-09-24 10:08:45 -04:00
f6c2f5fb97
Merge pull request #4514 from alexmaret/4475-stickyness-mode
...
Added new affinity mode for maximum session stickyness.
2019-09-24 05:09:27 -07:00
c26ab315b8
Fixed LUA lint findings.
2019-09-24 10:56:11 +02:00
f1839ddb42
Fixed review findings.
2019-09-24 10:46:02 +02:00
bbcf3dc625
regression test for the issue fixed in #4543
2019-09-10 10:00:21 -04:00
28a42686a5
Correctly format ipv6 resolver config for lua
...
It seems that when support was added for parsing resolv_conf directly a regression was introduced which effectively breaks anyone with ipv6 resolvers.
Regression of #3895
2019-09-06 21:18:07 -07:00
880b3dc5f1
Fixed test findings.
2019-08-30 19:08:03 +02:00
881e352d68
Converted sticky session balancers into separate classes.
2019-08-30 18:07:24 +02:00
9170591185
Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475
2019-08-30 11:40:29 +02:00
76c2063be8
Code Review changes. Remove duplicate tests.
2019-08-26 14:00:59 -05:00
1f8ab60e40
Adds Wilcard check for hostname. Adds wildcard hostname tests.
2019-08-26 14:00:44 -05:00
57db904c92
fix lua certificate handling tests
2019-08-26 13:05:05 -04:00
8def5ef7ca
Add support for multiple alias and remove duplication of SSL certificates ( #4472 )
2019-08-26 10:58:44 -04:00
30b64df10a
ewma improvements
2019-08-15 13:13:43 -04:00
dd0fe4b458
Merge pull request #4422 from ElvinEfendi/lua-resolv-conf-search
...
teach lua about search and ndots settings in resolv.conf
2019-08-14 17:36:33 -07:00
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode
...
Only support SSL dynamic mode
2019-08-14 17:08:35 -07:00
7b4655bb39
teach lua about search and ndots settings in resolv.conf
2019-08-14 18:03:30 -04:00
d46b4148fa
Lua /etc/resolv.conf parser and some refactoring
2019-08-13 18:34:54 -04:00
80bd481abb
Only support SSL dynamic mode
2019-08-13 17:33:34 -04:00
8f5fa78e1a
regression test
2019-07-26 10:18:31 -04:00
6f7b66fc7d
memoize balancer for a request
2019-07-26 09:35:58 -04:00
b424ad2681
avoid warning during lua unit test
2019-07-11 18:24:13 -04:00
97d3a0ddab
fix lua lints
2019-07-08 13:51:24 -04:00
8b208cac93
introduce proxy_alternative_upstream_name Nginx var to differentiate canary requests
2019-07-04 19:43:20 -04:00
0e5913310d
dynamic cert mode should understand domain with trailing dot
2019-07-04 17:30:41 -04:00
27df697dde
introduce ngx.var.balancer_ewma_score
2019-07-03 16:50:22 -04:00
b66f9e329d
override least recently used entries when certificate_data dictionary is full
2019-07-01 10:18:40 -04:00
2b46c3a056
fix monitor test after move to openresty
2019-06-24 14:21:19 -04:00
57a0542fa3
Merge pull request #4187 from s-shirayama/add_unit_test_case_for_balancer_lua_module
...
Add unit test cases for balancer lua module
2019-06-13 09:02:20 -07:00
6f0d6b38b8
Add unit test case for canary by header
2019-06-11 22:34:33 +09:00
0ff679baa7
Add unit test case for canary by cookie
2019-06-11 22:34:30 +09:00
e9f4c0bb0e
Add unit test case for canary by weight
2019-06-11 22:34:24 +09:00
7a15f52cf1
Add unit test case for balancer.route_to_alternative_balancer()
2019-06-11 22:34:05 +09:00
e2c6202324
bugfix: check all previously failing upstreams, not just the last one
2019-06-07 10:00:31 -04:00
b9b1ffb1d5
simplify sticky balancer
2019-06-06 16:32:33 -04:00
83f2acbe38
Session Affinity ChangeOnFailure should be boolean
2019-06-06 11:22:05 -04:00
254629cf16
Added support for annotation `session-cookie-change-on-failure`
...
1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`).
2. Added tests to check both cases.
3. Updated docs.
Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com>
2019-05-27 13:00:07 +03:00
0e9e40a60b
use nkeys for counting lua table elements
2019-05-26 18:15:15 -04:00
dc7fa885a2
log info when endpoints change for a balancer
2019-05-25 23:50:18 -04:00
93f00b2143
fix luacheck warning
2019-04-13 15:26:48 -04:00
45add6cb7d
better certificate lua unit tests
2019-04-13 14:01:44 -04:00
42c207c548
handle default certificate correctly in Lua
2019-04-13 12:32:06 -04:00
f067712824
better logging in certificate.lua
2019-04-13 12:32:06 -04:00
8f81538b0d
lua plugin system
2019-04-04 09:25:22 -04:00
87e962682f
properly parse x-forwarded-host
2019-03-31 15:10:45 -04:00
496ff07bf1
replace some of the Nginx configuration to Lua code
2019-03-31 12:04:52 -04:00
6c1a7f1efd
Add support for IPV6 resolvers
2019-03-21 11:23:47 -03:00
d3ac73be79
Remove session-cookie-hash annotation
2019-03-04 10:34:48 -05:00
c96eae3015
Add /dbg certs command
2019-02-25 11:38:07 -05:00
15d5ef95ef
Merge pull request #3740 from Shopify/session-annotation-reload
...
Fix ingress updating for session-cookie-* annotation changes
2019-02-19 15:14:21 -08:00
c180a0998b
Fix session-cookie-* annotation reloading
2019-02-19 17:27:08 -05:00
f6aded2c51
Fix DNS failures in L4 services
2019-02-17 14:12:10 -08:00
Manuel Alejandro de Brito Fontes
wenzong
Frank Gadban
agile6v
Bo0km4n
Andreas Sommer
Elvin Efendi
Kubernetes Prow Robot
Lisheng Zheng
briankopp
Ilya Nemakov
Boris Djurdjevic
Laszlo Janosi
Thomas Jackson
Yuansheng
Alexander Maret-Huskinson
Zovin Khanmohammed
s-shirayama
Eugene Fedunin
Alex Kursell
Kevin Pullin