ad78425852
also expose pem cert uid in certificate.call function
2020-02-19 13:41:50 -05:00
4bb9106be2
refactor ssl handling in preperation of OCSP stapling
2020-02-19 13:14:35 -05:00
b2beeeab25
Add case for when user agent is nil
...
Add test for nil user agent
2020-02-16 21:07:45 -06:00
d48d5a61ae
Add gzip-min-length as a configurable
2020-02-14 13:29:51 +07:00
71e35c9100
Make sure set-cookie is retained from external auth endpoint ( #5067 )
2020-02-14 01:41:11 -03:00
5e54f66ab2
Merge pull request #5040 from BrianKopp/samesite-followup
...
Update documentation and remove hack fixed by upstream cookie library
2020-02-10 10:25:53 -08:00
46a3e0a6fd
Fix X-Forwarded-Proto based on proxy-protocol server port
2020-02-10 18:08:34 +03:00
7c7a1b9c8b
Update samesite tests
2020-02-08 12:58:52 -07:00
34b194c770
Update documentation and remove hack fixed by upstream cookie library
2020-02-08 11:54:52 -07:00
b3146354d4
Refactor mirror feature
2020-02-05 10:39:55 -03:00
b9e944a8a6
Move mod-security logic from template to go code ( #5009 )
2020-02-04 14:04:11 -03:00
1b523390bb
Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility
2020-01-29 14:30:00 -07:00
5d05e19cc3
Fix enable opentracing per location ( #4983 )
2020-01-29 12:20:05 -03:00
2f8cbeb8fa
Merge pull request #4956 from djboris9/proxy-protocol-port
...
Fix proxy protocol support for X-Forwarded-Port
2020-01-26 12:27:02 -08:00
7ff49b25d6
Move opentracing configuration for location to go ( #4965 )
2020-01-25 21:39:20 -03:00
665f924e9e
Add proxy protocol support for X-Forwarded-Port
...
Fixes https://github.com/kubernetes/ingress-nginx/issues/4951
2020-01-24 13:50:35 +01:00
a8c2c9c6bc
Remove todo from lua test ( #4894 )
2020-01-08 19:46:52 -03:00
5ce93d98c2
Fix lua test
2020-01-05 16:00:54 -03:00
fbdd924a45
Update nginx image
2020-01-04 13:23:16 -03:00
6c92c80073
Fix sticky session for ingress without host
2020-01-02 16:52:49 -03:00
a0523c3c8a
Use a named location for authSignURL ( #4859 )
2019-12-24 22:50:25 -03:00
54918c0ff2
fix duplicate hsts bug
2019-12-12 13:49:13 -05:00
75e8d37d71
Fix issue in logic of modsec template
...
according to go templates: `(and ((not false) false))` == `true`
the only way to remove the owasp rules from every location is to disable modsec on that location, or to enable owasp globally, both not-so-great choices.
This commit fixes the logic issue by fixing the and-clause in the if-statement. As a result this reduces global resource usages when modsecurity is configured globally, but not on every location.
2019-11-28 14:56:41 +01:00
a85d5ed93a
Merge pull request #4779 from aledbf/update-image
...
Remove lua-resty-waf feature
2019-11-27 11:45:05 -08:00
b286c2a336
Merge pull request #4732 from willthames/enable-opentracing-annotation
...
Allow enabling/disabling opentracing for ingresses
2019-11-26 17:31:21 -08:00
0ae463a5f3
Provide annotation to control opentracing
...
By default you might want opentracing off, but on for a particular
ingress.
Similarly, you might want opentracing globally on, but disabled for
a specific endpoint. To achieve this, `opentracing_propagate_context`
cannot be set when combined with `opentracing off`
A new annotation, `enable-opentracing` allows more fine grained control
of opentracing for specific ingresses.
2019-11-27 11:07:26 +10:00
61d902db14
Remove Lua resty waf feature
2019-11-26 10:37:43 -03:00
62518b60b4
Merge pull request #4689 from janosi/upstream_ssl
...
Server-only authentication of backends and per-location SSL config
2019-11-18 19:49:43 -08:00
0d244e1c41
Merge pull request #4730 from stamm/master
...
add configuration for http2_max_concurrent_streams
2019-11-08 07:12:29 -08:00
d9cfad1894
add configuration for http2_max_concurrent_streams
2019-10-31 15:13:38 +03:00
cc84bd4ab6
Server level proxy_ssl parameters are applied again, following the comments received.
...
Also writing tls.crt and tls.key to disk is according to the original code.
2019-10-26 20:20:18 +02:00
31227d61c2
Removing secure-verify-ca-secret support and writing an error log if that annotation is used in an Ingress definition
2019-10-18 10:58:57 +02:00
37fe9c9876
Enabling per-location proxy-ssl parameters, so locations of the same server but with own unique Ingress definitions can have different SSL configs
2019-10-17 10:15:53 +02:00
7fc442c7f1
update test cases
2019-10-14 08:14:35 -07:00
b698699fdd
More helpful DNS failure message
...
Previously if dns.lua failed to resolve a name you'd see the following in your logs:
```
2019/10/12 23:39:34 [error] 41#41: *6474 [lua] dns.lua:121: dns_lookup(): failed to query the DNS server:
server returned error code: 3: name error
server returned error code: 3: name error, context: ngx.timer
```
Unfortunately this doesn't tell you what name is failing (so you have to start guessing). To alleviate the pain this simply adds the host name we are attempting to resolve to the log line so users don't have to guess.
2019-10-14 08:14:35 -07:00
69880ac9ad
Merge pull request #4650 from DaveAurionix/master
...
Expose GeoIP2 Organization as variable $geoip2_org
2019-10-12 15:34:36 -07:00
0476715022
Need to quote expansion of $cfg.LogFormatStream in log_stream access log
...
format in nginx.tmpl otherwise individual variables are just glued together
without separating spaces so that you would get these in access logs:
[10/Oct/2019:05:03:30 +0000]TCP200000.003
[10/Oct/2019:05:03:30 +0000]TCP200000.000
[10/Oct/2019:05:05:04 +0000]TCP200000.000
which supposed to be someting like these:
[10/Oct/2019:05:03:30 +0000] TCP 200 0 0 0.003
[10/Oct/2019:05:03:30 +0000] TCP 200 0 0 0.000
[10/Oct/2019:05:05:04 +0000] TCP 200 0 0 0.000
2019-10-10 17:27:15 +10:00
8e926b21d1
Expose GeoIP2 Organization as variable $geoip2_org
2019-10-09 09:47:48 +01:00
8fd17045e6
Merge pull request #4603 from membphis/code-style
...
optimize: local cache global variable and reduce string object creation.
2019-10-08 07:51:15 -07:00
72c4ffa8b5
add modsecurity-snippet key
2019-09-28 09:54:07 +02:00
e4571fdeef
optimize: local cache global variable and reduce string object creation.
...
and some code style.
2019-09-25 09:43:11 -04:00
73e659f5fc
improve certificate configuration detection per request
2019-09-24 21:17:22 -04:00
c5a8357f1d
handle hsts header injection in lua
2019-09-24 21:17:22 -04:00
c93d384fb1
delete redundant config
2019-09-24 18:51:35 -04:00
8c64b12a96
refactor force ssl redirect logic
2019-09-24 14:57:52 -04:00
e392c8a8af
cleanup unused certificates
2019-09-24 14:16:03 -04:00
1dc4d184a0
Merge pull request #4550 from Shopify/upstream-auth-proxy-set-headers
...
Add support for configmap of headers for auth-url per ingress
2019-09-24 09:33:27 -07:00
0f378154a0
Merge pull request #4591 from membphis/change/lua-code-style
...
optimize: local cache global variable and avoid single lines over 80
2019-09-24 07:55:29 -07:00
786a3b6862
Add support for configmap of headers to be sent to external auth service
2019-09-24 10:53:23 -04:00
1ce68c8723
optimize: local cache global variable and avoid single lines over 80
...
characters.
2019-09-24 10:08:45 -04:00
Elvin Efendi
briankopp
Daniel Arifin
Manuel Alejandro de Brito Fontes
Kubernetes Prow Robot
Ilya Nemakov
Boris Djurdjevic
MMeent
Will Thames
Rustam Zagirov
Laszlo Janosi
Thomas Jackson
Sergei Turchanov
Dave Thompson
MRoci
Yuansheng
A Gardner