d8bd8c5619
Add nginx proxy_max_temp_file_size configuration option
2019-08-15 13:47:42 -04:00
0b375989f3
Merge pull request #4412 from Shopify/ssl-early-data
...
Add nginx ssl_early_data option support
2019-08-15 10:08:35 -07:00
6a293c7e11
set /configuration client body size dynamically
2019-08-14 22:10:56 -04:00
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode
...
Only support SSL dynamic mode
2019-08-14 17:08:35 -07:00
adef152db8
Merge pull request #4379 from diazjf/mirror
...
Allow Requests to be Mirrored to different backends
2019-08-13 17:52:24 -07:00
d46b4148fa
Lua /etc/resolv.conf parser and some refactoring
2019-08-13 18:34:54 -04:00
80bd481abb
Only support SSL dynamic mode
2019-08-13 17:33:34 -04:00
2ed75b3362
Move listen logic to go
2019-08-13 14:52:25 -04:00
4d97240d88
Add timezone value into $geoip2_time_zone variable
2019-08-11 14:26:48 +02:00
f459515d0d
Add quote function in template
...
Co-authored-by: Charle Demers <charle.demers@gmail.com>
2019-08-09 15:47:29 -04:00
8c472190d1
Merge pull request #4086 from jeroen92/issue-4038
...
Resolve #4038 , move X-Forwarded-Port variable to the location context
2019-08-09 08:07:25 -07:00
4a9b02bc03
Remove dynamic TLS records
2019-08-08 15:52:56 -04:00
a2e667c082
lua shared dict from cm
...
lua shared dict teml test and update func sign
lua shared dict cm test
lua shared dict integration test
lua shared dict add cm parsing
lua shared dict change test header
2019-08-08 12:44:11 +03:00
7219130da4
Add nginx ssl_early_data option support
2019-08-07 16:04:09 -04:00
8dd912114e
Move X-Forwarded-Port variable to the location context
...
Resolves issue #4038 where the X-Forwarded-Port header would be set to the value of the https listening port if all of the following settings were satisfied:
- The ingress controller was started with a non-default HTTPS port set with the `--https-port` argument
- An ingress is created having:
- the `nginx.ingress.kubernetes.io/auth-url` annotation set
- TLS enabled
This commit solves this issue by moving the setting of the `pass_server_port` variable from the server, one level down to the location context.
2019-08-06 17:00:58 +02:00
386486e969
Allow Requests to be Mirrored to different backends
...
Add a feature which allows traffic to be mirrored to
additional backends. This is useful for testing how
requests will behave on different "test" backends.
See https://nginx.org/en/docs/http/ngx_http_mirror_module.html
2019-08-01 11:53:58 -05:00
72271e9313
FastCGI backend support ( #2982 )
...
Co-authored-by: Pierrick Charron <pierrick@adoy.net>
2019-07-31 10:39:21 -04:00
def13fc06c
Add proxy_ssl_* directives
...
Add support for backends which require client certificate (eg. NiFi)
authentication. The `proxy-ssl-secret` k8s annotation references a
secret which is used to authenticate to the backend server. All other
directives fine tune the backend communication.
The following annotations are supported:
* proxy-ssl-secret
* proxy-ssl-ciphers
* proxy-ssl-protocol
* proxy-ssl-verify
* proxy-ssl-verify-depth
2019-07-18 03:21:52 +02:00
589c9a20f9
Merge pull request #4278 from moolen/feat/auth-req-cache
...
feat: auth-req caching
2019-07-17 12:06:12 -07:00
23504db770
feat: auth-req caching
...
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.
[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2019-07-17 18:39:04 +02:00
fe6c086580
Merge pull request #4288 from eshicks4/proxy-http-version-annotation
...
added proxy-http-version annotation to override the HTTP/1.1 default …
2019-07-11 11:43:07 -07:00
1e07cc6933
Disable access log in stream section for configuration socket
2019-07-10 13:42:13 -04:00
3b0c523e49
added proxy-http-version annotation to override the HTTP/1.1 default connection type to reverse proxy backends
2019-07-08 14:32:00 -04:00
7c297e001a
Merge pull request #4246 from ElvinEfendi/proxy-alternative-upstream-name
...
introduce proxy_alternative_upstream_name Nginx var
2019-07-04 19:20:35 -07:00
8b208cac93
introduce proxy_alternative_upstream_name Nginx var to differentiate canary requests
2019-07-04 19:43:20 -04:00
8807db9748
Check and complete intermediate SSL certificates
2019-07-04 19:13:21 -04:00
27df697dde
introduce ngx.var.balancer_ewma_score
2019-07-03 16:50:22 -04:00
591887089f
Add e2e test suite to detect memory leaks in lua
2019-06-27 22:05:52 -04:00
ddffa2a173
Enable arm again
2019-06-26 23:00:58 -04:00
5dfc7e211f
Merge pull request #4221 from aledbf/upgrade-nginx-image
...
Switch to openresty image
2019-06-24 09:45:57 -07:00
991f95f6bf
Migrate to openresty
2019-06-23 22:29:11 -04:00
d7b213d979
Do not set Host header when backend protocol is grpc
2019-06-18 23:44:10 -04:00
c11583dc5f
Only load modsecurity_module when ModSec is active
2019-06-11 16:39:52 +02:00
c4597522bf
Refactor whitelist from map to standard allow directives
2019-05-27 04:55:38 -04:00
abca32ba8e
reduce memory footprint and cpu usage when modsecurity and owasp rules are enabled globally
2019-05-18 19:08:30 +02:00
8b7f069b56
load modsecurity.conf on ModSecurity.Enable
2019-05-13 17:39:06 +02:00
8cc9afe8ee
Added Global External Authentication settings to configmap parameters incl. addons
2019-05-03 12:08:16 +02:00
34734edc6e
Merge pull request #4005 from Shopify/proxy-next-upstream-timeout
...
Support proxy_next_upstream_timeout
2019-04-15 09:10:09 -07:00
ffeb1fe348
Support proxy_next_upstream_timeout
2019-04-15 11:08:57 -04:00
2f3cf1a6c0
do not create empty access_by_lua_block
2019-04-13 16:11:46 -04:00
8f81538b0d
lua plugin system
2019-04-04 09:25:22 -04:00
496ff07bf1
replace some of the Nginx configuration to Lua code
2019-03-31 12:04:52 -04:00
1bef3e75b2
Set `X-Request-ID` for the `default-backend`, too.
2019-03-22 11:33:11 +01:00
a3c87cf9cb
Properly set ing.Service when there are multiple rules with different hosts using the same path
...
Fixes #3611
Signed-off-by: Alejandro Pedraza <alejandro.pedraza@gmail.com>
2019-03-07 06:06:24 -05:00
8b3702c829
Enable access log for default backend
...
disable log on default_server
2019-02-26 11:14:31 +03:00
3865e30a00
Changes CustomHTTPErrors annotation to use custom default backend
...
Updates e2e test
Removes focus from e2e test
Fixes renamed function
Adds tests for new template funcs
Addresses gofmt
Updates e2e test, fixes custom-default-backend test by creating service
Updates docs
2019-02-24 22:48:56 +01:00
7b2495047f
Merge pull request #3781 from zoumo/proxy-buffer-number
...
feat: configurable proxy buffers number
2019-02-22 12:11:46 -08:00
dc63e5d185
fix: rename proxy-buffer-number to proxy-buffers-number
2019-02-22 10:21:17 +08:00
8b6e4d4697
Use UsePortInRedirects only if enabled
2019-02-21 17:48:45 -03:00
c92d29d462
feat: configurable proxy buffer number
2019-02-20 18:05:09 +08:00
ec04852526
Create custom annotation for satisfy "value"
2019-02-19 15:58:35 -05:00
201718ec0f
Merge pull request #3775 from kppullin/fix-l4-dns-resolve-failures
...
Fix DNS lookup failures in L4 services
2019-02-19 11:11:48 -08:00
f6aded2c51
Fix DNS failures in L4 services
2019-02-17 14:12:10 -08:00
adc128711b
delete confusing CustomErrors attribute to make things more explicit
2019-02-13 22:41:02 -05:00
17e788b8e1
Merge pull request #3684 from aledbf/health
...
Replace Status port using a socket
2019-02-06 13:49:08 -08:00
34b0580225
Replace Status port using a socket
2019-02-06 18:00:10 -03:00
5dee6af957
add params for access log
2019-01-26 21:42:11 +03:00
61bca89d13
Merge pull request #3637 from aledbf/fix-redirect
...
Add support for redirect https to https (from-to-www-redirect)
2019-01-10 19:58:35 -08:00
a3bcbeb3d2
Add support for redirect https to https when from-to-www-redirect is defined
2019-01-10 20:59:49 -03:00
916b6a06d2
Empty access_by_lua_block breaks satisfy any
2019-01-10 10:27:23 -03:00
edd87fbae3
add limit connection status code
...
add default conn status code
add missing colon
add limit connection status code
2019-01-09 19:31:10 +02:00
71cc6df74f
Merge pull request #3174 from Shopify/rewrite-regex
...
Generalize Rewrite Block Creation and Deprecate AddBaseUrl (not backwards compatible)
2019-01-02 12:30:18 -08:00
a73dac2c0b
Fix proxy_host variable configuration
2019-01-02 15:31:27 -03:00
bf7b5ebd81
Add an option to automatically set worker_connections based on worker_rlimit_nofile
2018-12-27 18:36:19 +01:00
382049a0bf
Adds support for HTTP2 Push Preload annotation
...
update test for backendprotocols
Adds support for HTTP2 Push Preload annotation
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
Adds support for HTTP2 Push Preload annotation
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
Adds support for HTTP2 Push Preload annotation
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
Adds support for HTTP2 Push Preload annotation
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
Adds support for HTTP2 Push Preload annotation
Adds support for HTTP2 Push Preload annotation
2018-12-24 17:13:25 -02:00
4896b064ca
lua randomseed per worker
2018-12-20 17:09:29 +04:00
67654a6fd5
Generalize Rewrite Block Creation
2018-12-13 13:02:05 -05:00
06d33c16b5
Allow to disable NGINX metrics
2018-12-05 10:14:35 -03:00
4eabd535f9
be consistent with what Nginx supports
2018-12-02 22:20:56 +04:00
b80b19902a
Use opentracing_grpc_propagate_context when necessary
2018-12-01 16:31:10 -05:00
35b8023dc8
Match body buffer to max upload size
2018-11-20 15:06:03 -03:00
bf7ad0daca
Merge pull request #3374 from aledbf/restore-tcp-udp
...
Revert removal of support for TCP and UDP services
2018-11-18 08:33:29 -08:00
34598e71e0
Merge pull request #3428 from aledbf/set-variables
...
Set proxy_host variable to avoid using default value from proxy_pass
2018-11-18 02:17:49 -08:00
442b01e5e8
Merge pull request #3400 from diazjf/more-modsecurity
...
Add Snippet for ModSecurity
2018-11-17 03:35:53 -08:00
a2d50c2cd6
Set proxy_host variable to avoid using default value from proxy_pass
2018-11-16 14:55:53 -03:00
168f30d1ec
Revert removal of support for TCP and UDP services
2018-11-16 13:48:47 -03:00
95b3042b6e
Add a Snippet for ModSecurity
...
Allows for the configuration of Mod Security rules via
a Snippet.
2018-11-14 23:31:27 -06:00
20b095f444
Fix X-Forwarded-Proto typo
2018-11-14 10:19:31 -05:00
0f3e2b9bf0
Convert isValidClientBodyBufferSize to something more generic and use it for client_max_body_size
2018-11-13 10:11:40 -05:00
e1720d62f4
Prevent X-Forwarded-Proto forward during external auth subrequest
2018-11-12 09:13:48 -05:00
5195600841
Allows ModSecurity to be configured per location
...
The following annotations will be added:
- enable-modsecurity
- enable-owasp-core-rules
- modsecurity-transaction-id
Fixes #3167
2018-11-06 22:24:31 -06:00
265f96bf14
Merge pull request #3344 from ecosia/jg-customerrors-per-ingress
...
Adds CustomHTTPErrors ingress annotation and test
2018-11-06 09:21:49 -08:00
0ebf0354cb
Adds CustomHTTPErrors ingress annotation and test
...
Adds per-server/location error-catch functionality to nginx template
Adds documentation
Reduces template duplication with helper function for CUSTOM_ERRORS data
Updates documentation
Adds e2e test for customerrors
Removes AllCustomHTTPErrors, replaces with template function with deduplication and adds e2e test of deduplication
Fixes copy-paste error in test, adds additional test cases
Reverts noop change in controller.go (unused now)
2018-11-06 16:47:52 +01:00
b511333130
add support for auth-snippet annotation
...
add test for new auth-snippet annotation
document auth-snippet annotation
add e2e test for auth-snippet annotation
add log warning and update documentation
2018-11-05 16:02:29 -06:00
36aceded32
Avoid reloads when endpoints are not available
2018-11-01 10:00:49 -03:00
71ebe1cba5
Code linting
2018-10-30 20:46:48 -03:00
c27c57dc8b
Add configuration for geoip2 module
...
Based on closed PRs #2551 , #2755
2018-10-29 21:25:23 +01:00
063f652711
Merge pull request #3187 from DesmondHoLLM/feature/annotations-resty-lua
...
UPT: annotation enhancement for resty-lua-waf
2018-10-25 00:06:03 -07:00
bf03046a80
UPT: updated e2e test and default true for process-multipart-body annotation
2018-10-25 14:17:38 +08:00
5cc116fa10
fix bug with balancer.lua configuration
2018-10-24 22:42:40 +04:00
bab521e81a
UPT: align waf options
2018-10-20 12:46:39 +08:00
04a89ce234
UPT: annotation enhancement for resty-lua-waf
2018-10-20 12:09:38 +08:00
12955a4a1b
Allow Ability to Configure Upstream Keepalive
...
Allows Upstream Keepalive values like keepalive_timeout and
keepalive_requests to be configured via ConfigMap.
Fixes #3099
2018-10-11 20:46:42 -05:00
3edf11b85f
Merge pull request #3198 from aledbf/only-dynamic
...
Only support dynamic configuration
2018-10-10 05:07:34 -07:00
74c2f93de6
Only support dynamic configuration
2018-10-09 22:05:45 -03:00
f56ab42cd2
Merge pull request #3194 from bshelton229/literal-dollar-character
...
Make literal $ character work in set $location_path
2018-10-09 15:52:39 -07:00
3686e4f366
Move escapeLocationPathVar to escapeLiteralDollar
2018-10-09 12:58:50 -07:00
78f12c25c5
delete upstream healthcheck annotation
2018-10-09 09:14:13 -04:00
3cf00b2fd8
Merge pull request #3197 from aledbf/remove-tcp-udp
...
Remove support for TCP and UDP services
2018-10-08 07:19:39 -07:00
182767b06b
Merge pull request #3170 from Globegitter/move-mainsnippet
...
Move mainSnippet before events to fix load_module issue.
2018-10-08 06:22:25 -07:00
3dc131bd57
Make literal $ character work in set $location_path
2018-10-07 12:58:39 -07:00
44bdc7eb59
Remove support for TCP and UDP services
2018-10-07 10:53:37 -03:00
b46523a1f4
Merge pull request #3149 from diazjf/proxy-e2e-tests
...
Add e2e Tests for Proxy Annotations
2018-10-05 05:15:09 -07:00
8848c1864a
Move mainSnippet before events.
2018-10-02 15:24:44 +02:00
e5dca9353e
Remove Unneeded Quotes from Nginx Directives
...
Removes quotes from nginx directives which my cause issues with
their functionality
Fixes #3152
2018-10-01 16:10:33 -05:00
d9f58144eb
Merge pull request #3145 from Shopify/regex-modifier
...
Add "use-regex" Annotation to Toggle Regular Expression Location Modifier
2018-10-01 11:31:43 -07:00
f29bdc3e8d
Add 'use regex' annotation to toggle nginx regex location modifier
2018-10-01 13:54:11 -04:00
bf4be49c02
Fix incorrect .DisableLua access. ( #3144 )
...
* Fix incorrect .DisableLua access.
* Address comment.
2018-09-26 14:05:05 -03:00
a2ccd1f224
Fix usage for $all.
2018-09-26 16:38:16 +02:00
fe219db231
Ensure monitoring for custom error pages
...
Fixes #3140
2018-09-26 16:26:38 +02:00
b3a22f7fc0
do not require --default-backend-service
2018-09-25 21:14:28 -04:00
c4a562dded
Merge pull request #3130 from alanbover/fix/newlines_location_denied
...
fix newlines location denied
2018-09-25 07:04:50 -07:00
6454608c6c
fix newlines location denied
2018-09-25 15:36:23 +02:00
6393ca6aaf
Merge pull request #2997 from StarOfService/global-block-ip-ua-ref
...
Provide possibility to block IPs, User-Agents and Referers globally
2018-09-25 05:51:56 -07:00
7212d0081b
Provide possibility to block CIDRs, User-Agents and Referers globally
2018-09-25 14:16:20 +03:00
6ed5c95562
Merge pull request #3098 from ElvinEfendi/make-keepalive-work
...
make upstream keepalive work for http
2018-09-15 07:36:27 -07:00
6511fa9f58
make upstream keepalive work for http
2018-09-14 19:40:54 -04:00
0e6f0bb88d
enforce ^~ location modifier when rewrite-target annotation is set
2018-09-13 10:39:52 -04:00
0a9db37e0f
Merge pull request #3062 from lahsivjar/issue-fix-host-header
...
Pass Host header for custom errors
2018-09-09 09:51:13 -07:00
4e14b809df
Pass Host header for custom errors
2018-09-09 19:39:10 +08:00
9099f3b4db
add support for http2-max-requests in configmap
2018-09-02 23:53:30 -06:00
b0b575db33
Merge pull request #2965 from Shopify/dynamic-certificates-nginx
...
Add Lua module to serve SSL Certificates dynamically
2018-08-23 20:27:55 -07:00
cbf041fc3e
Add Lua module to serve SSL Certificates dynamically
2018-08-23 22:15:54 -04:00
f6905ae0ff
Pass real source IP address to auth request
2018-08-23 10:37:33 -03:00
2207d7694d
batch metrics and flush periodically
2018-08-18 13:17:21 -04:00
b5bcb93a4b
Merge branch 'master' into xff
2018-08-16 18:15:14 +02:00
bc37ba14e8
dont restrict status page to localhost only
2018-08-08 12:46:12 -04:00
a68820808a
Fix documentation ( #2902 )
2018-08-05 22:30:46 -04:00
7f7f59df79
Merge pull request #2894 from aledbf/authbind
...
Use authbind to bind privileged ports
2018-08-05 08:43:43 -07:00
b148f113ae
Use authbind to bind privileged ports
2018-08-05 11:18:50 -04:00
060704c624
Merge pull request #2682 from aledbf/listen-localhost
...
Use localhost to expose status server
2018-08-04 17:16:56 -07:00
6b2c7e08db
Use localhost to expose status server
2018-08-04 18:57:56 -04:00
b7bcf92480
support configuring multi_accept directive via configmap
2018-08-04 19:20:01 +03:00
1bacf1655e
support custom configuration to main context of nginx config
2018-08-04 00:53:06 +03:00
ed19dc3bc6
fix custom-error-pages functionality in dynamic mode
2018-07-26 13:36:09 -04:00
d4faf68416
add support for ExternalName service type in dynamic mode
2018-07-25 09:05:47 -04:00
587c2a8765
Escape $request_uri for external auth
2018-07-19 15:22:05 +09:00
29ecae5b64
Merge pull request #2752 from dongqi1990/master
...
use format "range v := iterative object" and "range k, v := iterative object" when the type of iterative object is slice and map in the file nginx.tmpl
2018-07-18 04:34:20 -07:00
50084b1167
use format "range v := iterative object" and "range k, v := iterative
...
object" when the type of iterative object is slice and map in the file nginx.tmpl
2018-07-18 15:02:55 +08:00
8e06afbb45
Allow gzip compress level to be controlled via ConfigMap
2018-07-09 10:30:59 +10:00
3b25f3438f
Replace more_set_headers directive with more_clear_headers
2018-06-23 10:01:33 -04:00
700a2275d1
Merge pull request #2678 from hnrytrn/refactor-cert
...
Refactor server type to include SSLCert
2018-06-22 12:34:04 -07:00
df76d4b481
Update opentracing configuration ( #2676 )
2018-06-21 18:15:18 -04:00
86def984a3
Merge remote-tracking branch 'origin' into refactor-cert
2018-06-21 11:43:47 -04:00
2751cbf06d
Refactor to add SSLCert as a field in server type
2018-06-21 11:34:29 -04:00
aec40c171f
Improve configuration change detection ( #2656 )
...
* Use information about the configuration configmap to determine changes
* Add hashstructure dependency
* Rename queue functions
* Add test for configmap checksum
2018-06-21 10:50:57 -04:00
cb4755835e
refactor some lua code
2018-06-19 12:46:49 +04:00
fee8704b53
Add support for IPV6 in stream upstream servers ( #2649 )
2018-06-15 10:26:33 -04:00
3cbd2d66bf
Merge pull request #2643 from aledbf/remove-vts
...
Remove VTS from the ingress controller
2018-06-14 23:59:29 -07:00
dfca2a0d8d
Merge pull request #2451 from nusx/set-sticky-path-for-backend
...
fix for #1930 , make sessions sticky, for ingress with multiple rules …
2018-06-14 20:47:28 -07:00
63b38e1c21
Remove VTS from the ingress controller
2018-06-14 11:11:29 -04:00
966e9f5e25
Add monitor lua module
2018-06-13 22:54:31 -04:00
79199dd84c
Run as user dropping privileges
2018-06-12 10:18:36 -04:00
1a320ae289
fix for #1930 , make sessions sticky, for ingress with multiple rules and backends
...
* for an ingress with session affinity cookie, set the location as path on the cookie when unique
* the previous behaviour ( cookie path=/ ) is preserved for ingresses with multiple rules for the same backend (locations not unique)
added e2e tests for session affinity, setting path on sticky config
added tests:
* it should set the path to /something on the generated cookie
* it should set the path to / on the generated cookie if there's more than one rule referring to the same backend
2018-06-11 10:43:13 +02:00
67b253a149
Add use-forwarded-headers configmap option.
2018-06-11 00:06:14 +02:00
02ff8244a2
Add $location_path variable
...
When you define rules in ingress resource, you use path. So it would be
very useful to be able to use the same path in logs.
2018-06-07 13:43:29 +03:00
59aac73785
Add $service_port variable
...
According to TCP/IP (and common sense), $service_name is not enough to
uniquely identify service, we need $service_port for that.
2018-06-07 13:43:20 +03:00
eafb1890d6
Move vars to the very beginning of the location
...
To make it more clear, that you could use $namespace, $ingress_name and
$service_name variables anywhere in location (especialy in lua), move
their definition to the very begining of the location.
2018-06-07 13:43:09 +03:00
3159384480
Use lua-platform-path symlink for all platforms
2018-06-04 18:15:59 -05:00
d4e6c0dfd8
access_log should be off for internal /configuration endpoint
2018-05-31 16:01:54 -04:00
da3a87646a
make sure balancer gets deleted when ther is no backend
2018-05-28 15:51:58 -04:00
b8b5e5bc51
Merge pull request #2548 from Stono/master
...
Implement generate-request-id
2018-05-21 13:55:12 -07:00
206d32a2cd
Implement generate-request-id
...
Fixes https://github.com/kubernetes/ingress-nginx/issues/2546
2018-05-21 08:32:50 +01:00
d434583b53
InfluxDB configuration string template builder helper
...
Signed-off-by: Lorenzo Fontana <lo@linux.com>
2018-05-19 09:22:49 +02:00
93be8db612
Annotations for the InfluxDB Module
...
Signed-off-by: Lorenzo Fontana <lo@linux.com>
2018-05-19 09:22:46 +02:00
e224259e38
Resolves issue with proxy-redirect nginx configuration
...
Resolves an issue where the proxy-redirect annotations were not generating the
correct configuration possibly because of user error. This is done by only
setting the proxy_redirect if both proxy-redirect-from and proxy-redirect-to
have valid values. Also adds the e2e tests.
Fixes #2074
2018-05-17 11:22:31 -05:00
ff3e182350
Add support for grpc_set_header
2018-05-17 08:35:11 -04:00
51cf184c51
always use x-request-id
2018-04-28 00:31:23 -04:00
c995031ffd
Add annotation to enable rewrite logs in a location
2018-04-27 17:50:14 +02:00
8b6f043fd8
Add buffer configuration to external auth location config
2018-04-26 16:04:12 +02:00
8886b8a50e
Add vts-sum-key config flag
2018-04-17 11:39:32 -07:00
c60ed24f4b
Detect if header injected request_id before creating one
2018-04-17 15:49:35 +02:00
1c17962ba0
Add proxy-add-original-uri-header config flag
...
This makes it configurable if a location adds an X-Original-Uri header to the backend request. Default is "true", the current behaviour.
2018-04-16 12:34:26 +02:00
4b11fe4d25
Fix nginx template
2018-04-12 15:43:13 -04:00
4b76ad14bb
Fix buildupstream name to work with dynamic session affinity
2018-04-12 14:01:46 -04:00
1be1f658b4
disable lua for arch s390x and ppc64le
...
LuaJIT is not available for s390x and ppc64le, disable the lua part in nginx.tmpl on these platform.
2018-04-12 08:30:56 +08:00
d6eb44376d
run lua-resty-waf in different modes ( #2317 )
...
* run lua-resty-waf in different modes
* update docs
2018-04-09 09:19:13 -03:00
bad8295a42
extra waf rules per ingress ( #2315 )
...
* extra waf rules per ingress
* document annotation nginx.ingress.kubernetes.io/lua-resty-waf-extra-rules
* regenerate internal/file/bindata.go
2018-04-09 07:14:30 -03:00
16faf309ca
annotation to ignore given list of WAF rulesets ( #2314 )
2018-04-08 22:55:23 -03:00
a6fe800a47
lua-resty-waf controller ( #2304 )
2018-04-08 17:37:13 -03:00
b17ed7b6fd
Configure upload limits for setup of lua load balancer ( #2309 )
2018-04-08 15:47:49 -03:00
1c65320618
Add verification of lua load balancer to health check ( #2308 )
2018-04-08 15:24:37 -03:00
dd2bc91018
Fix HSTS without preload ( #2294 )
2018-04-04 23:17:51 -03:00
e7aa74b5d4
Add NoAuthLocations and default it to "/.well-known/acme-challenge" ( #2243 )
...
* Add NoAuthLocations and default it to "/.well-known/acme-challenge"
* Add e2e tests for no-auth-location
* Improve wording of no-auth-location tests
2018-04-01 21:02:34 -03:00
931e541fb7
Fix bug when auth req is enabled(external authentication) ( #2280 )
...
* set proxy_upstream_name correctly when auth_req module is used
* log a more meaningful message when backend is not found
2018-03-30 14:19:33 -03:00
146db43794
Disable opentracing for nginx internal urls ( #2272 )
2018-03-29 13:47:13 -03:00
c6c219a7d1
clean up tmpl ( #2263 )
...
The nginx.conf generated now is too messy remove some section only useful when dynamic configure enabled and headers only useful for https.
2018-03-29 09:36:00 -03:00
385368990c
Managing a whitelist for _/nginx_status ( #2187 )
...
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
2018-03-28 09:27:34 -03:00
6e099c5f57
Add EWMA as configurable load balancing algorithm ( #2229 )
2018-03-23 12:06:21 -03:00
0b0a274a9a
fix: cannot set $service_name if use rewrite ( #2220 )
...
$path here is the regular expression formatted nginx location not the origin path in ingress rules. Fix https://github.com/kubernetes/ingress-nginx/issues/2131
2018-03-22 09:43:45 -03:00
b45ee8d85f
Add missing configuration in #2235 ( #2236 )
2018-03-22 08:53:29 -03:00
8575769781
Make proxy_next_upstream_tries configurable ( #2232 )
...
* Make proxy_next_upstream_tries configurable
* Code generation
2018-03-22 08:12:36 -03:00
4f5fa47d27
add proxy header ssl-client-issuer-dn, fix #2178 ( #2235 )
2018-03-22 01:38:47 -03:00
634959fd79
do not hardcode keepalive for upstream_balancer ( #2227 )
2018-03-21 00:42:22 -03:00
08252e2eef
allow ipv6 localhost when enabled ( #2210 )
2018-03-19 13:32:55 -03:00
6b7491f432
Fix dynamic configuration when custom errors are enabled ( #2212 )
2018-03-19 12:55:17 -03:00
de30e53d62
Expose SSL client cert data to external auth provider. ( #2078 )
2018-03-19 09:30:36 -03:00
94deb3a01a
Add configoption to exclude routes from tls upgrading ( #2203 )
...
* Add configoption to exclude routes from tls upgrading
* Add tests for IsLocationInLocationList
* Seperate elements in NoTLSRedirectLocations by comma
* Set NoTLSRedirectLocations to "/.well-known/acme-challenge/" by default
* Remove trailing slash from "/.well-known/acme-challenge" default
2018-03-18 17:44:59 -03:00
5c02d700cb
Allow config to disable geoip ( #2202 )
...
For a offline or private cloud environment, geoip is not needed.
Implementing https://github.com/kubernetes/ingress-nginx/issues/2179
2018-03-18 13:30:05 -03:00
c90a4e811e
Live Nginx (re)configuration without reloading ( #2174 )
2018-03-18 10:13:41 -03:00
Maxime Ginters
Kubernetes Prow Robot
Elvin Efendi
Manuel Alejandro de Brito Fontes
Mathieu Naouache
Pierrick Charron
tals
Jeroen Schutrup
Fernando Diaz
Charle Demers
Gabor Lekeny
Moritz Johner
E. Stuart Hicks
Sebastiaan Tammer
weltschraet
MRoci
okryvoshapka-connyun
Alex Kursell
Gregor Noczinski
Alejandro Pedraza
Mikhail Marchenko
jasongwartz
Jim Zhang
Anthony Ho
Kevin Pullin
Rustam Zagirov
Shai Katz
ramnes
Anish Ramasekar
Zenara Daley
Andre Marianiello
Adnan Baruni
Maximilian Bode
Desmond Ho
Bryan Shelton
Globegitter
Markus Padourek
Alan Bover
Pavel Sinkevych
Vishal Raj
Derek Perkins
Henry Tran
Dario Nieuwenhuis
Tom Reznik
takonomura
dongqi1990
Jason Stangroome
Brian Findlay
Francisco Mejia
Stefan Schwärzler
Dmitry Stolyarov
Paul DeCarlo
Karl Stoney
Lorenzo Fontana
JordanP
Adam Netočný
Nick Novitski
Giancarlo Rubio
Bastian Hofmann
oilbeater
Alvaro Aleman
Sylvain Rabot
Zenara Daley
halfcrazy
maxlaverse
turettn