254629cf16
Added support for annotation `session-cookie-change-on-failure`
...
1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`).
2. Added tests to check both cases.
3. Updated docs.
Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com>
2019-05-27 13:00:07 +03:00
c4597522bf
Refactor whitelist from map to standard allow directives
2019-05-27 04:55:38 -04:00
0e9e40a60b
use nkeys for counting lua table elements
2019-05-26 18:15:15 -04:00
dc7fa885a2
log info when endpoints change for a balancer
2019-05-25 23:50:18 -04:00
abca32ba8e
reduce memory footprint and cpu usage when modsecurity and owasp rules are enabled globally
2019-05-18 19:08:30 +02:00
8b7f069b56
load modsecurity.conf on ModSecurity.Enable
2019-05-13 17:39:06 +02:00
8cc9afe8ee
Added Global External Authentication settings to configmap parameters incl. addons
2019-05-03 12:08:16 +02:00
34734edc6e
Merge pull request #4005 from Shopify/proxy-next-upstream-timeout
...
Support proxy_next_upstream_timeout
2019-04-15 09:10:09 -07:00
ffeb1fe348
Support proxy_next_upstream_timeout
2019-04-15 11:08:57 -04:00
6b6610dabe
Merge pull request #4000 from ElvinEfendi/dynamic-ssl-improvements
...
Dynamic ssl improvements
2019-04-13 14:38:00 -07:00
2f3cf1a6c0
do not create empty access_by_lua_block
2019-04-13 16:11:46 -04:00
93f00b2143
fix luacheck warning
2019-04-13 15:26:48 -04:00
45add6cb7d
better certificate lua unit tests
2019-04-13 14:01:44 -04:00
42c207c548
handle default certificate correctly in Lua
2019-04-13 12:32:06 -04:00
f067712824
better logging in certificate.lua
2019-04-13 12:32:06 -04:00
8f81538b0d
lua plugin system
2019-04-04 09:25:22 -04:00
87e962682f
properly parse x-forwarded-host
2019-03-31 15:10:45 -04:00
496ff07bf1
replace some of the Nginx configuration to Lua code
2019-03-31 12:04:52 -04:00
1bef3e75b2
Set `X-Request-ID` for the `default-backend`, too.
2019-03-22 11:33:11 +01:00
6c1a7f1efd
Add support for IPV6 resolvers
2019-03-21 11:23:47 -03:00
a3c87cf9cb
Properly set ing.Service when there are multiple rules with different hosts using the same path
...
Fixes #3611
Signed-off-by: Alejandro Pedraza <alejandro.pedraza@gmail.com>
2019-03-07 06:06:24 -05:00
d3ac73be79
Remove session-cookie-hash annotation
2019-03-04 10:34:48 -05:00
8b3702c829
Enable access log for default backend
...
disable log on default_server
2019-02-26 11:14:31 +03:00
c96eae3015
Add /dbg certs command
2019-02-25 11:38:07 -05:00
3865e30a00
Changes CustomHTTPErrors annotation to use custom default backend
...
Updates e2e test
Removes focus from e2e test
Fixes renamed function
Adds tests for new template funcs
Addresses gofmt
Updates e2e test, fixes custom-default-backend test by creating service
Updates docs
2019-02-24 22:48:56 +01:00
7b2495047f
Merge pull request #3781 from zoumo/proxy-buffer-number
...
feat: configurable proxy buffers number
2019-02-22 12:11:46 -08:00
dc63e5d185
fix: rename proxy-buffer-number to proxy-buffers-number
2019-02-22 10:21:17 +08:00
8b6e4d4697
Use UsePortInRedirects only if enabled
2019-02-21 17:48:45 -03:00
c92d29d462
feat: configurable proxy buffer number
2019-02-20 18:05:09 +08:00
15d5ef95ef
Merge pull request #3740 from Shopify/session-annotation-reload
...
Fix ingress updating for session-cookie-* annotation changes
2019-02-19 15:14:21 -08:00
c180a0998b
Fix session-cookie-* annotation reloading
2019-02-19 17:27:08 -05:00
ec04852526
Create custom annotation for satisfy "value"
2019-02-19 15:58:35 -05:00
201718ec0f
Merge pull request #3775 from kppullin/fix-l4-dns-resolve-failures
...
Fix DNS lookup failures in L4 services
2019-02-19 11:11:48 -08:00
f6aded2c51
Fix DNS failures in L4 services
2019-02-17 14:12:10 -08:00
908a2ae506
Merge pull request #3764 from ElvinEfendi/cleanup-confusing-attribute
...
delete confusing CustomErrors attribute to make things more explicit
2019-02-14 03:26:21 -08:00
adc128711b
delete confusing CustomErrors attribute to make things more explicit
2019-02-13 22:41:02 -05:00
c8d30755a9
Merge pull request #3748 from aledbf/update-image
...
Update nginx image
2019-02-13 15:14:08 -08:00
d9845c79c5
Merge pull request #3671 from moonming/randomseed-bugfix
...
bugfix: fixed duplicated seeds.
2019-02-10 11:33:42 -08:00
7dc17a603d
Update nginx image
2019-02-09 18:53:31 -03:00
17e788b8e1
Merge pull request #3684 from aledbf/health
...
Replace Status port using a socket
2019-02-06 13:49:08 -08:00
34b0580225
Replace Status port using a socket
2019-02-06 18:00:10 -03:00
018a1e4d94
respond with 503 when there are no endpoints
...
* related to:
* https://github.com/kubernetes/ingress-nginx/issues/3070
* https://github.com/kubernetes/ingress-nginx/issues/3335
* add a 503 test
* test a service that starts out empty
(a.k.a. ingress-nginx controller (re-)start)
* test scaling up (should route traffic accordingly)
* test scaling down to empty service
* use custom deployments for scaling test.
* provide a fix by updating the lua table (cache) of the configured backends
to unset the backend if there are no endpoints available.
2019-02-03 11:43:47 +01:00
d4d25f6fb4
Merge pull request #3619 from minherz/add-canary-header-by-value
...
add header-value annotation
2019-02-01 14:45:54 -08:00
57440c9464
fix issue with failing e2e tests
2019-02-01 22:11:09 +02:00
eddbcc7f3a
Merge pull request #3673 from moonming/table-new
...
used table functions of LuaJIT for better performance.
2019-02-01 08:40:34 -08:00
de2a1ece6d
add header-value annotation
...
add new annotation (header-value)
parse it and propogate to lua script
alter balancer rule to include it into the canary routing logic
add e2e test to validate fallback for canary-by-header-value
add description of canary-by-header-value to documentation
2019-01-30 23:23:44 +02:00
5dee6af957
add params for access log
2019-01-26 21:42:11 +03:00
8ea7501d8b
added more error info and keep test cases.
2019-01-21 17:32:18 +08:00
a36961f9f9
used table functions of LuaJIT for better performance.
2019-01-19 11:16:31 +08:00
1d37e83a18
used cjson.safe instead of pcall.
2019-01-18 23:12:22 +08:00
c782f22c5d
fixed test case for math.randomseed.
2019-01-18 10:08:33 +08:00
011062967a
bugfix: fixed duplicated seeds.
...
ngx.time() + ngx.worker.pid() maybe get duplicated seeds. get from /dev/urandom first.
2019-01-18 00:21:25 +08:00
1db9c91af4
Merge pull request #3363 from skeeey/master
...
Document for cookie expires annotation
2019-01-14 07:52:28 -08:00
39dd0c50da
Remove stickyness cookie domain from Lua balancer to match old behavior ( #3648 )
2019-01-11 22:24:45 -03:00
7aa5834948
add cookie expires document and fix a flaw for session-cookie-expires
2019-01-11 15:35:39 +08:00
61bca89d13
Merge pull request #3637 from aledbf/fix-redirect
...
Add support for redirect https to https (from-to-www-redirect)
2019-01-10 19:58:35 -08:00
a3bcbeb3d2
Add support for redirect https to https when from-to-www-redirect is defined
2019-01-10 20:59:49 -03:00
916b6a06d2
Empty access_by_lua_block breaks satisfy any
2019-01-10 10:27:23 -03:00
edd87fbae3
add limit connection status code
...
add default conn status code
add missing colon
add limit connection status code
2019-01-09 19:31:10 +02:00
ba7b542d78
canary by cookie should support hypen in cookie name
2019-01-08 13:15:02 -05:00
60b983503b
Consistent hashing to a subset of nodes. It works like consistent hash,
...
but instead of mapping to a single node, we map to a subset of nodes.
2019-01-03 01:32:52 -03:00
71cc6df74f
Merge pull request #3174 from Shopify/rewrite-regex
...
Generalize Rewrite Block Creation and Deprecate AddBaseUrl (not backwards compatible)
2019-01-02 12:30:18 -08:00
a73dac2c0b
Fix proxy_host variable configuration
2019-01-02 15:31:27 -03:00
bf7b5ebd81
Add an option to automatically set worker_connections based on worker_rlimit_nofile
2018-12-27 18:36:19 +01:00
382049a0bf
Adds support for HTTP2 Push Preload annotation
...
update test for backendprotocols
Adds support for HTTP2 Push Preload annotation
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
Adds support for HTTP2 Push Preload annotation
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
Adds support for HTTP2 Push Preload annotation
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
Adds support for HTTP2 Push Preload annotation
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
Adds support for HTTP2 Push Preload annotation
Adds support for HTTP2 Push Preload annotation
2018-12-24 17:13:25 -02:00
4896b064ca
lua randomseed per worker
2018-12-20 17:09:29 +04:00
ee3a8fe581
Merge pull request #3505 from Shopify/watch-pod-lua
...
Update lua configuration_data when number of controller pod change
2018-12-17 00:10:30 -08:00
f90881b367
Update lua configuration_data when number of controller pod change
2018-12-14 13:34:54 -05:00
67654a6fd5
Generalize Rewrite Block Creation
2018-12-13 13:02:05 -05:00
ff8bfb6a86
Fix --enable-dynamic-certificates for nested subdomain
2018-12-12 09:16:39 -05:00
41700044ad
Replace dockerfile entrypoint
2018-12-07 14:00:55 -03:00
da32401c66
Merge pull request #3509 from fabiant7t/master
...
[1759] Ingress affinity session cookie with Secure flag for HTTPS
2018-12-06 01:18:24 -08:00
f03c8a8544
testing that a secure cookie gets set when being in ssl mode
...
Signed-off-by: Fabian Topfstedt <topfstedt@schneevonmorgen.com>
2018-12-06 09:08:25 +01:00
6c46adf2b7
reverted changing $https globally in the unit tests
...
Signed-off-by: Fabian Topfstedt <topfstedt@schneevonmorgen.com>
2018-12-06 09:01:08 +01:00
06d33c16b5
Allow to disable NGINX metrics
2018-12-05 10:14:35 -03:00
1e31767b51
[1759] Ingress affinity session cookie with Secure flag for HTTPS
...
Signed-off-by: Fabian Topfstedt <topfstedt@schneevonmorgen.com>
2018-12-04 10:51:52 +01:00
a4bad90f1f
fix an ewma unit test
2018-12-03 15:56:58 +04:00
4eabd535f9
be consistent with what Nginx supports
2018-12-02 22:20:56 +04:00
b80b19902a
Use opentracing_grpc_propagate_context when necessary
2018-12-01 16:31:10 -05:00
7ae2583ff9
dynamic certificate mode should support widlcard hosts
2018-11-29 15:41:34 +04:00
c4d6e8f55d
Fix nginx directory permissions
2018-11-27 23:05:18 -03:00
c03ac375ef
test for ewma:after_balance function
2018-11-26 17:20:26 +04:00
f81f06151d
store ewma stats per backend
2018-11-26 16:59:26 +04:00
8aac340203
Merge pull request #3453 from Shopify/monitor-fixes
...
Monitor fixes
2018-11-21 09:28:24 -08:00
d8b928f501
remove already unused endpoint metric
2018-11-21 20:05:44 +04:00
068d633e81
fix Status key conflic, fixes https://github.com/kubernetes/ingress-nginx/issues/3451
2018-11-21 20:03:15 +04:00
35b8023dc8
Match body buffer to max upload size
2018-11-20 15:06:03 -03:00
2b109b360b
Only set cookies on paths that enable session affinity
2018-11-19 11:42:12 -05:00
82721e575d
Merge pull request #3372 from Shopify/session-cookie-path
...
Add annotation for session affinity path
2018-11-19 07:25:32 -08:00
50b29feb4a
Add annotation for session affinity path
2018-11-19 09:15:24 -05:00
bf7ad0daca
Merge pull request #3374 from aledbf/restore-tcp-udp
...
Revert removal of support for TCP and UDP services
2018-11-18 08:33:29 -08:00
af2dce901d
Fix tests
2018-11-18 08:17:18 -03:00
34598e71e0
Merge pull request #3428 from aledbf/set-variables
...
Set proxy_host variable to avoid using default value from proxy_pass
2018-11-18 02:17:49 -08:00
442b01e5e8
Merge pull request #3400 from diazjf/more-modsecurity
...
Add Snippet for ModSecurity
2018-11-17 03:35:53 -08:00
654eceda46
Add tcp e2e test
2018-11-16 21:07:52 -03:00
a2d50c2cd6
Set proxy_host variable to avoid using default value from proxy_pass
2018-11-16 14:55:53 -03:00
168f30d1ec
Revert removal of support for TCP and UDP services
2018-11-16 13:48:47 -03:00
95b3042b6e
Add a Snippet for ModSecurity
...
Allows for the configuration of Mod Security rules via
a Snippet.
2018-11-14 23:31:27 -06:00
20b095f444
Fix X-Forwarded-Proto typo
2018-11-14 10:19:31 -05:00
a22c656f30
Merge pull request #3409 from Shopify/client-max-body-size
...
Convert isValidClientBodyBufferSize to something more generic
2018-11-13 08:36:06 -08:00
0f3e2b9bf0
Convert isValidClientBodyBufferSize to something more generic and use it for client_max_body_size
2018-11-13 10:11:40 -05:00
764740a09a
be more defensive when deciding alternative balancer
2018-11-13 16:03:26 +04:00
41c925f390
bugfix: set canary attributes when initializing balancer
2018-11-13 15:44:57 +04:00
e1720d62f4
Prevent X-Forwarded-Proto forward during external auth subrequest
2018-11-12 09:13:48 -05:00
5195600841
Allows ModSecurity to be configured per location
...
The following annotations will be added:
- enable-modsecurity
- enable-owasp-core-rules
- modsecurity-transaction-id
Fixes #3167
2018-11-06 22:24:31 -06:00
17cad51e47
Merge pull request #3341 from Shopify/canary_upstream
...
Add canary annotation and alternative backends for traffic shaping
2018-11-06 12:22:16 -08:00
412cd70d3a
implement canary annotation and alternative backends
...
Adds the ability to create alternative backends. Alternative backends enable
traffic shaping by sharing a single location but routing to different
backends depending on the TrafficShapingPolicy defined by AlternativeBackends.
When the list of upstreams and servers are retrieved, we then call
mergeAlternativeBackends which iterates through the paths of every ingress
and checks if the backend supporting the path is a AlternativeBackend. If
so, we then iterate through the map of servers and find the real backend
that the AlternativeBackend should fall under. Once found, the
AlternativeBackend is embedded in the list of VirtualBackends for the real
backend.
If no matching real backend for a AlternativeBackend is found, then the
AlternativeBackend is deleted as it cannot be backed by any server.
2018-11-06 13:13:14 -05:00
265f96bf14
Merge pull request #3344 from ecosia/jg-customerrors-per-ingress
...
Adds CustomHTTPErrors ingress annotation and test
2018-11-06 09:21:49 -08:00
0ebf0354cb
Adds CustomHTTPErrors ingress annotation and test
...
Adds per-server/location error-catch functionality to nginx template
Adds documentation
Reduces template duplication with helper function for CUSTOM_ERRORS data
Updates documentation
Adds e2e test for customerrors
Removes AllCustomHTTPErrors, replaces with template function with deduplication and adds e2e test of deduplication
Fixes copy-paste error in test, adds additional test cases
Reverts noop change in controller.go (unused now)
2018-11-06 16:47:52 +01:00
08d5ffabbf
Merge pull request #3367 from aledbf/503-restart
...
Remove reloads when there is no endpoints
2018-11-06 06:39:04 -08:00
3838145a8c
Remove reloads when there is no endpoints
2018-11-06 09:26:04 -03:00
b511333130
add support for auth-snippet annotation
...
add test for new auth-snippet annotation
document auth-snippet annotation
add e2e test for auth-snippet annotation
add log warning and update documentation
2018-11-05 16:02:29 -06:00
3477df4c12
pass static-check
2018-11-02 17:17:29 +08:00
c74e59fa4c
Use second as cookie expires unit
2018-11-02 17:05:38 +08:00
ce6e564f82
merge from master
2018-11-02 13:13:24 +08:00
36aceded32
Avoid reloads when endpoints are not available
2018-11-01 10:00:49 -03:00
71ebe1cba5
Code linting
2018-10-30 20:46:48 -03:00
9e639f9788
fix sticky session implementation
2018-10-30 16:23:08 +04:00
38279366a5
add e2e test for cookie annotations
2018-10-30 19:27:21 +08:00
c27c57dc8b
Add configuration for geoip2 module
...
Based on closed PRs #2551 , #2755
2018-10-29 21:25:23 +01:00
7de718f359
pass code static-check
2018-10-29 15:39:43 +08:00
ad57c76b73
Support cookie expires
2018-10-29 15:21:10 +08:00
3cbfd63992
Refactor EWMA to not use shared dictionaries
2018-10-25 22:33:42 +04:00
063f652711
Merge pull request #3187 from DesmondHoLLM/feature/annotations-resty-lua
...
UPT: annotation enhancement for resty-lua-waf
2018-10-25 00:06:03 -07:00
bf03046a80
UPT: updated e2e test and default true for process-multipart-body annotation
2018-10-25 14:17:38 +08:00
5cc116fa10
fix bug with balancer.lua configuration
2018-10-24 22:42:40 +04:00
bab521e81a
UPT: align waf options
2018-10-20 12:46:39 +08:00
04a89ce234
UPT: annotation enhancement for resty-lua-waf
2018-10-20 12:09:38 +08:00
12955a4a1b
Allow Ability to Configure Upstream Keepalive
...
Allows Upstream Keepalive values like keepalive_timeout and
keepalive_requests to be configured via ConfigMap.
Fixes #3099
2018-10-11 20:46:42 -05:00
3edf11b85f
Merge pull request #3198 from aledbf/only-dynamic
...
Only support dynamic configuration
2018-10-10 05:07:34 -07:00
74c2f93de6
Only support dynamic configuration
2018-10-09 22:05:45 -03:00
f56ab42cd2
Merge pull request #3194 from bshelton229/literal-dollar-character
...
Make literal $ character work in set $location_path
2018-10-09 15:52:39 -07:00
3686e4f366
Move escapeLocationPathVar to escapeLiteralDollar
2018-10-09 12:58:50 -07:00
78f12c25c5
delete upstream healthcheck annotation
2018-10-09 09:14:13 -04:00
3cf00b2fd8
Merge pull request #3197 from aledbf/remove-tcp-udp
...
Remove support for TCP and UDP services
2018-10-08 07:19:39 -07:00
182767b06b
Merge pull request #3170 from Globegitter/move-mainsnippet
...
Move mainSnippet before events to fix load_module issue.
2018-10-08 06:22:25 -07:00
3dc131bd57
Make literal $ character work in set $location_path
2018-10-07 12:58:39 -07:00
44bdc7eb59
Remove support for TCP and UDP services
2018-10-07 10:53:37 -03:00
b46523a1f4
Merge pull request #3149 from diazjf/proxy-e2e-tests
...
Add e2e Tests for Proxy Annotations
2018-10-05 05:15:09 -07:00
8848c1864a
Move mainSnippet before events.
2018-10-02 15:24:44 +02:00
e5dca9353e
Remove Unneeded Quotes from Nginx Directives
...
Removes quotes from nginx directives which my cause issues with
their functionality
Fixes #3152
2018-10-01 16:10:33 -05:00
d9f58144eb
Merge pull request #3145 from Shopify/regex-modifier
...
Add "use-regex" Annotation to Toggle Regular Expression Location Modifier
2018-10-01 11:31:43 -07:00
f29bdc3e8d
Add 'use regex' annotation to toggle nginx regex location modifier
2018-10-01 13:54:11 -04:00
bf4be49c02
Fix incorrect .DisableLua access. ( #3144 )
...
* Fix incorrect .DisableLua access.
* Address comment.
2018-09-26 14:05:05 -03:00
a2ccd1f224
Fix usage for $all.
2018-09-26 16:38:16 +02:00
fe219db231
Ensure monitoring for custom error pages
...
Fixes #3140
2018-09-26 16:26:38 +02:00
b3a22f7fc0
do not require --default-backend-service
2018-09-25 21:14:28 -04:00
1e72774609
Docker run as user
2018-09-25 20:42:26 -03:00
3f29e436f3
Update nginx image
2018-09-25 18:35:01 -03:00
c4a562dded
Merge pull request #3130 from alanbover/fix/newlines_location_denied
...
fix newlines location denied
2018-09-25 07:04:50 -07:00
Eugene Fedunin
Manuel Alejandro de Brito Fontes
Elvin Efendi
weltschraet
MRoci
okryvoshapka-connyun
Kubernetes Prow Robot
Alex Kursell
Gregor Noczinski
Alejandro Pedraza
Mikhail Marchenko
jasongwartz
Jim Zhang
Anthony Ho
Kevin Pullin
Tim Reddehase
minherz
Rustam Zagirov
WenMing
Maximilian Gaß
liuwei
Shai Katz
Diego Woitasen
ramnes
Anish Ramasekar
Maxime Ginters
Zenara Daley
Fabian Topfstedt
Andre Marianiello
Fernando Diaz
Conor Landry
Adnan Baruni
Maximilian Bode
Henry Tran
Desmond Ho
Bryan Shelton
Globegitter
Markus Padourek