diff --git a/kong.conf.default b/kong.conf.default index ca742928bb92..dba735b91f91 100644 --- a/kong.conf.default +++ b/kong.conf.default @@ -185,6 +185,36 @@ # `text/html`, `application/json`, and # `application/xml`. +#client_max_body_size = 0 # Defines the maximum request body size allowed + # by requests proxied by Kong, specified in the + # Content-Length request header. If a request + # exceeds this limit, Kong will respond with a + # 413 (Request Entity Too Large). Setting this + # value to 0 disables checking the request body + # size. +# Note: See +# http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size +# for further description of this parameter. Numeric values may be suffixed with +# 'k' or 'm' to denote limits in terms of kilobytes or megabytes. + +#client_body_buffer_size = 8k # Defines the buffer size for reading the + # request body. If the client request body is + # larger than this value, the body will be + # buffered to disk. Note that when the body is + # buffered to disk Kong plugins that access or + # manipulate the request body may not work, so + # it is advisable to set this value as high as + # possible (e.g., set it as high as + # `client_max_body_size` to force request + # bodies to be kept in memory). Do note that + # high-concurrency environments will require + # significant memory allocations to process + # many concurrent large request bodies. +# Note: See +# http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size +# for further description of this parameter. Numeric values may be suffixed with +# 'k' or 'm' to denote limits in terms of kilobytes or megabytes. + #------------------------------------------------------------------------------ # DATASTORE #------------------------------------------------------------------------------ diff --git a/kong/conf_loader.lua b/kong/conf_loader.lua index dfc71191d2e9..0415603e11c0 100644 --- a/kong/conf_loader.lua +++ b/kong/conf_loader.lua @@ -70,6 +70,9 @@ local CONF_INFERENCES = { latency_tokens = {typ = "boolean"}, error_default_type = {enum = {"application/json", "application/xml", "text/html", "text/plain"}}, + client_max_body_size = {typ = "string"}, + client_body_buffer_size = {typ = "string"}, + database = {enum = {"postgres", "cassandra"}}, pg_port = {typ = "number"}, diff --git a/kong/templates/kong_defaults.lua b/kong/templates/kong_defaults.lua index 63b38164dec5..e38b47540cb6 100644 --- a/kong/templates/kong_defaults.lua +++ b/kong/templates/kong_defaults.lua @@ -31,6 +31,8 @@ upstream_keepalive = 60 server_tokens = on latency_tokens = on error_default_type = text/plain +client_max_body_size = 0 +client_body_buffer_size = 8k database = postgres pg_host = 127.0.0.1 diff --git a/kong/templates/nginx_kong.lua b/kong/templates/nginx_kong.lua index 3c0385952ccc..3c3779662c9b 100644 --- a/kong/templates/nginx_kong.lua +++ b/kong/templates/nginx_kong.lua @@ -19,7 +19,7 @@ error_log ${{PROXY_ERROR_LOG}} ${{LOG_LEVEL}}; >-- reset_timedout_connection on; # disabled until benchmarked > end -client_max_body_size 0; +client_max_body_size ${{CLIENT_MAX_BODY_SIZE}}; proxy_ssl_server_name on; underscores_in_headers on; @@ -84,6 +84,7 @@ server { access_log ${{PROXY_ACCESS_LOG}}; error_log ${{PROXY_ERROR_LOG}} ${{LOG_LEVEL}}; + client_body_buffer_size ${{CLIENT_BODY_BUFFER_SIZE}}; > if ssl then listen ${{PROXY_LISTEN_SSL}} ssl; diff --git a/spec/01-unit/03-prefix_handler_spec.lua b/spec/01-unit/03-prefix_handler_spec.lua index 2e3b82202afe..bdb38fa80c57 100644 --- a/spec/01-unit/03-prefix_handler_spec.lua +++ b/spec/01-unit/03-prefix_handler_spec.lua @@ -141,6 +141,30 @@ describe("NGINX conf compiler", function() local nginx_conf = prefix_handler.compile_kong_conf(conf) assert.matches("error_log syslog:server=.+:61828 error;", nginx_conf) end) + it("defines the client_max_body_size by default", function() + local conf = assert(conf_loader(nil, {})) + local nginx_conf = prefix_handler.compile_kong_conf(conf) + assert.matches("client_max_body_size 0", nginx_conf, nil, true) + end) + it("writes the client_max_body_size as defined", function() + local conf = assert(conf_loader(nil, { + client_max_body_size = "1m", + })) + local nginx_conf = prefix_handler.compile_kong_conf(conf) + assert.matches("client_max_body_size 1m", nginx_conf, nil, true) + end) + it("defines the client_body_buffer_size directive by default", function() + local conf = assert(conf_loader(nil, {})) + local nginx_conf = prefix_handler.compile_kong_conf(conf) + assert.matches("client_body_buffer_size 8k", nginx_conf, nil, true) + end) + it("writes the client_body_buffer_size directive as defined", function() + local conf = assert(conf_loader(nil, { + client_body_buffer_size = "128k", + })) + local nginx_conf = prefix_handler.compile_kong_conf(conf) + assert.matches("client_body_buffer_size 128k", nginx_conf, nil, true) + end) end) describe("compile_nginx_conf()", function() diff --git a/spec/fixtures/custom_nginx.template b/spec/fixtures/custom_nginx.template index c845e029d5c5..39f258835390 100644 --- a/spec/fixtures/custom_nginx.template +++ b/spec/fixtures/custom_nginx.template @@ -29,7 +29,7 @@ http { >-- reset_timedout_connection on; # disabled until benchmarked > end - client_max_body_size 0; + client_max_body_size ${{CLIENT_MAX_BODY_SIZE}}; proxy_ssl_server_name on; underscores_in_headers on; @@ -92,6 +92,8 @@ http { access_log logs/access.log; + client_body_buffer_size ${{CLIENT_BODY_BUFFER_SIZE}}; + > if ssl then listen ${{PROXY_LISTEN_SSL}} ssl; ssl_certificate ${{SSL_CERT}};