Skip to content

Commit

Permalink
Merge pull request #3780 from arturxx8/master
Browse files Browse the repository at this point in the history
Enable access log for default backend
  • Loading branch information
k8s-ci-robot authored Feb 26, 2019
2 parents 2fcbcbc + 8b3702c commit ec63281
Show file tree
Hide file tree
Showing 5 changed files with 119 additions and 71 deletions.
5 changes: 5 additions & 0 deletions docs/user-guide/nginx-configuration/configmap.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ The following table shows a configuration option's name, type, and the default v
|[hide-headers](#hide-headers)|string array|empty|
|[access-log-params](#access-log-params)|string|""|
|[access-log-path](#access-log-path)|string|"/var/log/nginx/access.log"|
|[enable-access-log-for-default-backend](#enable-access-log-for-default-backend)|bool|"false"|
|[error-log-path](#error-log-path)|string|"/var/log/nginx/error.log"|
|[enable-dynamic-tls-records](#enable-dynamic-tls-records)|bool|"true"|
|[enable-modsecurity](#enable-modsecurity)|bool|"false"|
Expand Down Expand Up @@ -184,6 +185,10 @@ Access log path. Goes to `/var/log/nginx/access.log` by default.

__Note:__ the file `/var/log/nginx/access.log` is a symlink to `/dev/stdout`

## enable-access-log-for-default-backend

Enables logging access to default backend. _**default:**_ is disabled.

## error-log-path

Error log path. Goes to `/var/log/nginx/error.log` by default.
Expand Down
147 changes: 76 additions & 71 deletions internal/ingress/controller/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,10 @@ type Configuration struct {
// By default it's empty
AccessLogParams string `json:"access-log-params,omitempty"`

// EnableAccessLogForDefaultBackend enable access_log for default backend
// By default this is disabled
EnableAccessLogForDefaultBackend bool `json:"enable-access-log-for-default-backend"`

// AccessLogPath sets the path of the access logs if enabled
// http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
// By default access logs go to /var/log/nginx/access.log
Expand Down Expand Up @@ -595,77 +599,78 @@ func NewDefault() Configuration {
defProxyDeadlineDuration := time.Duration(5) * time.Second

cfg := Configuration{
AllowBackendServerHeader: false,
AccessLogPath: "/var/log/nginx/access.log",
AccessLogParams: "",
WorkerCPUAffinity: "",
ErrorLogPath: "/var/log/nginx/error.log",
BlockCIDRs: defBlockEntity,
BlockUserAgents: defBlockEntity,
BlockReferers: defBlockEntity,
BrotliLevel: 4,
BrotliTypes: brotliTypes,
ClientHeaderBufferSize: "1k",
ClientHeaderTimeout: 60,
ClientBodyBufferSize: "8k",
ClientBodyTimeout: 60,
EnableDynamicTLSRecords: true,
EnableUnderscoresInHeaders: false,
ErrorLogLevel: errorLevel,
UseForwardedHeaders: false,
ForwardedForHeader: "X-Forwarded-For",
ComputeFullForwardedFor: false,
ProxyAddOriginalURIHeader: true,
GenerateRequestID: true,
HTTP2MaxFieldSize: "4k",
HTTP2MaxHeaderSize: "16k",
HTTP2MaxRequests: 1000,
HTTPRedirectCode: 308,
HSTS: true,
HSTSIncludeSubdomains: true,
HSTSMaxAge: hstsMaxAge,
HSTSPreload: false,
IgnoreInvalidHeaders: true,
GzipLevel: 5,
GzipTypes: gzipTypes,
KeepAlive: 75,
KeepAliveRequests: 100,
LargeClientHeaderBuffers: "4 8k",
LogFormatEscapeJSON: false,
LogFormatStream: logFormatStream,
LogFormatUpstream: logFormatUpstream,
EnableMultiAccept: true,
MaxWorkerConnections: 16384,
MaxWorkerOpenFiles: 0,
MapHashBucketSize: 64,
NginxStatusIpv4Whitelist: defNginxStatusIpv4Whitelist,
NginxStatusIpv6Whitelist: defNginxStatusIpv6Whitelist,
ProxyRealIPCIDR: defIPCIDR,
ProxyProtocolHeaderTimeout: defProxyDeadlineDuration,
ServerNameHashMaxSize: 1024,
ProxyHeadersHashMaxSize: 512,
ProxyHeadersHashBucketSize: 64,
ProxyStreamResponses: 1,
ReusePort: true,
ShowServerTokens: true,
SSLBufferSize: sslBufferSize,
SSLCiphers: sslCiphers,
SSLECDHCurve: "auto",
SSLProtocols: sslProtocols,
SSLSessionCache: true,
SSLSessionCacheSize: sslSessionCacheSize,
SSLSessionTickets: true,
SSLSessionTimeout: sslSessionTimeout,
EnableBrotli: false,
UseGzip: true,
UseGeoIP: true,
UseGeoIP2: false,
WorkerProcesses: strconv.Itoa(runtime.NumCPU()),
WorkerShutdownTimeout: "10s",
VariablesHashBucketSize: 128,
VariablesHashMaxSize: 2048,
UseHTTP2: true,
ProxyStreamTimeout: "600s",
AllowBackendServerHeader: false,
AccessLogPath: "/var/log/nginx/access.log",
AccessLogParams: "",
EnableAccessLogForDefaultBackend: false,
WorkerCPUAffinity: "",
ErrorLogPath: "/var/log/nginx/error.log",
BlockCIDRs: defBlockEntity,
BlockUserAgents: defBlockEntity,
BlockReferers: defBlockEntity,
BrotliLevel: 4,
BrotliTypes: brotliTypes,
ClientHeaderBufferSize: "1k",
ClientHeaderTimeout: 60,
ClientBodyBufferSize: "8k",
ClientBodyTimeout: 60,
EnableDynamicTLSRecords: true,
EnableUnderscoresInHeaders: false,
ErrorLogLevel: errorLevel,
UseForwardedHeaders: false,
ForwardedForHeader: "X-Forwarded-For",
ComputeFullForwardedFor: false,
ProxyAddOriginalURIHeader: true,
GenerateRequestID: true,
HTTP2MaxFieldSize: "4k",
HTTP2MaxHeaderSize: "16k",
HTTP2MaxRequests: 1000,
HTTPRedirectCode: 308,
HSTS: true,
HSTSIncludeSubdomains: true,
HSTSMaxAge: hstsMaxAge,
HSTSPreload: false,
IgnoreInvalidHeaders: true,
GzipLevel: 5,
GzipTypes: gzipTypes,
KeepAlive: 75,
KeepAliveRequests: 100,
LargeClientHeaderBuffers: "4 8k",
LogFormatEscapeJSON: false,
LogFormatStream: logFormatStream,
LogFormatUpstream: logFormatUpstream,
EnableMultiAccept: true,
MaxWorkerConnections: 16384,
MaxWorkerOpenFiles: 0,
MapHashBucketSize: 64,
NginxStatusIpv4Whitelist: defNginxStatusIpv4Whitelist,
NginxStatusIpv6Whitelist: defNginxStatusIpv6Whitelist,
ProxyRealIPCIDR: defIPCIDR,
ProxyProtocolHeaderTimeout: defProxyDeadlineDuration,
ServerNameHashMaxSize: 1024,
ProxyHeadersHashMaxSize: 512,
ProxyHeadersHashBucketSize: 64,
ProxyStreamResponses: 1,
ReusePort: true,
ShowServerTokens: true,
SSLBufferSize: sslBufferSize,
SSLCiphers: sslCiphers,
SSLECDHCurve: "auto",
SSLProtocols: sslProtocols,
SSLSessionCache: true,
SSLSessionCacheSize: sslSessionCacheSize,
SSLSessionTickets: true,
SSLSessionTimeout: sslSessionTimeout,
EnableBrotli: false,
UseGzip: true,
UseGeoIP: true,
UseGeoIP2: false,
WorkerProcesses: strconv.Itoa(runtime.NumCPU()),
WorkerShutdownTimeout: "10s",
VariablesHashBucketSize: 128,
VariablesHashMaxSize: 2048,
UseHTTP2: true,
ProxyStreamTimeout: "600s",
Backend: defaults.Backend{
ProxyBodySize: bodySize,
ProxyConnectTimeout: 5,
Expand Down
5 changes: 5 additions & 0 deletions internal/ingress/controller/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package controller

import (
"fmt"
"k8s.io/ingress-nginx/internal/ingress/annotations/log"
"sort"
"strconv"
"strings"
Expand Down Expand Up @@ -928,6 +929,10 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
Backend: du.Name,
Proxy: ngxProxy,
Service: du.Service,
Logs: log.Config{
Access: n.store.GetBackendConfiguration().EnableAccessLogForDefaultBackend,
Rewrite: false,
},
},
}}

Expand Down
2 changes: 2 additions & 0 deletions rootfs/etc/nginx/template/nginx.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -615,6 +615,8 @@ http {
{{ if $IsIPV6Enabled }}listen [::]:{{ $all.ListenPorts.Default }} default_server {{ if $all.Cfg.ReusePort }}reuseport{{ end }} backlog={{ $all.BacklogSize }};{{ end }}
set $proxy_upstream_name "internal";

access_log off;

location / {
return 404;
}
Expand Down
31 changes: 31 additions & 0 deletions test/e2e/defaultbackend/default_backend.go
Original file line number Diff line number Diff line change
Expand Up @@ -98,4 +98,35 @@ var _ = framework.IngressNginxDescribe("Default backend", func() {
Expect(resp.StatusCode).Should(Equal(test.Status))
}
})
It("enables access logging for default backend", func() {
f.UpdateNginxConfigMapData("enable-access-log-for-default-backend", "true")
host := "foo"
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)+"/somethingOne").
Set("Host", host).
End()

Expect(len(errs)).Should(Equal(0))
Expect(resp.StatusCode).Should(Equal(http.StatusNotFound))

logs, err := f.NginxLogs()
Expect(err).ToNot(HaveOccurred())
Expect(logs).To(ContainSubstring("/somethingOne"))
})

It("disables access logging for default backend", func() {
f.UpdateNginxConfigMapData("enable-access-log-for-default-backend", "false")
host := "bar"
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)+"/somethingTwo").
Set("Host", host).
End()

Expect(len(errs)).Should(Equal(0))
Expect(resp.StatusCode).Should(Equal(http.StatusNotFound))

logs, err := f.NginxLogs()
Expect(err).ToNot(HaveOccurred())
Expect(logs).ToNot(ContainSubstring("/somethingTwo"))
})
})

0 comments on commit ec63281

Please sign in to comment.