Skip to content

Commit

Permalink
Allow default_server listeners to be customised (#4464)
Browse files Browse the repository at this point in the history
  • Loading branch information
shaun-nx authored Oct 12, 2023
1 parent 801746a commit aad4fc9
Show file tree
Hide file tree
Showing 15 changed files with 450 additions and 16 deletions.
2 changes: 2 additions & 0 deletions charts/nginx-ingress/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -452,6 +452,8 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
|`controller.podDisruptionBudget.maxUnavailable` | The number of Ingress Controller pods that can be unavailable. This is a mutually exclusive setting with "minAvailable". | 0 |
|`controller.strategy` | Specifies the strategy used to replace old Pods with new ones. Docs for [Deployment update strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) and [Daemonset update strategy](https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy) | {} |
|`controller.disableIPV6` | Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack. | false |
|`controller.defaultHTTPListenerPort` | Sets the port for the HTTP `default_server` listener. | 80 |
|`controller.defaultHTTPSListenerPort` | Sets the port for the HTTPS `default_server` listener. | 443 |
|`controller.readOnlyRootFilesystem` | Configure root filesystem as read-only and add volumes for temporary data. | false |
|`rbac.create` | Configures RBAC. | true |
|`prometheus.create` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | true |
Expand Down
2 changes: 2 additions & 0 deletions charts/nginx-ingress/templates/controller-daemonset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,8 @@ spec:
- -enable-cert-manager={{ .Values.controller.enableCertManager }}
- -enable-oidc={{ .Values.controller.enableOIDC }}
- -enable-external-dns={{ .Values.controller.enableExternalDNS }}
- -default-http-listener-port={{ .Values.controller.defaultHTTPListenerPort}}
- -default-https-listener-port={{ .Values.controller.defaultHTTPSListenerPort}}
{{- if .Values.controller.globalConfiguration.create }}
- -global-configuration=$(POD_NAMESPACE)/{{ include "nginx-ingress.controller.fullname" . }}
{{- end }}
Expand Down
2 changes: 2 additions & 0 deletions charts/nginx-ingress/templates/controller-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,8 @@ spec:
- -enable-cert-manager={{ .Values.controller.enableCertManager }}
- -enable-oidc={{ .Values.controller.enableOIDC }}
- -enable-external-dns={{ .Values.controller.enableExternalDNS }}
- -default-http-listener-port={{ .Values.controller.defaultHTTPListenerPort}}
- -default-https-listener-port={{ .Values.controller.defaultHTTPSListenerPort}}
{{- if .Values.controller.globalConfiguration.create }}
- -global-configuration=$(POD_NAMESPACE)/{{ include "nginx-ingress.controller.fullname" . }}
{{- end }}
Expand Down
20 changes: 20 additions & 0 deletions charts/nginx-ingress/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -1262,6 +1262,22 @@
false
]
},
"defaultHTTPListenerPort": {
"type": "integer",
"default": 80,
"title": "The defaultHTTPListenerPort",
"examples": [
80
]
},
"defaultHTTPSListenerPort": {
"type": "integer",
"default": 443,
"title": "The defaultHTTPSListenerPort",
"examples": [
443
]
},
"readOnlyRootFilesystem": {
"type": "boolean",
"default": false,
Expand Down Expand Up @@ -1411,6 +1427,8 @@
},
"enableLatencyMetrics": false,
"disableIPV6": false,
"defaultHTTPListenerPort": 80,
"defaultHTTPSListenerPort": 443,
"readOnlyRootFilesystem": false
}
]
Expand Down Expand Up @@ -1776,6 +1794,8 @@
},
"enableLatencyMetrics": false,
"disableIPV6": false,
"defaultHTTPListenerPort": 80,
"defaultHTTPSListenerPort": 443,
"readOnlyRootFilesystem": false
},
"rbac": {
Expand Down
6 changes: 6 additions & 0 deletions charts/nginx-ingress/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -443,6 +443,12 @@ controller:
## Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack.
disableIPV6: false

## Sets the port for the HTTP `default_server` listener.
defaultHTTPListenerPort: 80

## Sets the port for the HTTPS `default_server` listener.
defaultHTTPSListenerPort: 443

## Configure root filesystem as read-only and add volumes for temporary data.
readOnlyRootFilesystem: false

Expand Down
4 changes: 4 additions & 0 deletions cmd/nginx-ingress/flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,10 @@ var (
disableIPV6 = flag.Bool("disable-ipv6", false,
`Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack`)

defaultHTTPListenerPort = flag.Int("default-http-listener-port", 80, "Sets a custom port for the HTTP NGINX `default_server`. [1024 - 65535]")

defaultHTTPSListenerPort = flag.Int("default-https-listener-port", 443, "Sets a custom port for the HTTPS `default_server`. [1024 - 65535]")

startupCheckFn func() error
)

Expand Down
2 changes: 2 additions & 0 deletions cmd/nginx-ingress/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,8 @@ func main() {

staticCfgParams := &configs.StaticConfigParams{
DisableIPV6: *disableIPV6,
DefaultHTTPListenerPort: *defaultHTTPListenerPort,
DefaultHTTPSListenerPort: *defaultHTTPSListenerPort,
HealthStatus: *healthStatus,
HealthStatusURI: *healthStatusURI,
NginxStatus: *nginxStatus,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -508,3 +508,19 @@ Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack.
Default `false`.
 
<a name="cmdoption-disable-ipv6"></a>

### -default-http-listener-port

Sets the port for the HTTP `default_server` listener.

Default `80`.
&nbsp;
<a name="cmdoption-default-http-listener-port"></a>

### -default-https-listener-port

Sets the port for the HTTPS `default_server` listener.

Default `443`.
&nbsp;
<a name="cmdoption-default-https-listener-port"></a>
2 changes: 2 additions & 0 deletions internal/configs/config_params.go
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,8 @@ type ConfigParams struct {
// StaticConfigParams holds immutable NGINX configuration parameters that affect the main NGINX config.
type StaticConfigParams struct {
DisableIPV6 bool
DefaultHTTPListenerPort int
DefaultHTTPSListenerPort int
HealthStatus bool
HealthStatusURI string
NginxStatus bool
Expand Down
2 changes: 2 additions & 0 deletions internal/configs/configmaps.go
Original file line number Diff line number Diff line change
Expand Up @@ -514,6 +514,8 @@ func GenerateNginxMainConfig(staticCfgParams *StaticConfigParams, config *Config
DefaultServerAccessLogOff: config.DefaultServerAccessLogOff,
DefaultServerReturn: config.DefaultServerReturn,
DisableIPV6: staticCfgParams.DisableIPV6,
DefaultHTTPListenerPort: staticCfgParams.DefaultHTTPListenerPort,
DefaultHTTPSListenerPort: staticCfgParams.DefaultHTTPSListenerPort,
ErrorLogLevel: config.MainErrorLogLevel,
HealthStatus: staticCfgParams.HealthStatus,
HealthStatusURI: staticCfgParams.HealthStatusURI,
Expand Down
2 changes: 2 additions & 0 deletions internal/configs/version1/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,8 @@ type MainConfig struct {
DefaultServerAccessLogOff bool
DefaultServerReturn string
DisableIPV6 bool
DefaultHTTPListenerPort int
DefaultHTTPSListenerPort int
ErrorLogLevel string
HealthStatus bool
HealthStatusURI string
Expand Down
8 changes: 4 additions & 4 deletions internal/configs/version1/nginx-plus.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -153,16 +153,16 @@ http {
set $resource_namespace "";
set $service "";

listen 80 default_server{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:80 default_server{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
listen {{ .DefaultHTTPListenerPort }} default_server{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:{{ .DefaultHTTPListenerPort }} default_server{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}

{{if .TLSPassthrough}}
listen unix:/var/lib/nginx/passthrough-https.sock ssl default_server{{if .HTTP2}} http2{{end}} proxy_protocol;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
{{else}}
listen 443 ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:443 ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
listen {{ .DefaultHTTPSListenerPort }} ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:{{ .DefaultHTTPSListenerPort }} ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{end}}

{{if .SSLRejectHandshake}}
Expand Down
8 changes: 4 additions & 4 deletions internal/configs/version1/nginx.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -106,16 +106,16 @@ http {
set $resource_namespace "";
set $service "";

listen 80 default_server{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:80 default_server{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
listen {{ .DefaultHTTPListenerPort}} default_server{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:{{ .DefaultHTTPListenerPort}} default_server{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}

{{if .TLSPassthrough}}
listen unix:/var/lib/nginx/passthrough-https.sock ssl default_server{{if .HTTP2}} http2{{end}} proxy_protocol;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
{{else}}
listen 443 ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:443 ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
listen {{ .DefaultHTTPSListenerPort}} ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:{{ .DefaultHTTPSListenerPort}} ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{end}}

{{if .SSLRejectHandshake}}
Expand Down
Loading

0 comments on commit aad4fc9

Please sign in to comment.