From d5d53c921c9d9dccceec10df7879266943374f2e Mon Sep 17 00:00:00 2001 From: Nico Schieder Date: Wed, 30 Nov 2016 11:37:22 +0100 Subject: [PATCH 1/2] Add proxy_hide_header directive --- nginx-controller/Makefile | 8 ++++---- nginx-controller/controller/controller.go | 7 +++++++ nginx-controller/nginx/config.go | 1 + nginx-controller/nginx/configurator.go | 13 +++++++++++++ nginx-controller/nginx/ingress.tmpl | 3 +++ nginx-controller/nginx/nginx.go | 1 + 6 files changed, 29 insertions(+), 4 deletions(-) diff --git a/nginx-controller/Makefile b/nginx-controller/Makefile index f2b128518a..2f0c8581e1 100644 --- a/nginx-controller/Makefile +++ b/nginx-controller/Makefile @@ -1,14 +1,14 @@ all: push -VERSION = 0.6.0 +VERSION = 0.6.3-merged TAG = $(VERSION) -PREFIX = nginxdemos/nginx-ingress +PREFIX = quay.io/nico_schieder/nginxinc-kubernetes-ingress -DOCKER_RUN = docker run --rm -v $(shell pwd)/../:/go/src/github.com/nginxinc/kubernetes-ingress -w /go/src/github.com/nginxinc/kubernetes-ingress/nginx-controller/ +DOCKER_RUN = docker run --rm -v $(shell pwd)/../:/go/src/github.com/nginxinc/kubernetes-ingress:Z -w /go/src/github.com/nginxinc/kubernetes-ingress/nginx-controller/ GOLANG_CONTAINER = golang:1.6 DOCKERFILE = Dockerfile -BUILD_IN_CONTAINER = 1 +BUILD_IN_CONTAINER = 0 PUSH_TO_GCR = ifeq ($(PUSH_TO_GCR),1) diff --git a/nginx-controller/controller/controller.go b/nginx-controller/controller/controller.go index 5405e15e4d..0b279d53c7 100644 --- a/nginx-controller/controller/controller.go +++ b/nginx-controller/controller/controller.go @@ -315,6 +315,13 @@ func (lbc *LoadBalancerController) syncCfgm(key string) { if proxyReadTimeout, exists := cfgm.Data["proxy-read-timeout"]; exists { cfg.ProxyReadTimeout = proxyReadTimeout } + if proxyHideHeaders, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "proxy-hide-headers", cfgm); exists { + if err != nil { + glog.Error(err) + } else { + cfg.ProxyHideHeaders = proxyHideHeaders + } + } if clientMaxBodySize, exists := cfgm.Data["client-max-body-size"]; exists { cfg.ClientMaxBodySize = clientMaxBodySize } diff --git a/nginx-controller/nginx/config.go b/nginx-controller/nginx/config.go index 25e2c31adf..9ee5b3cc9f 100644 --- a/nginx-controller/nginx/config.go +++ b/nginx-controller/nginx/config.go @@ -14,6 +14,7 @@ type Config struct { ProxyBufferSize string ProxyMaxTempFileSize string ProxyProtocol bool + ProxyHideHeaders []string HSTS bool HSTSMaxAge int64 HSTSIncludeSubdomains bool diff --git a/nginx-controller/nginx/configurator.go b/nginx-controller/nginx/configurator.go index e88dd15080..680058dcf4 100644 --- a/nginx-controller/nginx/configurator.go +++ b/nginx-controller/nginx/configurator.go @@ -112,6 +112,7 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri RealIPHeader: ingCfg.RealIPHeader, SetRealIPFrom: ingCfg.SetRealIPFrom, RealIPRecursive: ingCfg.RealIPRecursive, + ProxyHideHeaders: ingCfg.ProxyHideHeaders, } if pemFile, ok := pems[serverName]; ok { @@ -160,6 +161,7 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri RealIPHeader: ingCfg.RealIPHeader, SetRealIPFrom: ingCfg.SetRealIPFrom, RealIPRecursive: ingCfg.RealIPRecursive, + ProxyHideHeaders: ingCfg.ProxyHideHeaders, } if pemFile, ok := pems[emptyHost]; ok { @@ -190,6 +192,17 @@ func (cnf *Configurator) createConfig(ingEx *IngressEx) Config { if proxyReadTimeout, exists := ingEx.Ingress.Annotations["nginx.org/proxy-read-timeout"]; exists { ingCfg.ProxyReadTimeout = proxyReadTimeout } + if proxyHideHeaders, exists, err := GetMapKeyAsStringSlice(ingEx.Ingress.Annotations, "nginx.org/proxy-hide-headers", ingEx.Ingress); exists { + if err != nil { + glog.Error(err) + } else { + if ingCfg.ProxyHideHeaders == nil || len(ingCfg.ProxyHideHeaders) == 0 { + ingCfg.ProxyHideHeaders = proxyHideHeaders + } else { + ingCfg.ProxyHideHeaders = append(ingCfg.ProxyHideHeaders, proxyHideHeaders...) + } + } + } if clientMaxBodySize, exists := ingEx.Ingress.Annotations["nginx.org/client-max-body-size"]; exists { ingCfg.ClientMaxBodySize = clientMaxBodySize } diff --git a/nginx-controller/nginx/ingress.tmpl b/nginx-controller/nginx/ingress.tmpl index d32ac2f1fd..13b5196347 100644 --- a/nginx-controller/nginx/ingress.tmpl +++ b/nginx-controller/nginx/ingress.tmpl @@ -21,6 +21,9 @@ server { server_name {{$server.Name}}; {{end}} + {{range $proxyHideHeader := $server.ProxyHideHeaders}} + proxy_hide_header {{$proxyHideHeader}};{{end}} + {{if $server.SSL}} if ($scheme = http) { return 301 https://$host$request_uri; diff --git a/nginx-controller/nginx/nginx.go b/nginx-controller/nginx/nginx.go index 909e0a1dc6..2c45f5a0d7 100644 --- a/nginx-controller/nginx/nginx.go +++ b/nginx-controller/nginx/nginx.go @@ -48,6 +48,7 @@ type Server struct { HSTS bool HSTSMaxAge int64 HSTSIncludeSubdomains bool + ProxyHideHeaders []string // http://nginx.org/en/docs/http/ngx_http_realip_module.html RealIPHeader string From 84bf4f4b80d4c840b6574f3614b2c241316ba9ad Mon Sep 17 00:00:00 2001 From: Nico Schieder Date: Thu, 1 Dec 2016 09:26:24 +0100 Subject: [PATCH 2/2] Reverted Makefile, added proxy_pass_header directive --- nginx-controller/Makefile | 8 ++++---- nginx-controller/controller/controller.go | 7 +++++++ nginx-controller/nginx/config.go | 1 + nginx-controller/nginx/configurator.go | 15 ++++++++++----- nginx-controller/nginx/ingress.tmpl | 4 ++-- nginx-controller/nginx/nginx.go | 1 + 6 files changed, 25 insertions(+), 11 deletions(-) diff --git a/nginx-controller/Makefile b/nginx-controller/Makefile index 2f0c8581e1..f2b128518a 100644 --- a/nginx-controller/Makefile +++ b/nginx-controller/Makefile @@ -1,14 +1,14 @@ all: push -VERSION = 0.6.3-merged +VERSION = 0.6.0 TAG = $(VERSION) -PREFIX = quay.io/nico_schieder/nginxinc-kubernetes-ingress +PREFIX = nginxdemos/nginx-ingress -DOCKER_RUN = docker run --rm -v $(shell pwd)/../:/go/src/github.com/nginxinc/kubernetes-ingress:Z -w /go/src/github.com/nginxinc/kubernetes-ingress/nginx-controller/ +DOCKER_RUN = docker run --rm -v $(shell pwd)/../:/go/src/github.com/nginxinc/kubernetes-ingress -w /go/src/github.com/nginxinc/kubernetes-ingress/nginx-controller/ GOLANG_CONTAINER = golang:1.6 DOCKERFILE = Dockerfile -BUILD_IN_CONTAINER = 0 +BUILD_IN_CONTAINER = 1 PUSH_TO_GCR = ifeq ($(PUSH_TO_GCR),1) diff --git a/nginx-controller/controller/controller.go b/nginx-controller/controller/controller.go index 0b279d53c7..8bb493ac39 100644 --- a/nginx-controller/controller/controller.go +++ b/nginx-controller/controller/controller.go @@ -322,6 +322,13 @@ func (lbc *LoadBalancerController) syncCfgm(key string) { cfg.ProxyHideHeaders = proxyHideHeaders } } + if proxyPassHeaders, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "proxy-pass-headers", cfgm); exists { + if err != nil { + glog.Error(err) + } else { + cfg.ProxyPassHeaders = proxyPassHeaders + } + } if clientMaxBodySize, exists := cfgm.Data["client-max-body-size"]; exists { cfg.ClientMaxBodySize = clientMaxBodySize } diff --git a/nginx-controller/nginx/config.go b/nginx-controller/nginx/config.go index 9ee5b3cc9f..ddb54744c1 100644 --- a/nginx-controller/nginx/config.go +++ b/nginx-controller/nginx/config.go @@ -15,6 +15,7 @@ type Config struct { ProxyMaxTempFileSize string ProxyProtocol bool ProxyHideHeaders []string + ProxyPassHeaders []string HSTS bool HSTSMaxAge int64 HSTSIncludeSubdomains bool diff --git a/nginx-controller/nginx/configurator.go b/nginx-controller/nginx/configurator.go index 680058dcf4..dbca50eca1 100644 --- a/nginx-controller/nginx/configurator.go +++ b/nginx-controller/nginx/configurator.go @@ -113,6 +113,7 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri SetRealIPFrom: ingCfg.SetRealIPFrom, RealIPRecursive: ingCfg.RealIPRecursive, ProxyHideHeaders: ingCfg.ProxyHideHeaders, + ProxyPassHeaders: ingCfg.ProxyPassHeaders, } if pemFile, ok := pems[serverName]; ok { @@ -162,6 +163,7 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri SetRealIPFrom: ingCfg.SetRealIPFrom, RealIPRecursive: ingCfg.RealIPRecursive, ProxyHideHeaders: ingCfg.ProxyHideHeaders, + ProxyPassHeaders: ingCfg.ProxyPassHeaders, } if pemFile, ok := pems[emptyHost]; ok { @@ -196,11 +198,14 @@ func (cnf *Configurator) createConfig(ingEx *IngressEx) Config { if err != nil { glog.Error(err) } else { - if ingCfg.ProxyHideHeaders == nil || len(ingCfg.ProxyHideHeaders) == 0 { - ingCfg.ProxyHideHeaders = proxyHideHeaders - } else { - ingCfg.ProxyHideHeaders = append(ingCfg.ProxyHideHeaders, proxyHideHeaders...) - } + ingCfg.ProxyHideHeaders = proxyHideHeaders + } + } + if proxyPassHeaders, exists, err := GetMapKeyAsStringSlice(ingEx.Ingress.Annotations, "nginx.org/proxy-pass-headers", ingEx.Ingress); exists { + if err != nil { + glog.Error(err) + } else { + ingCfg.ProxyPassHeaders = proxyPassHeaders } } if clientMaxBodySize, exists := ingEx.Ingress.Annotations["nginx.org/client-max-body-size"]; exists { diff --git a/nginx-controller/nginx/ingress.tmpl b/nginx-controller/nginx/ingress.tmpl index 13b5196347..347c46a93c 100644 --- a/nginx-controller/nginx/ingress.tmpl +++ b/nginx-controller/nginx/ingress.tmpl @@ -20,10 +20,10 @@ server { {{if $server.Name}} server_name {{$server.Name}}; {{end}} - {{range $proxyHideHeader := $server.ProxyHideHeaders}} proxy_hide_header {{$proxyHideHeader}};{{end}} - + {{range $proxyPassHeader := $server.ProxyPassHeaders}} + proxy_pass_header {{$proxyPassHeader}};{{end}} {{if $server.SSL}} if ($scheme = http) { return 301 https://$host$request_uri; diff --git a/nginx-controller/nginx/nginx.go b/nginx-controller/nginx/nginx.go index 2c45f5a0d7..6c264706b0 100644 --- a/nginx-controller/nginx/nginx.go +++ b/nginx-controller/nginx/nginx.go @@ -49,6 +49,7 @@ type Server struct { HSTSMaxAge int64 HSTSIncludeSubdomains bool ProxyHideHeaders []string + ProxyPassHeaders []string // http://nginx.org/en/docs/http/ngx_http_realip_module.html RealIPHeader string