Merge branch 'master' into http-logging

distributions/build-package-script.sh

@@ -30,6 +30,7 @@ PCRE_VERSION=8.36
 LUAROCKS_VERSION=2.2.2
 OPENRESTY_VERSION=1.7.10.2rc0
 DNSMASQ_VERSION=2.72
+OPENSSL_VERSION=1.0.2a
 
 # Variables to be used in the build process
 PACKAGE_TYPE=""
@@ -107,6 +108,15 @@ else
   echo "Building Kong: $KONG_BRANCH"
 fi
 
+# Download OpenSSL
+cd $TMP
+wget https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz -O openssl-$OPENSSL_VERSION.tar.gz
+tar xzf openssl-$OPENSSL_VERSION.tar.gz
+if [ "$(uname)" = "Darwin" ]; then # Checking if OS X
+  export KERNEL_BITS=64 # This sets the right OpenSSL variable for OS X
+fi
+OPENRESTY_CONFIGURE="--with-openssl=$TMP/openssl-$OPENSSL_VERSION"
+
 # Install fpm
 gem install fpm
 
@@ -144,19 +154,9 @@ if [ "$(uname)" = "Darwin" ]; then
   cd $OUT
 
   LUAROCKS_CONFIGURE="--with-lua-include=$OUT/usr/local/include"
-  OPENRESTY_CONFIGURE="--with-cc-opt=-I$OUT/usr/local/include --with-ld-opt=-L$OUT/usr/local/lib"
+  OPENRESTY_CONFIGURE=$OPENRESTY_CONFIGURE" --with-cc-opt=-I$OUT/usr/local/include --with-ld-opt=-L$OUT/usr/local/lib"
 fi
 
-# Install OpenResty
-cd $TMP
-wget http://openresty.org/download/ngx_openresty-$OPENRESTY_VERSION.tar.gz
-tar xzf ngx_openresty-$OPENRESTY_VERSION.tar.gz
-cd ngx_openresty-$OPENRESTY_VERSION
-./configure --with-pcre-jit --with-ipv6 --with-http_realip_module --with-http_ssl_module --with-http_stub_status_module ${OPENRESTY_CONFIGURE}
-make
-make install DESTDIR=$OUT
-cd $OUT
-
 # Install LuaRocks
 cd $TMP
 wget http://luarocks.org/releases/luarocks-$LUAROCKS_VERSION.tar.gz
@@ -177,6 +177,54 @@ rocks_trees = {
 export LUAROCKS_CONFIG=$rocks_config
 export LUA_PATH=${OUT}/usr/local/share/lua/5.1/?.lua
 
+############################################
+######### Install Patched OpenResty ########
+############################################
+cd $TMP
+wget http://openresty.org/download/ngx_openresty-$OPENRESTY_VERSION.tar.gz
+tar xzf ngx_openresty-$OPENRESTY_VERSION.tar.gz
+cd ngx_openresty-$OPENRESTY_VERSION
+# Download and apply nginx patch
+cd bundle/nginx-*
+wget https://raw.githubusercontent.com/openresty/lua-nginx-module/ssl-cert-by-lua/patches/nginx-ssl-cert.patch --no-check-certificate
+patch -p1 < nginx-ssl-cert.patch
+cd ..
+# Download `ssl-cert-by-lua` branch
+wget https://github.com/openresty/lua-nginx-module/archive/ssl-cert-by-lua.tar.gz -O ssl-cert-by-lua.tar.gz --no-check-certificate
+tar xzf ssl-cert-by-lua.tar.gz
+# Replace `ngx_lua-*` with `ssl-cert-by-lua` branch
+NGX_LUA=`ls | grep ngx_lua-*`
+rm -rf $NGX_LUA
+mv lua-nginx-module-ssl-cert-by-lua $NGX_LUA
+# Install ssl.lua
+cd $NGX_LUA/lua
+echo '
+package = "ngxssl"
+version = "0.1-1"
+source = {
+  url = "git://github.com/openresty/lua-nginx-module",
+  branch = "ssl-cert-by-lua"
+}
+dependencies = {
+  "lua >= 5.1"
+}
+build = {
+  type = "builtin",
+  modules = {
+    ["ngx.ssl"] = "ngx/ssl.lua"
+  }
+}
+' > ngxssl-0.1-1.rockspec
+$OUT/usr/local/bin/luarocks make ngxssl-0.1-1.rockspec
+# Configure and install
+cd $TMP/ngx_openresty-$OPENRESTY_VERSION
+./configure --with-pcre-jit --with-ipv6 --with-http_realip_module --with-http_ssl_module --with-http_stub_status_module ${OPENRESTY_CONFIGURE}
+make
+make install DESTDIR=$OUT
+############################################
+############################################
+############################################
+
 # Install Kong
 cd $TMP
 git clone --branch $KONG_BRANCH --depth 1 https://github.com/Mashape/kong.git
@@ -207,9 +255,9 @@ echo \"user=root\" > /etc/dnsmasq.conf" > $post_install_script
 initial_letter="$(echo $KONG_BRANCH | head -c 1)"
 re='^[0-9]+$' # to check it's a number
 if ! [[ $initial_letter =~ $re ]] ; then
-  KONG_VERSION="${rockspec_version%-*}$KONG_BRANCH"
+  KONG_VERSION="${rockspec_version%-*}${KONG_BRANCH//[-\/]/}"
 elif [ $PACKAGE_TYPE == "rpm" ]; then
-  KONG_VERSION=${KONG_BRANCH//-/_}
+  KONG_VERSION=${KONG_BRANCH//[-\/]/}
 else
   KONG_VERSION=$KONG_BRANCH
 fi

distributions/test-package-script.sh

@@ -72,5 +72,10 @@ if ! [ `curl -s -o /dev/null -w "%{http_code}" -H "Host: $RANDOM_API_NAME.com" h
   exit 1
 fi
 
+if ! [ `curl -s -o /dev/null -w "%{http_code}" -H "Host: $RANDOM_API_NAME.com" https://127.0.0.1:8443/request --insecure` == "200" ]; then
+  echo "Can't invoke API"
+  exit 1
+fi
+
 echo "Test success!"
 exit 0

kong-0.2.1-1.rockspec → kong-0.3.0-1.rockspec

@@ -1,9 +1,9 @@
 package = "kong"
-version = "0.2.1-1"
+version = "0.3.0-1"
 supported_platforms = {"linux", "macosx"}
 source = {
   url = "git://github.com/Mashape/kong",
-  tag = "0.2.1"
+  tag = "0.3.0"
 }
 description = {
   summary = "Kong is a scalable and customizable API Management Layer built on top of Nginx.",
@@ -24,6 +24,7 @@ dependencies = {
   "lua-path ~> 0.2.3-1",
   "lua-cjson ~> 2.1.0-1",
   "ansicolors ~> 1.0.2-3",
+  "lbase64 ~> 20120820-1",
 
   "luasocket ~> 2.0.2-5",
   "lrexlib-pcre ~> 2.7.2-1",
@@ -66,6 +67,8 @@ build = {
     ["kong.resolver.handler"] = "kong/resolver/handler.lua",
     ["kong.resolver.access"] = "kong/resolver/access.lua",
     ["kong.resolver.header_filter"] = "kong/resolver/header_filter.lua",
+    ["kong.resolver.certificate"] = "kong/resolver/certificate.lua",
+    ["kong.resolver.resolver_util"] = "kong/resolver/resolver_util.lua",
 
     ["kong.dao.error"] = "kong/dao/error.lua",
     ["kong.dao.schemas"] = "kong/dao/schemas.lua",
@@ -119,6 +122,11 @@ build = {
     ["kong.plugins.cors.access"] = "kong/plugins/cors/access.lua",
     ["kong.plugins.cors.schema"] = "kong/plugins/cors/schema.lua",
 
+    ["kong.plugins.ssl.handler"] = "kong/plugins/ssl/handler.lua",
+    ["kong.plugins.ssl.certificate"] = "kong/plugins/ssl/certificate.lua",
+    ["kong.plugins.ssl.ssl_util"] = "kong/plugins/ssl/ssl_util.lua",
+    ["kong.plugins.ssl.schema"] = "kong/plugins/ssl/schema.lua",
+
     ["kong.api.app"] = "kong/api/app.lua",
     ["kong.api.routes.apis"] = "kong/api/routes/apis.lua",
     ["kong.api.routes.consumers"] = "kong/api/routes/consumers.lua",
@@ -129,5 +137,5 @@ build = {
     conf = { "kong.yml" },
     bin = { "bin/kong" }
   },
-  copy_directories = { "database/migrations/" }
+  copy_directories = { "database/migrations/", "ssl" }
 }

kong.yml

@@ -1,5 +1,6 @@
-# Available plugins on this server
+## Available plugins on this server
 plugins_available:
+  - ssl
   - keyauth
   - basicauth
   - ratelimiting
@@ -10,16 +11,22 @@ plugins_available:
   - request_transformer
   - httplog
 
+## The Kong working directory
+## (Make sure you have read and write permissions)
 nginx_working_dir: /usr/local/kong/
 
+## Port configuration
 proxy_port: 8000
+proxy_ssl_port: 8443
 admin_api_port: 8001
+
+## Secondary port configuration
 dnsmasq_port: 8053
 
-# Specify the DAO to use
+## Specify the DAO to use
 database: cassandra
 
-# Databases configuration
+## Databases configuration
 databases_available:
   cassandra:
     properties:
@@ -29,19 +36,24 @@ databases_available:
       keyspace: kong
       keepalive: 60000 # in milliseconds
 
-# Cassandra cache configuration
+## SSL Settings
+## (Uncomment the two properties below to set your own certificate)
+# ssl_cert_path: /path/to/certificate.pem
+# ssl_key_path: /path/to/certificate.key
+
+## Cassandra cache configuration
 database_cache_expiration: 5 # in seconds
 
-# Sends anonymous error reports
+## Sends anonymous error reports
 send_anonymous_reports: true
 
-# In-memory cache size (MB)
+## In-memory cache size (MB)
 memory_cache_size: 128
 
-# Nginx configuration
+## Nginx configuration
 nginx: |
   worker_processes auto;
-  error_log logs/error.log info;
+  error_log logs/error.log error;
   daemon on;
 
   worker_rlimit_nofile {{auto_worker_rlimit_nofile}};
@@ -58,7 +70,7 @@ nginx: |
     charset UTF-8;
 
     access_log logs/access.log;
-    access_log on;
+    access_log off;
 
     # Timeouts
     keepalive_timeout 60s;
@@ -106,7 +118,14 @@ nginx: |
     ';
 
     server {
+      server_name _;
       listen {{proxy_port}};
+      listen {{proxy_ssl_port}} ssl;
+
+      ssl_certificate_by_lua 'kong.exec_plugins_certificate()';
+
+      ssl_certificate {{ssl_cert}};
+      ssl_certificate_key {{ssl_key}};
 
       location / {
         default_type 'text/plain';
@@ -120,6 +139,7 @@ nginx: |
         # Proxy the request
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
         proxy_pass $backend_url;
         proxy_pass_header Server;
 

kong/api/routes/base_controller.lua

@@ -20,6 +20,13 @@ local function send_dao_error_response(err)
   end
 end
 
+-- Parses a form value, handling multipart/data values
+-- @param `v` The value object
+-- @return The parsed value
+local function parse_value(v)
+  return type(v) == "table" and v.content or v -- Handle multipart
+end
+
 -- Put nested keys in objects:
 -- Normalize dotted keys in objects.
 -- Example: {["key.value.sub"]=1234} becomes {key = {value = {sub=1234}}
@@ -50,13 +57,13 @@ local function normalize_nested_params(obj)
       table.remove(keys, 1) -- remove the first level
       normalized_obj[k] = nil -- remove it from the object
       if #keys > 0 then -- if we still have some keys, then there are more levels of nestinf
-        normalized_obj[current_level][table.concat(keys, ".")] = v
+        normalized_obj[current_level][table.concat(keys, ".")] = parse_value(v)
         normalized_obj[current_level] = normalize_nested_params(normalized_obj[current_level])
       else
-        normalized_obj[current_level] = v -- latest level of nesting, attaching the value
+        normalized_obj[current_level] = parse_value(v) -- latest level of nesting, attaching the value
       end
     else
-      normalized_obj[k] = v -- nothing special with that key, simply attaching the value
+      normalized_obj[k] = parse_value(v) -- nothing special with that key, simply attaching the value
     end
   end
 
@@ -177,4 +184,4 @@ function BaseController:new(dao_collection, collection)
   end))
 end
 
-return BaseController
+return BaseController

kong/cli/config.lua

@@ -27,17 +27,21 @@ local DEFAULT_ENV_VALUES = {
     ["send_anonymous_reports: true"] = "send_anonymous_reports: false",
     ["keyspace: kong"] = "keyspace: kong_tests",
     ["lua_package_path ';;'"] = "lua_package_path './kong/?.lua;;'",
-    ["error_log logs/error.log info"] = "error_log logs/error.log debug",
+    ["error_log logs/error.log error"] = "error_log logs/error.log debug",
     ["proxy_port: 8000"] = "proxy_port: 8100",
-    ["admin_api_port: 8001"] = "admin_api_port: 8101"
+    ["proxy_ssl_port: 8443"] = "proxy_ssl_port: 8543",
+    ["admin_api_port: 8001"] = "admin_api_port: 8101",
+    ["dnsmasq_port: 8053"] = "dnsmasq_port: 8153",
+    ["access_log off"] = "access_log on"
   },
   DEVELOPMENT = {
     ["nginx_working_dir: /usr/local/kong/"] = "nginx_working_dir: nginx_tmp",
     ["send_anonymous_reports: true"] = "send_anonymous_reports: false",
     ["keyspace: kong"] = "keyspace: kong_development",
     ["lua_package_path ';;'"] = "lua_package_path './kong/?.lua;;'",
-    ["error_log logs/error.log info"] = "error_log logs/error.log debug",
-    ["lua_code_cache on"] = "lua_code_cache off"
+    ["error_log logs/error.log error"] = "error_log logs/error.log debug",
+    ["lua_code_cache on"] = "lua_code_cache off",
+    ["access_log off"] = "access_log on"
   }
 }
 

kong/cli/utils/signal.lua

@@ -81,7 +81,7 @@ local function prepare_nginx_working_dir(args_config)
   if err then
     cutils.logger:error_exit(err)
   end
-
+  -- Create logs files
   os.execute("touch "..IO.path:join(kong_config.nginx_working_dir, "logs", "error.log"))
   os.execute("touch "..IO.path:join(kong_config.nginx_working_dir, "logs", "access.log"))
 
@@ -97,13 +97,18 @@ local function prepare_nginx_working_dir(args_config)
     cutils.logger:warn("Setting \"memory_cache_size\" to default 128MB")
   end
 
+  local ssl_cert_path, ssl_key_path = cutils.get_ssl_cert_and_key(kong_config)
+
   -- Extract nginx config from kong config, replace any needed value
   local nginx_config = kong_config.nginx
   local nginx_inject = {
     proxy_port = kong_config.proxy_port,
+    proxy_ssl_port = kong_config.proxy_ssl_port,
     admin_api_port = kong_config.admin_api_port,
     dns_resolver = "127.0.0.1:"..kong_config.dnsmasq_port,
-    memory_cache_size = kong_config.memory_cache_size
+    memory_cache_size = kong_config.memory_cache_size,
+    ssl_cert = ssl_cert_path,
+    ssl_key = ssl_key_path
   }
 
   -- Auto-tune
@@ -238,7 +243,7 @@ function _M.prepare_kong(args_config, signal)
 
   if not signal or (signal and signal ~= RELOAD) then
     -- Check ports
-    local ports = { kong_config.proxy_port, kong_config.admin_api_port, kong_config.dnsmasq_port }
+    local ports = { kong_config.proxy_port, kong_config.proxy_ssl_port, kong_config.admin_api_port, kong_config.dnsmasq_port }
     for _,port in ipairs(ports) do
       if cutils.is_port_open(port) then
         cutils.logger:error_exit("Port "..tostring(port).." is already being used by another process.")