From 704a18cec9975d8ca7616df336bb4343afdabdf2 Mon Sep 17 00:00:00 2001 From: Giancarlo Rubio Date: Tue, 27 Dec 2016 10:52:04 +0100 Subject: [PATCH] Add support for proxy cookie path/proxy cookie domain --- controllers/nginx/configuration.md | 10 +++++++ controllers/nginx/pkg/config/config.go | 2 ++ .../rootfs/etc/nginx/template/nginx.tmpl | 3 +++ core/pkg/ingress/annotations/proxy/main.go | 27 ++++++++++++++----- core/pkg/ingress/defaults/main.go | 10 +++++++ 5 files changed, 46 insertions(+), 6 deletions(-) diff --git a/controllers/nginx/configuration.md b/controllers/nginx/configuration.md index 85dbcb0d24..f37ec71e7d 100644 --- a/controllers/nginx/configuration.md +++ b/controllers/nginx/configuration.md @@ -259,6 +259,12 @@ http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout **proxy-connect-timeout:** Sets the timeout for [establishing a connection with a proxied server](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout). It should be noted that this timeout cannot usually exceed 75 seconds. +**proxy-cookie-domain:** Sets a text that [should be changed in the domain attribute](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_domain) of the “Set-Cookie” header fields of a proxied server response. + + +**proxy-cookie-path:** Sets a text that [should be changed in the path attribute](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_path) of the “Set-Cookie” header fields of a proxied server response. + + **proxy-read-timeout:** Sets the timeout in seconds for [reading a response from the proxied server](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout). The timeout is set only between two successive read operations, not for the transmission of the whole response. @@ -376,7 +382,11 @@ The following table shows the options, the default value and a description. |keep-alive|"75"| |map-hash-bucket-size|"64"| |max-worker-connections|"16384"| +|proxy-body-size|same as body-size| +|proxy-buffer-size|"4k"| |proxy-connect-timeout|"5"| +|proxy-cookie-domain|"off"| +|proxy-cookie-path|"off"| |proxy-read-timeout|"60"| |proxy-real-ip-cidr|0.0.0.0/0| |proxy-send-timeout|"60"| diff --git a/controllers/nginx/pkg/config/config.go b/controllers/nginx/pkg/config/config.go index 2e7fe7d731..c4ac3dfd63 100644 --- a/controllers/nginx/pkg/config/config.go +++ b/controllers/nginx/pkg/config/config.go @@ -274,6 +274,8 @@ func NewDefault() Configuration { ProxyReadTimeout: 60, ProxySendTimeout: 60, ProxyBufferSize: "4k", + ProxyCookieDomain: "off", + ProxyCookiePath: "off", SSLRedirect: true, CustomHTTPErrors: []int{}, WhitelistSourceRange: []string{}, diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 101038dc3a..f7e36e0702 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -326,6 +326,9 @@ http { proxy_http_version 1.1; + proxy_cookie_domain {{ $location.Proxy.CookiePath }}; + proxy_cookie_path {{ $location.Proxy.CookieDomain }}; + {{/* rewrite only works if the content is not compressed */}} {{ if $location.Redirect.AddBaseURL }} proxy_set_header Accept-Encoding ""; diff --git a/core/pkg/ingress/annotations/proxy/main.go b/core/pkg/ingress/annotations/proxy/main.go index c1ee7e47be..93f83eb63f 100644 --- a/core/pkg/ingress/annotations/proxy/main.go +++ b/core/pkg/ingress/annotations/proxy/main.go @@ -24,11 +24,13 @@ import ( ) const ( - bodySize = "ingress.kubernetes.io/proxy-body-size" - connect = "ingress.kubernetes.io/proxy-connect-timeout" - send = "ingress.kubernetes.io/proxy-send-timeout" - read = "ingress.kubernetes.io/proxy-read-timeout" - bufferSize = "ingress.kubernetes.io/proxy-buffer-size" + bodySize = "ingress.kubernetes.io/proxy-body-size" + connect = "ingress.kubernetes.io/proxy-connect-timeout" + send = "ingress.kubernetes.io/proxy-send-timeout" + read = "ingress.kubernetes.io/proxy-read-timeout" + bufferSize = "ingress.kubernetes.io/proxy-buffer-size" + cookiePath = "ingress.kubernetes.io/proxy-cookie-path" + cookieDomain = "ingress.kubernetes.io/proxy-cookie-domain" ) // Configuration returns the proxy timeout to use in the upstream server/s @@ -38,6 +40,8 @@ type Configuration struct { SendTimeout int `json:"sendTimeout"` ReadTimeout int `json:"readTimeout"` BufferSize string `json:"bufferSize"` + CookieDomain string `json:"proxyCookieDomain"` + CookiePath string `json:"proxyCookiePath"` } type proxy struct { @@ -73,10 +77,21 @@ func (a proxy) Parse(ing *extensions.Ingress) (interface{}, error) { bufs = defBackend.ProxyBufferSize } + cp, err := parser.GetStringAnnotation(cookiePath, ing) + if err != nil || cp == "" { + cp = defBackend.ProxyCookiePath + } + + cd, err := parser.GetStringAnnotation(cookieDomain, ing) + if err != nil || cp == "" { + cp = defBackend.ProxyCookieDomain + } + bs, err := parser.GetStringAnnotation(bodySize, ing) if err != nil || bs == "" { bs = defBackend.ProxyBodySize } - return &Configuration{bs, ct, st, rt, bufs}, nil + return &Configuration{bs, ct, st, rt, bufs, + cd, cp}, nil } diff --git a/core/pkg/ingress/defaults/main.go b/core/pkg/ingress/defaults/main.go index ba56bc7c91..19b6c110b0 100644 --- a/core/pkg/ingress/defaults/main.go +++ b/core/pkg/ingress/defaults/main.go @@ -37,6 +37,16 @@ type Backend struct { // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) ProxyBufferSize string `json:"proxy-buffer-size"` + // Sets a text that should be changed in the path attribute of the “Set-Cookie” header fields of + // a proxied server response. + // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_path + ProxyCookiePath string `json:"proxy-cookie-path"` + + // Sets a text that should be changed in the domain attribute of the “Set-Cookie” header fields + // of a proxied server response. + // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_domain + ProxyCookieDomain string `json:"proxy-cookie-domain"` + // Name server/s used to resolve names of upstream servers into IP addresses. // The file /etc/resolv.conf is used as DNS resolution configuration. Resolver []net.IP