From 0da97ffee3ec84bb139a4e5507e52642585f62c2 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Thu, 26 Sep 2024 19:13:28 -0300 Subject: [PATCH] Add some more directives --- .../template/crossplane/location.go | 14 ++++++++++++ .../crossplane/testdata/nginx-new.tmpl | 22 +++++++++---------- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/internal/ingress/controller/template/crossplane/location.go b/internal/ingress/controller/template/crossplane/location.go index 9e119a5c8b..2852b64d33 100644 --- a/internal/ingress/controller/template/crossplane/location.go +++ b/internal/ingress/controller/template/crossplane/location.go @@ -328,8 +328,22 @@ func (c *Template) buildAllowedLocation(server *ingress.Server, location *ingres fmt.Sprintf("$http_%s", strings.ToLower(strings.ReplaceAll(c.tplConfig.Cfg.ForwardedForHeader, "-", "_")))), buildDirectiveWithComment(proxySetHeader, "mitigate HTTProxy Vulnerability - https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/", "Proxy", ""), + buildDirective("proxy_connect_timeout", seconds(location.Proxy.ConnectTimeout)), + buildDirective("proxy_read_timeout", seconds(location.Proxy.ReadTimeout)), + buildDirective("proxy_send_timeout", seconds(location.Proxy.SendTimeout)), + buildDirective("proxy_buffering", location.Proxy.ProxyBuffering), + buildDirective("proxy_buffer_size", location.Proxy.BufferSize), + buildDirective("proxy_buffers", location.Proxy.BuffersNumber, location.Proxy.BufferSize), + buildDirective("proxy_request_buffering", location.Proxy.RequestBuffering), + buildDirective("proxy_http_version", location.Proxy.ProxyHTTPVersion), + buildDirective("proxy_cookie_domain", location.Proxy.CookieDomain), + buildDirective("proxy_cookie_path", location.Proxy.CookiePath), ) + if isValidByteSize(location.Proxy.ProxyMaxTempFileSize, true) { + dir = append(dir, buildDirective("proxy_max_temp_file_size", location.Proxy.ProxyMaxTempFileSize)) + } + if c.tplConfig.Cfg.UseForwardedHeaders && c.tplConfig.Cfg.ComputeFullForwardedFor { dir = append(dir, buildDirective(proxySetHeader, "X-Forwarded-For", "$full_x_forwarded_for")) } else { diff --git a/internal/ingress/controller/template/crossplane/testdata/nginx-new.tmpl b/internal/ingress/controller/template/crossplane/testdata/nginx-new.tmpl index be7f3293d8..d70c891fc1 100644 --- a/internal/ingress/controller/template/crossplane/testdata/nginx-new.tmpl +++ b/internal/ingress/controller/template/crossplane/testdata/nginx-new.tmpl @@ -1121,21 +1121,21 @@ http { {{ $proxySetHeader }} {{ $k }} {{ $v | quote }}; # OK {{ end }} # 1 - proxy_connect_timeout {{ $location.Proxy.ConnectTimeout }}s; - proxy_send_timeout {{ $location.Proxy.SendTimeout }}s; - proxy_read_timeout {{ $location.Proxy.ReadTimeout }}s; + proxy_connect_timeout {{ $location.Proxy.ConnectTimeout }}s; OK + proxy_send_timeout {{ $location.Proxy.SendTimeout }}s; # OK + proxy_read_timeout {{ $location.Proxy.ReadTimeout }}s; # OK - proxy_buffering {{ $location.Proxy.ProxyBuffering }}; - proxy_buffer_size {{ $location.Proxy.BufferSize }}; - proxy_buffers {{ $location.Proxy.BuffersNumber }} {{ $location.Proxy.BufferSize }}; + proxy_buffering {{ $location.Proxy.ProxyBuffering }}; # OK + proxy_buffer_size {{ $location.Proxy.BufferSize }}; # OK + proxy_buffers {{ $location.Proxy.BuffersNumber }} {{ $location.Proxy.BufferSize }}; # OK {{ if isValidByteSize $location.Proxy.ProxyMaxTempFileSize true }} - proxy_max_temp_file_size {{ $location.Proxy.ProxyMaxTempFileSize }}; + proxy_max_temp_file_size {{ $location.Proxy.ProxyMaxTempFileSize }}; # OK {{ end }} - proxy_request_buffering {{ $location.Proxy.RequestBuffering }}; - proxy_http_version {{ $location.Proxy.ProxyHTTPVersion }}; + proxy_request_buffering {{ $location.Proxy.RequestBuffering }}; # OK + proxy_http_version {{ $location.Proxy.ProxyHTTPVersion }}; # OK - proxy_cookie_domain {{ $location.Proxy.CookieDomain }}; - proxy_cookie_path {{ $location.Proxy.CookiePath }}; + proxy_cookie_domain {{ $location.Proxy.CookieDomain }}; # OK + proxy_cookie_path {{ $location.Proxy.CookiePath }}; # OK # In case of errors try the next upstream server before returning an error proxy_next_upstream {{ buildNextUpstream $location.Proxy.NextUpstream $all.Cfg.RetryNonIdempotent }};