DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Managing a whitelist for _/nginx_status (#2187)

Browse source 
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
This commit is contained in:
Sylvain Rabot 2018-03-28 14:27:34 +02:00 committed by Manuel Alejandro de Brito Fontes
parent 6bc4dad38a
commit 385368990c
8 changed files with 79 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

10
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -1011,8 +1011,14 @@ stream {
# this is required to avoid error if nginx is being monitored
# with an external software (like sysdig)
location /nginx_status {
allow 127.0.0.1;
{{ if $all.IsIPV6Enabled }}allow ::1;{{ end }}
{{ range $v := $all.NginxStatusIpv4Whitelist }}
allow {{ $v }};
{{ end }}
{{ if $all.IsIPV6Enabled -}}
{{ range $v := $all.NginxStatusIpv6Whitelist }}
allow {{ $v }};
{{ end }}
{{ end -}}
deny all;
access_log off;