Merge branch 'upstream' into nginx/extauth_headers

2017-02-08 16:57:03 -05:00 · 2017-02-08 16:57:03 -05:00 · 4c2b2512f5
commit 4c2b2512f5
parent 66813229f8 1eaea7576c
13 changed files with 370 additions and 48 deletions
--- a/controllers/nginx/configuration.md
+++ b/controllers/nginx/configuration.md
@ -66,7 +66,7 @@ In addition to the built-in functions provided by the Go package the following f

  - empty: returns true if the specified parameter (string) is empty
  - contains: [strings.Contains](https://golang.org/pkg/strings/#Contains)
-  - hasPrefix: [strings.HasPrefix](https://golang.org/pkg/strings/#Contains)
+  - hasPrefix: [strings.HasPrefix](https://golang.org/pkg/strings/#HasPrefix)
  - hasSuffix: [strings.HasSuffix](https://golang.org/pkg/strings/#HasSuffix)
  - toUpper: [strings.ToUpper](https://golang.org/pkg/strings/#ToUpper)
  - toLower: [strings.ToLower](https://golang.org/pkg/strings/#ToLower)
--- a/controllers/nginx/pkg/cmd/controller/nginx.go
+++ b/controllers/nginx/pkg/cmd/controller/nginx.go
@ -132,10 +132,10 @@ NGINX master process died (%v): %v
 		// we wait until the workers are killed
 		for {
 			conn, err := net.DialTimeout("tcp", "127.0.0.1:80", 1*time.Second)
-			if err == nil {
-				conn.Close()
+			if err != nil {
 				break
 			}
+			conn.Close()
 			time.Sleep(1 * time.Second)
 		}
 		// start a new nginx master process
@ -331,7 +331,7 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) ([]byte, er
 		PassthroughBackends: ingressCfg.PassthroughBackends,
 		Servers:             ingressCfg.Servers,
 		TCPBackends:         ingressCfg.TCPEndpoints,
-		UDPBackends:         ingressCfg.UPDEndpoints,
+		UDPBackends:         ingressCfg.UDPEndpoints,
 		HealthzURI:          ngxHealthPath,
 		CustomErrors:        len(cfg.CustomHTTPErrors) > 0,
 		Cfg:                 cfg,
--- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
+++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@ -203,7 +203,8 @@ http {
        server_name {{ $server.Hostname }};
        listen [::]:80{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $index 0 }} ipv6only=off{{end}}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}};
        {{/* Listen on 442 because port 443 is used in the stream section */}}
-        {{ if not (empty $server.SSLCertificate) }}listen 442 {{ if $cfg.UseProxyProtocol }}proxy_protocol{{ end }} {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }};
+        {{/* This listen cannot contains proxy_protocol directive because port 443 is in charge of decoding the protocol */}}
+        {{ if not (empty $server.SSLCertificate) }}listen 442 {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $backlogSize }}{{end}} ssl {{ if $cfg.UseHTTP2 }}http2{{ end }};
        {{/* comment PEM sha is required to detect changes in the generated configuration and force a reload */}}
        # PEM sha: {{ $server.SSLPemChecksum }}
        ssl_certificate                         {{ $server.SSLCertificate }};
@ -437,8 +438,7 @@ stream {
    {{ buildSSPassthroughUpstreams $backends .PassthroughBackends }}

    server {
-        listen                  [::]:443 ipv6only=off;
-        {{ if $cfg.UseProxyProtocol }}proxy_protocol on;{{ end }}
+        listen                  [::]:443 ipv6only=off{{ if $cfg.UseProxyProtocol }} proxy_protocol{{ end }};
        proxy_pass              $stream_upstream;
        ssl_preread             on;
    }