Only support SSL dynamic mode

internal/ingress/controller/template/template.go

@@ -21,6 +21,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"io/ioutil"
 	"math/rand"
 	"net"
 	"net/url"
@@ -39,7 +40,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/klog"
 
-	"k8s.io/ingress-nginx/internal/file"
 	"k8s.io/ingress-nginx/internal/ingress"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/influxdb"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/ratelimit"
@@ -67,8 +67,8 @@ type Template struct {
 
 //NewTemplate returns a new Template instance or an
 //error if the specified template file contains errors
-func NewTemplate(file string, fs file.Filesystem) (*Template, error) {
-	data, err := fs.ReadFile(file)
+func NewTemplate(file string) (*Template, error) {
+	data, err := ioutil.ReadFile(file)
 	if err != nil {
 		return nil, errors.Wrapf(err, "unexpected error reading template %v", file)
 	}
@@ -346,7 +346,7 @@ func locationConfigForLua(l interface{}, s interface{}, a interface{}) string {
 		return "{}"
 	}
 
-	forceSSLRedirect := location.Rewrite.ForceSSLRedirect || len(server.SSLCert.PemFileName) > 0 && location.Rewrite.SSLRedirect
+	forceSSLRedirect := location.Rewrite.ForceSSLRedirect || (server.SSLCert != nil && location.Rewrite.SSLRedirect)
 	forceSSLRedirect = forceSSLRedirect && !isLocationInLocationList(l, all.Cfg.NoTLSRedirectLocations)
 
 	return fmt.Sprintf(`{
@@ -1177,6 +1177,12 @@ func buildHTTPSListener(t interface{}, s interface{}) string {
 		return ""
 	}
 
+	/*
+		if server.SSLCert == nil && server.Hostname != "_" {
+			return ""
+		}
+	*/
+
 	co := commonListenOptions(tc, hostname)
 
 	addrV4 := []string{""}

internal/ingress/controller/template/template_test.go

@@ -17,20 +17,20 @@ limitations under the License.
 package template
 
 import (
+	"encoding/base64"
+	"fmt"
 	"io/ioutil"
 	"net"
 	"os"
 	"path"
+	"path/filepath"
 	"reflect"
 	"strings"
 	"testing"
 
-	"encoding/base64"
-	"fmt"
-
 	jsoniter "github.com/json-iterator/go"
 	networking "k8s.io/api/networking/v1beta1"
-	"k8s.io/ingress-nginx/internal/file"
+
 	"k8s.io/ingress-nginx/internal/ingress"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/authreq"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/influxdb"
@@ -39,8 +39,18 @@ import (
 	"k8s.io/ingress-nginx/internal/ingress/annotations/ratelimit"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/rewrite"
 	"k8s.io/ingress-nginx/internal/ingress/controller/config"
+	"k8s.io/ingress-nginx/internal/nginx"
 )
 
+func init() {
+	// the default value of nginx.TemplatePath assumes the template exists in
+	// the root filesystem and not in the rootfs directory
+	path, err := filepath.Abs(filepath.Join("../../../../rootfs/", nginx.TemplatePath))
+	if err == nil {
+		nginx.TemplatePath = path
+	}
+}
+
 var (
 	// TODO: add tests for SSLPassthrough
 	tmplFuncTestcases = map[string]struct {
@@ -435,16 +445,13 @@ func TestTemplateWithData(t *testing.T) {
 		dat.ListenPorts = &config.ListenPorts{}
 	}
 
-	fs, err := file.NewFakeFS()
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	ngxTpl, err := NewTemplate("/etc/nginx/template/nginx.tmpl", fs)
+	ngxTpl, err := NewTemplate(nginx.TemplatePath)
 	if err != nil {
 		t.Errorf("invalid NGINX template: %v", err)
 	}
 
+	dat.Cfg.DefaultSSLCertificate = &ingress.SSLCert{}
+
 	rt, err := ngxTpl.Write(dat)
 	if err != nil {
 		t.Errorf("invalid NGINX template: %v", err)
@@ -479,12 +486,7 @@ func BenchmarkTemplateWithData(b *testing.B) {
 		b.Errorf("unexpected error unmarshalling json: %v", err)
 	}
 
-	fs, err := file.NewFakeFS()
-	if err != nil {
-		b.Fatalf("unexpected error: %v", err)
-	}
-
-	ngxTpl, err := NewTemplate("/etc/nginx/template/nginx.tmpl", fs)
+	ngxTpl, err := NewTemplate(nginx.TemplatePath)
 	if err != nil {
 		b.Errorf("invalid NGINX template: %v", err)
 	}