Merge pull request #246 from aledbf/set-headers

Add support for custom proxy headers using a ConfigMap

controllers/nginx/pkg/cmd/controller/nginx.go

@@ -102,6 +102,8 @@ type NGINXController struct {
 
 	configmap *api.ConfigMap
 
+	storeLister ingress.StoreLister
+
 	binary string
 }
 
@@ -282,11 +284,16 @@ Error: %v
 	return nil
 }
 
-// SetConfig ...
+// SetConfig sets the configured configmap
 func (n *NGINXController) SetConfig(cmap *api.ConfigMap) {
 	n.configmap = cmap
 }
 
+// SetListers sets the configured store listers in the generic ingress controller
+func (n *NGINXController) SetListers(lister ingress.StoreLister) {
+	n.storeLister = lister
+}
+
 // OnUpdate is called by syncQueue in https://github.com/aledbf/ingress-controller/blob/master/pkg/ingress/controller/controller.go#L82
 // periodically to keep the configuration in sync.
 //
@@ -330,7 +337,20 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) ([]byte, er
 	// and we leave some room to avoid consuming all the FDs available
 	maxOpenFiles := (sysctlFSFileMax() / cfg.WorkerProcesses) - 1024
 
+	setHeaders := map[string]string{}
+	if cfg.ProxySetHeaders != "" {
+		cmap, exists, err := n.storeLister.ConfigMap.GetByKey(cfg.ProxySetHeaders)
+		if err != nil {
+			glog.Warningf("unexpected error reading configmap %v: %v", cfg.ProxySetHeaders, err)
+		}
+
+		if exists {
+			setHeaders = cmap.(*api.ConfigMap).Data
+		}
+	}
+
 	return n.t.Write(config.TemplateConfig{
+		ProxySetHeaders:     setHeaders,
 		MaxOpenFiles:        maxOpenFiles,
 		BacklogSize:         sysctlSomaxconn(),
 		Backends:            ingressCfg.Backends,

controllers/nginx/pkg/config/config.go

@@ -156,6 +156,9 @@ type Configuration struct {
 	// of your external load balancer
 	ProxyRealIPCIDR string `json:"proxy-real-ip-cidr,omitempty"`
 
+	// Sets the name of the configmap that contains the headers to pass to the backend
+	ProxySetHeaders string `json:"proxy-set-headers,omitempty"`
+
 	// Maximum size of the server names hash tables used in server names, map directive’s values,
 	// MIME types, names of request header strings, etcd.
 	// http://nginx.org/en/docs/hash.html
@@ -288,6 +291,7 @@ func NewDefault() Configuration {
 
 // TemplateConfig contains the nginx configuration to render the file nginx.conf
 type TemplateConfig struct {
+	ProxySetHeaders     map[string]string
 	MaxOpenFiles        int
 	BacklogSize         int
 	Backends            []*ingress.Backend

controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl

@@ -1,4 +1,4 @@
-{{ $cfg := .Cfg }}{{ $healthzURI := .HealthzURI }}{{ $backends := .Backends }}
+{{ $cfg := .Cfg }}{{ $healthzURI := .HealthzURI }}{{ $backends := .Backends }}{{ $proxyHeaders := .ProxySetHeaders }}
 daemon off;
 
 worker_processes {{ $cfg.WorkerProcesses }};
@@ -311,6 +311,11 @@ http {
             # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
             proxy_set_header Proxy                  "";
 
+            # Custom headers
+            {{ range $k, $v := $proxyHeaders }}
+            proxy_set_header {{ $k }}                    "{{ $v }}";
+            {{ end }}
+
             proxy_connect_timeout                   {{ $location.Proxy.ConnectTimeout }}s;
             proxy_send_timeout                      {{ $location.Proxy.SendTimeout }}s;
             proxy_read_timeout                      {{ $location.Proxy.ReadTimeout }}s;