Add support for temporal and permanent redirects
This commit is contained in:
Manuel de Brito Fontes
parent
f6413e292f
commit
ed68194688
12 changed files with 232 additions and 33 deletions
|
|
@ -446,7 +446,6 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
|
|||
IP: svc.Spec.ClusterIP,
|
||||
Port: port,
|
||||
ProxyProtocol: false,
|
||||
|
||||
})
|
||||
}
|
||||
|
||||
|
|
@ -467,11 +466,33 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
|
|||
// https://trac.nginx.org/nginx/ticket/631
|
||||
var longestName int
|
||||
var serverNameBytes int
|
||||
redirectServers := make(map[string]string)
|
||||
for _, srv := range ingressCfg.Servers {
|
||||
if longestName < len(srv.Hostname) {
|
||||
longestName = len(srv.Hostname)
|
||||
}
|
||||
serverNameBytes += len(srv.Hostname)
|
||||
if srv.RedirectFromToWWW {
|
||||
var n string
|
||||
if strings.HasPrefix(srv.Hostname, "www.") {
|
||||
n = strings.TrimLeft(srv.Hostname, "www.")
|
||||
} else {
|
||||
n = fmt.Sprintf("www.%v", srv.Hostname)
|
||||
}
|
||||
glog.V(3).Infof("creating redirect from %v to", srv.Hostname, n)
|
||||
if _, ok := redirectServers[n]; !ok {
|
||||
found := false
|
||||
for _, esrv := range ingressCfg.Servers {
|
||||
if esrv.Hostname == n {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
redirectServers[n] = srv.Hostname
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if cfg.ServerNameHashBucketSize == 0 {
|
||||
nameHashBucketSize := nginxHashBucketSize(longestName)
|
||||
|
|
@ -562,6 +583,7 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
|
|||
CustomErrors: len(cfg.CustomHTTPErrors) > 0,
|
||||
Cfg: cfg,
|
||||
IsIPV6Enabled: n.isIPV6Enabled && !cfg.DisableIpv6,
|
||||
RedirectServers: redirectServers,
|
||||
}
|
||||
|
||||
// We need to extract the endpoints to be used in the fastcgi error handler
|
||||
|
|
|
|||
|
|
@ -428,4 +428,5 @@ type TemplateConfig struct {
|
|||
CustomErrors bool
|
||||
Cfg Configuration
|
||||
IsIPV6Enabled bool
|
||||
RedirectServers map[string]string
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,11 +27,10 @@ import (
|
|||
"strings"
|
||||
text_template "text/template"
|
||||
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
|
||||
"github.com/golang/glog"
|
||||
|
||||
"github.com/pborman/uuid"
|
||||
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
"k8s.io/ingress/controllers/nginx/pkg/config"
|
||||
"k8s.io/ingress/core/pkg/ingress"
|
||||
ing_net "k8s.io/ingress/core/pkg/net"
|
||||
|
|
@ -148,7 +147,7 @@ var (
|
|||
"formatIP": formatIP,
|
||||
"buildNextUpstream": buildNextUpstream,
|
||||
"serverConfig": func(all config.TemplateConfig, server *ingress.Server) interface{} {
|
||||
return struct { First, Second interface{} } { all, server }
|
||||
return struct{ First, Second interface{} }{all, server}
|
||||
},
|
||||
}
|
||||
)
|
||||
|
|
@ -197,7 +196,7 @@ func buildLocation(input interface{}) string {
|
|||
}
|
||||
|
||||
path := location.Path
|
||||
if len(location.Redirect.Target) > 0 && location.Redirect.Target != path {
|
||||
if len(location.Rewrite.Target) > 0 && location.Rewrite.Target != path {
|
||||
if path == slash {
|
||||
return fmt.Sprintf("~* %s", path)
|
||||
}
|
||||
|
|
@ -290,7 +289,7 @@ func buildProxyPass(host string, b interface{}, loc interface{}) string {
|
|||
// defProxyPass returns the default proxy_pass, just the name of the upstream
|
||||
defProxyPass := fmt.Sprintf("proxy_pass %s://%s;", proto, upstreamName)
|
||||
// if the path in the ingress rule is equals to the target: no special rewrite
|
||||
if path == location.Redirect.Target {
|
||||
if path == location.Rewrite.Target {
|
||||
return defProxyPass
|
||||
}
|
||||
|
||||
|
|
@ -298,9 +297,9 @@ func buildProxyPass(host string, b interface{}, loc interface{}) string {
|
|||
path = fmt.Sprintf("%s/", path)
|
||||
}
|
||||
|
||||
if len(location.Redirect.Target) > 0 {
|
||||
if len(location.Rewrite.Target) > 0 {
|
||||
abu := ""
|
||||
if location.Redirect.AddBaseURL {
|
||||
if location.Rewrite.AddBaseURL {
|
||||
// path has a slash suffix, so that it can be connected with baseuri directly
|
||||
bPath := fmt.Sprintf("%s%s", path, "$baseuri")
|
||||
abu = fmt.Sprintf(`subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host%v">' r;
|
||||
|
|
@ -308,7 +307,7 @@ func buildProxyPass(host string, b interface{}, loc interface{}) string {
|
|||
`, bPath, bPath)
|
||||
}
|
||||
|
||||
if location.Redirect.Target == slash {
|
||||
if location.Rewrite.Target == slash {
|
||||
// special case redirect to /
|
||||
// ie /something to /
|
||||
return fmt.Sprintf(`
|
||||
|
|
@ -321,7 +320,7 @@ func buildProxyPass(host string, b interface{}, loc interface{}) string {
|
|||
return fmt.Sprintf(`
|
||||
rewrite %s(.*) %s/$1 break;
|
||||
proxy_pass %s://%s;
|
||||
%v`, path, location.Redirect.Target, proto, upstreamName, abu)
|
||||
%v`, path, location.Rewrite.Target, proto, upstreamName, abu)
|
||||
}
|
||||
|
||||
// default proxy_pass
|
||||
|
|
@ -502,4 +501,4 @@ func buildNextUpstream(input interface{}) string {
|
|||
}
|
||||
|
||||
return strings.Join(nextUpstreamCodes, " ")
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,14 +18,13 @@ package template
|
|||
|
||||
import (
|
||||
"encoding/json"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path"
|
||||
"reflect"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"io/ioutil"
|
||||
|
||||
"k8s.io/ingress/controllers/nginx/pkg/config"
|
||||
"k8s.io/ingress/core/pkg/ingress"
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/authreq"
|
||||
|
|
@ -110,8 +109,8 @@ func TestFormatIP(t *testing.T) {
|
|||
func TestBuildLocation(t *testing.T) {
|
||||
for k, tc := range tmplFuncTestcases {
|
||||
loc := &ingress.Location{
|
||||
Path: tc.Path,
|
||||
Redirect: rewrite.Redirect{Target: tc.Target, AddBaseURL: tc.AddBaseURL},
|
||||
Path: tc.Path,
|
||||
Rewrite: rewrite.Redirect{Target: tc.Target, AddBaseURL: tc.AddBaseURL},
|
||||
}
|
||||
|
||||
newLoc := buildLocation(loc)
|
||||
|
|
@ -124,9 +123,9 @@ func TestBuildLocation(t *testing.T) {
|
|||
func TestBuildProxyPass(t *testing.T) {
|
||||
for k, tc := range tmplFuncTestcases {
|
||||
loc := &ingress.Location{
|
||||
Path: tc.Path,
|
||||
Redirect: rewrite.Redirect{Target: tc.Target, AddBaseURL: tc.AddBaseURL},
|
||||
Backend: "upstream-name",
|
||||
Path: tc.Path,
|
||||
Rewrite: rewrite.Redirect{Target: tc.Target, AddBaseURL: tc.AddBaseURL},
|
||||
Backend: "upstream-name",
|
||||
}
|
||||
|
||||
pp := buildProxyPass("", []*ingress.Backend{}, loc)
|
||||
|
|
|
|||
|
|
@ -290,6 +290,20 @@ http {
|
|||
{{ $zone }}
|
||||
{{ end }}
|
||||
|
||||
{{/* Build server redirects (from/to www) */}}
|
||||
{{ range $hostname, $to := .RedirectServers }}
|
||||
server {
|
||||
listen 80{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }};
|
||||
listen 442{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }} ssl;
|
||||
{{ if $IsIPV6Enabled }}
|
||||
listen [::]:80{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }};
|
||||
listen [::]:442{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }};
|
||||
{{ end }}
|
||||
server_name {{ $hostname }};
|
||||
return 301 $scheme://{{ $to }}$request_uri;
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
{{ $backlogSize := .BacklogSize }}
|
||||
{{ range $index, $server := $servers }}
|
||||
server {
|
||||
|
|
@ -510,9 +524,9 @@ stream {
|
|||
ssl_verify_depth {{ $location.CertificateAuth.ValidationDepth }};
|
||||
{{ end }}
|
||||
|
||||
{{ if not (empty $location.Redirect.AppRoot)}}
|
||||
{{ if not (empty $location.Rewrite.AppRoot)}}
|
||||
if ($uri = /) {
|
||||
return 302 {{ $location.Redirect.AppRoot }};
|
||||
return 302 {{ $location.Rewrite.AppRoot }};
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
|
|
@ -536,7 +550,6 @@ stream {
|
|||
|
||||
client_max_body_size "{{ $location.Proxy.BodySize }}";
|
||||
|
||||
|
||||
set $target {{ $location.ExternalAuth.URL }};
|
||||
proxy_pass $target;
|
||||
}
|
||||
|
|
@ -545,7 +558,7 @@ stream {
|
|||
location {{ $path }} {
|
||||
set $proxy_upstream_name "{{ buildUpstreamName $server.Hostname $all.Backends $location }}";
|
||||
|
||||
{{ if (or $location.Redirect.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect)) }}
|
||||
{{ if (or $location.Rewrite.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Rewrite.SSLRedirect)) }}
|
||||
# enforce ssl on server side
|
||||
if ($pass_access_scheme = http) {
|
||||
return 301 https://$best_http_host$request_uri;
|
||||
|
|
@ -575,7 +588,6 @@ stream {
|
|||
error_page 401 = {{ $location.ExternalAuth.SigninURL }}?rd=$request_uri;
|
||||
{{ end }}
|
||||
|
||||
|
||||
{{/* if the location contains a rate limit annotation, create one */}}
|
||||
{{ $limits := buildRateLimit $location }}
|
||||
{{ range $limit := $limits }}
|
||||
|
|
@ -596,6 +608,12 @@ stream {
|
|||
{{ template "CORS" }}
|
||||
{{ end }}
|
||||
|
||||
{{ if not (empty $location.Redirect.URL) }}
|
||||
if ($uri ~* {{ $path }}) {
|
||||
return {{ $location.Redirect.Code }} {{ $location.Redirect.URL }};
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
client_max_body_size "{{ $location.Proxy.BodySize }}";
|
||||
|
||||
proxy_set_header Host $best_http_host;
|
||||
|
|
@ -644,7 +662,7 @@ stream {
|
|||
proxy_next_upstream {{ buildNextUpstream $location.Proxy.NextUpstream }}{{ if $all.Cfg.RetryNonIdempotent }} non_idempotent{{ end }};
|
||||
|
||||
{{/* rewrite only works if the content is not compressed */}}
|
||||
{{ if $location.Redirect.AddBaseURL }}
|
||||
{{ if $location.Rewrite.AddBaseURL }}
|
||||
proxy_set_header Accept-Encoding "";
|
||||
{{ end }}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue