Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow default_server listeners to be customised #4464

Merged
merged 18 commits into from
Oct 12, 2023
Merged

Allow default_server listeners to be customised #4464

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
06f7992
Add CLI arguments for configuring ports for default server
shaun-nx Sep 29, 2023
a036918
Merge branch 'main' into feat/defaultServerListenerPorts
shaun-nx Sep 29, 2023
81f3db7
Add cli argument to remove default listeners
shaun-nx Oct 3, 2023
bb25cfd
Ensure 404 code in tests and update JSON schema
shaun-nx Oct 3, 2023
8b0d555
Remove wait_before_test
shaun-nx Oct 3, 2023
c95bfb2
Merge branch 'main' into feat/defaultServerListenerPorts
shaun-nx Oct 3, 2023
e5b073d
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Oct 3, 2023
8c287cc
Revert values.yaml
shaun-nx Oct 3, 2023
9a1379c
Remove marker
shaun-nx Oct 3, 2023
6872134
Merge branch 'main' into feat/defaultServerListenerPorts
shaun-nx Oct 3, 2023
86c3882
Merge branch 'main' into feat/defaultServerListenerPorts
shaun-nx Oct 3, 2023
25bab3a
Merge branch 'main' into feat/defaultServerListenerPorts
shaun-nx Oct 11, 2023
ac567c5
Add CLI arguments for configuring ports for default server
shaun-nx Oct 11, 2023
b4c79c0
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Oct 11, 2023
a50c825
Remove old flag from doc
shaun-nx Oct 11, 2023
1d8d408
Fix README
shaun-nx Oct 11, 2023
7a9f583
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Oct 11, 2023
b373126
Merge branch 'main' into feat/defaultServerListenerPorts
shaun-nx Oct 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add CLI arguments for configuring ports for default server
  • Loading branch information
@shaun-nx
shaun-nx committed Oct 11, 2023
commit ac567c58f44160ec159454db149a03b868d83a22
280 changes: 141 additions & 139 deletions charts/nginx-ingress/README.md
View file
Open in desktop

Large diffs are not rendered by default.

3 changes: 2 additions & 1 deletion charts/nginx-ingress/templates/controller-daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,8 @@ spec:
- -enable-cert-manager={{ .Values.controller.enableCertManager }}
- -enable-oidc={{ .Values.controller.enableOIDC }}
- -enable-external-dns={{ .Values.controller.enableExternalDNS }}
- -disable-default-listeners={{ .Values.controller.disableDefaultListeners }}
- -default-http-listener-port={{ .Values.controller.defaultHTTPListenerPort}}
- -default-https-listener-port={{ .Values.controller.defaultHTTPSListenerPort}}
{{- if .Values.controller.globalConfiguration.create }}
- -global-configuration=$(POD_NAMESPACE)/{{ include "nginx-ingress.controller.fullname" . }}
{{- end }}
Expand Down
3 changes: 2 additions & 1 deletion charts/nginx-ingress/templates/controller-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,8 @@ spec:
- -enable-cert-manager={{ .Values.controller.enableCertManager }}
- -enable-oidc={{ .Values.controller.enableOIDC }}
- -enable-external-dns={{ .Values.controller.enableExternalDNS }}
- -disable-default-listeners={{ .Values.controller.disableDefaultListeners }}
- -default-http-listener-port={{ .Values.controller.defaultHTTPListenerPort}}
- -default-https-listener-port={{ .Values.controller.defaultHTTPSListenerPort}}
{{- if .Values.controller.globalConfiguration.create }}
- -global-configuration=$(POD_NAMESPACE)/{{ include "nginx-ingress.controller.fullname" . }}
{{- end }}
Expand Down
24 changes: 17 additions & 7 deletions charts/nginx-ingress/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1262,12 +1262,20 @@
false
]
},
"disableDefaultListeners": {
"type": "boolean",
"default": false,
"title": "The disableDefaultListeners",
"defaultHTTPListenerPort": {
"type": "integer",
"default": 80,
"title": "The defaultHTTPListenerPort",
"examples": [
false
80
]
},
"defaultHTTPSListenerPort": {
"type": "integer",
"default": 443,
"title": "The defaultHTTPSListenerPort",
"examples": [
443
]
},
"readOnlyRootFilesystem": {
Expand Down Expand Up @@ -1419,7 +1427,8 @@
},
"enableLatencyMetrics": false,
"disableIPV6": false,
"disableDefaultListeners": false,
"defaultHTTPListenerPort": 80,
"defaultHTTPSListenerPort": 443,
"readOnlyRootFilesystem": false
}
]
Expand Down Expand Up @@ -1785,7 +1794,8 @@
},
"enableLatencyMetrics": false,
"disableIPV6": false,
"disableDefaultListeners": false,
"defaultHTTPListenerPort": 80,
"defaultHTTPSListenerPort": 443,
"readOnlyRootFilesystem": false
},
"rbac": {
Expand Down
7 changes: 5 additions & 2 deletions charts/nginx-ingress/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -443,8 +443,11 @@ controller:
## Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack.
disableIPV6: false

## Disable both HTTP and HTTPS default server listeners.
disableDefaultListeners: false
## Sets the port for the HTTP `default_server` listener.
defaultHTTPListenerPort: 80

## Sets the port for the HTTPS `default_server` listener.
defaultHTTPSListenerPort: 443

## Configure root filesystem as read-only and add volumes for temporary data.
readOnlyRootFilesystem: false
Expand Down
5 changes: 3 additions & 2 deletions cmd/nginx-ingress/flags.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,8 +194,9 @@ var (
disableIPV6 = flag.Bool("disable-ipv6", false,
`Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack`)

disableDefaultListeners = flag.Bool("disable-default-listeners", false,
`Disable port 80 and 443 default_server listeners`)
defaultHTTPListenerPort = flag.Int("default-http-listener-port", 80, "Sets a custom port for the HTTP NGINX `default_server`. [1024 - 65535]")

defaultHTTPSListenerPort = flag.Int("default-https-listener-port", 443, "Sets a custom port for the HTTPS `default_server`. [1024 - 65535]")

startupCheckFn func() error
)
Expand Down
3 changes: 2 additions & 1 deletion cmd/nginx-ingress/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,8 @@ func main() {

staticCfgParams := &configs.StaticConfigParams{
DisableIPV6: *disableIPV6,
DisableDefaultListeners: *disableDefaultListeners,
DefaultHTTPListenerPort: *defaultHTTPListenerPort,
DefaultHTTPSListenerPort: *defaultHTTPSListenerPort,
HealthStatus: *healthStatus,
HealthStatusURI: *healthStatusURI,
NginxStatus: *nginxStatus,
Expand Down
16 changes: 12 additions & 4 deletions docs/content/configuration/global-configuration/command-line-arguments.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -509,10 +509,18 @@ Default `false`.
 
<a name="cmdoption-disable-ipv6"></a>

### -disable-default-listeners
### -default-http-listener-port

Disable both HTTP and HTTPS default server listeners.
Sets the port for the HTTP `default_server` listener.

Default `false`.
Default `80`.
&nbsp;
<a name="cmdoption-default-http-listener-port"></a>

### -default-https-listener-port

Sets the port for the HTTPS `default_server` listener.

Default `443`.
&nbsp;
<a name="cmdoption-disable-default-listeners"></a>
<a name="cmdoption-default-https-listener-port"></a>
3 changes: 2 additions & 1 deletion internal/configs/config_params.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,8 @@ type ConfigParams struct {
// StaticConfigParams holds immutable NGINX configuration parameters that affect the main NGINX config.
type StaticConfigParams struct {
DisableIPV6 bool
DisableDefaultListeners bool
DefaultHTTPListenerPort int
DefaultHTTPSListenerPort int
HealthStatus bool
HealthStatusURI string
NginxStatus bool
Expand Down
3 changes: 2 additions & 1 deletion internal/configs/configmaps.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -514,7 +514,8 @@ func GenerateNginxMainConfig(staticCfgParams *StaticConfigParams, config *Config
DefaultServerAccessLogOff: config.DefaultServerAccessLogOff,
DefaultServerReturn: config.DefaultServerReturn,
DisableIPV6: staticCfgParams.DisableIPV6,
DisableDefaultListeners: staticCfgParams.DisableDefaultListeners,
DefaultHTTPListenerPort: staticCfgParams.DefaultHTTPListenerPort,
DefaultHTTPSListenerPort: staticCfgParams.DefaultHTTPSListenerPort,
ErrorLogLevel: config.MainErrorLogLevel,
HealthStatus: staticCfgParams.HealthStatus,
HealthStatusURI: staticCfgParams.HealthStatusURI,
Expand Down
3 changes: 2 additions & 1 deletion internal/configs/version1/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,8 @@ type MainConfig struct {
DefaultServerAccessLogOff bool
DefaultServerReturn string
DisableIPV6 bool
DisableDefaultListeners bool
DefaultHTTPListenerPort int
DefaultHTTPSListenerPort int
ErrorLogLevel string
HealthStatus bool
HealthStatusURI string
Expand Down
12 changes: 4 additions & 8 deletions internal/configs/version1/nginx-plus.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,20 +153,16 @@ http {
set $resource_namespace "";
set $service "";

{{if not .DisableDefaultListeners}}
listen 80 default_server{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:80 default_server{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{end}}
listen {{ .DefaultHTTPListenerPort }} default_server{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:{{ .DefaultHTTPListenerPort }} default_server{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}

{{if .TLSPassthrough}}
listen unix:/var/lib/nginx/passthrough-https.sock ssl default_server{{if .HTTP2}} http2{{end}} proxy_protocol;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
{{else}}
{{if not .DisableDefaultListeners}}
listen 443 ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:443 ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{end}}
listen {{ .DefaultHTTPSListenerPort }} ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:{{ .DefaultHTTPSListenerPort }} ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{end}}

{{if .SSLRejectHandshake}}
Expand Down
12 changes: 4 additions & 8 deletions internal/configs/version1/nginx.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,20 +106,16 @@ http {
set $resource_namespace "";
set $service "";

{{if not .DisableDefaultListeners}}
listen 80 default_server{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:80 default_server{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{end}}
listen {{ .DefaultHTTPListenerPort}} default_server{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:{{ .DefaultHTTPListenerPort}} default_server{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}

{{if .TLSPassthrough}}
listen unix:/var/lib/nginx/passthrough-https.sock ssl default_server{{if .HTTP2}} http2{{end}} proxy_protocol;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
{{else}}
{{if not .DisableDefaultListeners}}
listen 443 ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:443 ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{end}}
listen {{ .DefaultHTTPSListenerPort}} ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:{{ .DefaultHTTPSListenerPort}} ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{end}}

{{if .SSLRejectHandshake}}
Expand Down
Loading
Loading