Can't load custom nginx configuration

[bivdub]

Summary

We use some custom nginx configurations in our installation, but whether I copy over the default configurations with the new configurations, specify the configuration with the nginx-conf flag, or do the same after deleting the default configurations, the startup process seems to rebuild the default nginx configuration files and use those values. We use docker for installation and copy our custom configurations from the dockerfile.

Steps To Reproduce

1. Add a custom nginx.conf and nginx-kong.conf file to /etc/kong (or another directory
2. run "kong start --nginx-conf /etc/kong/nginx.conf" (or whatever directory it was put in)
3. check host:8001 and you'll see "kong_conf": "/usr/local/kong/kong.conf" listed or run kong compile and look for custom nginx configuration.

ALTERNATE

1. Inside the docker container, replace /usr/local/kong/nginx-kong.conf with custom configuration file
2. run "kong start"
3. vi /usr/local/kong/nginx-kong.conf and it has been overwritten with the default nginx-kong.conf file.

Additional Details & Logs

• Kong version 9.2
• OS - Mac OSX Yosemite on my machine, CentOS 7 on docker container

Let me know if you need more info from me.

[thibaultcha]

Could we see the actual kong compile command being ran (eventually with debug output), and the result?

[bivdub]

[root@04045006967f kong]# kong compile
resolver 127.0.0.1:8053 ipv6=off;
charset UTF-8;

error_log logs/error.log notice;
access_log logs/access.log;

error_log syslog:server=kong-hf.mashape.com:61828 error;


client_max_body_size 0;
proxy_ssl_server_name on;
underscores_in_headers on;

real_ip_header X-Forwarded-For;
set_real_ip_from 0.0.0.0/0;
real_ip_recursive on;

lua_package_path '?/init.lua;./kong/?.lua;;';
lua_package_cpath ';;';
lua_code_cache on;
lua_max_running_timers 4096;
lua_max_pending_timers 16384;
lua_shared_dict cache 128m;
lua_shared_dict reports_locks 100k;
lua_shared_dict cluster_locks 100k;
lua_shared_dict cluster_autojoin_locks 100k;
lua_shared_dict cache_locks 100k;
lua_shared_dict cassandra 1m;
lua_shared_dict cassandra_prepared 5m;
lua_socket_log_errors off;

init_by_lua_block {
    require 'resty.core'
    kong = require 'kong'
    kong.init()
}

init_worker_by_lua_block {
    kong.init_worker()
}

server {
    server_name kong;
    listen 0.0.0.0:8000;
    error_page 404 408 411 412 413 414 417 /kong_error_handler;
    error_page 500 502 503 504 /kong_error_handler;

    listen 0.0.0.0:8443 ssl;
    ssl_certificate ;
    ssl_certificate_key ;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_certificate_by_lua_block {
        kong.ssl_certificate()
    }

    location / {
        set $upstream_host nil;
        set $upstream_url nil;

        access_by_lua_block {
            kong.access()
        }

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $upstream_host;
        proxy_pass_header Server;
        proxy_pass $upstream_url;

        header_filter_by_lua_block {
            kong.header_filter()
        }

        body_filter_by_lua_block {
            kong.body_filter()
        }

        log_by_lua_block {
            kong.log()
        }
    }

    location = /kong_error_handler {
        internal;
        content_by_lua_block {
            require('kong.core.error_handlers')(ngx)
        }
    }
}

server {
    server_name kong_admin;
    listen 0.0.0.0:8001;

    client_max_body_size 10m;
    client_body_buffer_size 10m;

    location / {
        default_type application/json;
        content_by_lua_block {
            ngx.header['Access-Control-Allow-Origin'] = '*'
            if ngx.req.get_method() == 'OPTIONS' then
                ngx.header['Access-Control-Allow-Methods'] = 'GET,HEAD,PUT,PATCH,POST,DELETE'
                ngx.header['Access-Control-Allow-Headers'] = 'Content-Type'
                ngx.exit(204)
            end

            ngx.log(ngx.DEBUG, 'Loading Admin API endpoints')
            require('lapis').serve('kong.api')
        }
    }

    location /nginx_status {
        internal;
        access_log off;
        stub_status;
    }

    location /robots.txt {
        return 200 'User-agent: *\nDisallow: /';
    }
}

[thibaultcha]

Right, kong compile will always use the default nginx configuration. Its purpose is to embed the Kong configuration block inside an already running OpenResty.

check host:8001 and you'll see "kong_conf": "/usr/local/kong/kong.conf" listed or run kong compile and look for custom nginx configuration.

This is actually fine.

What I think the issue is, is that if you wish to modify the Kong part of the Nginx configuration, you'll need to inline it in your nginx.conf template, as documented here

[bivdub]

Hey sorry I forgot to get back to you last week, but I did get this figured out by just inlining all the configs. Had issues with the include since we were overwriting some of the logging stuff.

[passos]

kong compile always overwriting the nginx-kong.conf is a really wired feature. Since the configuration file is already generated and it's ok to embed the kong configuration file into nginx, why don't allow user to modify the configuration file? Or, user can modify the "source" file to keep the change after kong compile.

if I want to add another location handler by lua in kong, how can I make it?

[thibaultcha]

This file is compiled from the template. As documented in the link posted here a few months ago.

[passos]

@thibaultcha Thanks for the comment. Just has one suggestion for this, put the default template file into /usr/local/kong/conf.template or whatever the directory name you like and use them for kong compile and put the generated .conf file into /usr/local/kong/conf.gen.

The reason is that in the kong compile document

Example usage:
 kong compile -c kong.conf > /usr/local/openresty/nginx-kong.conf
... ...
Options:
 -c,--conf (optional string) configuration file
... ...

The file name used in the example is kong.conf. It says it's a configuration file. But actually it's not. I think it's a configuration template file which is used to generate a configuration file. This is very different.

And the default template file which kong compile used and shipped with rpm file is at /usr/local/share/lua/5.1/kong/templates/, which is a little bit hard to find. And I didn't find any document about it.

They have different extension name lua and conf. It's confused. I think it's better to put the configuration template file into application directory instead of library directory so that user can easily find it and modify it.

Thanks.

[thibaultcha]

@passos Thanks for the suggestion. Mind taking a look at #2355 which is the long term plan for all such things Nginx/Kong configurations-related? Thank you!

[zffocussss]

same here

[steve-chavez]

kong compile doesn't work anymore. What's the new command for checking the generated nginx config?

Edit: Found the generated config at /usr/local/kong/nginx-kong.conf.