Fix nginx ssl params #3323
Closed
Fix nginx ssl params #3323
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi, Thank you for the suggestion. However, I do not believe we can accept it. See this comment for context (it is about a similar patch), and the subsequent one as well. |
|
Long story short, we try to shy away from making every nginx directive configurable because it is unmaintainable and unreasonable. We will try to come up with a different solution. Our ideal one is presented in #2355 if you are curious, but the end result might be a mix of |
|
yes, that makes sense! |
hbagdi
added a commit
that referenced
this pull request
Jun 11, 2018
Problem ------- Kong ships with an NGINX template which is rendered when Kong starts. There exists no mechanisms to add/update any NGINX directive to the `nginx.conf` used to run Kong. To change or add any directive, user has to use a custom NGINX template which has to be synced with Kong for a release which introduces changes to Kong's template. Including options in `kong.conf` to configure NGINX directives is not a good solution since the list will be endless. This problem can be seen in #3010, #3323 and #3382. Solution -------- There needs to be a flexible way to specify any NGINX directive via Kong's config file without Kong needing to maintain a list of all NGINX directives. While a clean and ideal solution would be #2355, this commit adopts a simpler as discussed like the one proposed in #2675. NGINX directives can be specified using config variables with prefixes, which help determine the block in which to place a directive. eg: `nginx_proxy_add_header=Header-Name header-value` will add a `add_header Header-Name header-value;` directive in the proxy server block of Kong. `nginx_http_lua_shared_dict=custom_cache 2k` will add a a `lua_shared_dict custom_cache 2k;` directive to HTTP block of Kong.s
thibaultcha
pushed a commit
that referenced
this pull request
Jun 13, 2018
Problem ------- Kong ships with an NGINX template which is rendered when Kong starts. There exists no mechanisms to add/update arbitrary NGINX directives to the `nginx.conf` used to run Kong. To change or add any directive, user has to use a custom NGINX template which has to be synced with Kong for a release which introduces changes to Kong's template. Including options in `kong.conf` to configure NGINX directives is not a good solution since the list will be endless. This problem can be seen in #3010, #3323, and #3382. Proposed Solution ----------------- Proposed in #3382: There needs to be a flexible way to specify any NGINX directive via Kong's config file without Kong needing to maintain a list of all NGINX directives. While a clean and ideal solution would be #2355, this commit adopts a simpler approach as described in #3382, and keeps solutions similar to the one proposed in #2675 possible (by way of injecting an `include` directive). NGINX directives can be specified using config variables with prefixes, which helps determine the block in which to place a directive. E.g.: * `nginx_proxy_add_header=Header-Name header-value` will add a `add_header Header-Name header-value;` directive in the proxy `server` block of Kong. * `nginx_http_lua_shared_dict=custom_cache 2k` will add a `lua_shared_dict custom_cache 2k;` directive to `http` block of Kong.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
NOTE: Please read the CONTRIBUTING.md guidelines before submitting your patch,
and ensure you followed them all:
https://github.com/Kong/kong/blob/master/CONTRIBUTING.md#contributing
Summary
Parameterize nginx SSL params, so the user can override the values as required
Full changelog
Issues resolved
Fix #XXX