diff --git a/README.md b/README.md
index c6fd3c6..ac54058 100644
--- a/README.md
+++ b/README.md
@@ -262,6 +262,10 @@ _Note that Kubernetes annotation maps are all of Go type `map[string]string`. A
| deis-router | deployment | [router.deis.io/nginx.ssl.hsts.maxAge](#ssl-hsts-max-age) | `"10886400"` | Maximum number of seconds user agents should observe HSTS rewrites. |
| deis-router | deployment | [router.deis.io/nginx.ssl.hsts.includeSubDomains](#ssl-hsts-include-sub-domains) | `"false"` | Whether to enforce HSTS for subsequent requests to all subdomains of the original request. |
| deis-router | deployment | [router.deis.io/nginx.ssl.hsts.preload](#ssl-hsts-preload) | `"false"` | Whether to allow the domain to be included in the HSTS preload list. |
+| deis-router | deployment | [router.deis.io/nginx.proxyBuffers.enabled](#proxy-buffers-enabled) | `"false"` | Whether to enabled proxy buffering for all applications (this can be overridden on an application basis). |
+| deis-router | deployment | [router.deis.io/nginx.proxyBuffers.number](#proxy-buffers-number) | `"8"` | `number` argument to the nginx `proxy_buffers` directive for all applications (this can be overridden on an application basis). |
+| deis-router | deployment | [router.deis.io/nginx.proxyBuffers.size](#proxy-buffers-size) | `"4k"` | `size` argument to the nginx `proxy_buffers` directive expressed in bytes (no suffix), kilobytes (suffixes `k` and `K`), or megabytes (suffixes `m` and `M`). This setting applies to all applications, but can be overridden on an application basis. |
+| deis-router | deployment | [router.deis.io/nginx.proxyBuffers.busySize](#proxy-buffers-busy-size) | `"8k"` | nginx `proxy_busy_buffers_size` expressed in bytes (no suffix), kilobytes (suffixes `k` and `K`), or megabytes (suffixes `m` and `M`). This setting applies to all applications, but can be overridden on an application basis. |
| deis-builder | service | [router.deis.io/nginx.connectTimeout](#builder-connect-timeout) | `"10s"` | nginx `proxy_connect_timeout` setting expressed in units `ms`, `s`, `m`, `h`, `d`, `w`, `M`, or `y`. |
| deis-builder | service | [router.deis.io/nginx.tcpTimeout](#builder-tcp-timeout) | `"1200s"` | nginx `proxy_timeout` setting expressed in units `ms`, `s`, `m`, `h`, `d`, `w`, `M`, or `y`. |
| routable application | service | [router.deis.io/domains](#app-domains) | N/A | Comma-delimited list of domains for which traffic should be routed to the application. These may be fully qualified (e.g. `foo.example.com`) or, if not containing any `.` character, will be considered subdomains of the router's domain, if that is defined. |
@@ -271,6 +275,10 @@ _Note that Kubernetes annotation maps are all of Go type `map[string]string`. A
| routable application | service | [router.deis.io/tcpTimeout](#app-tcp-timeout) | router's `defaultTimeout` | nginx `proxy_send_timeout` and `proxy_read_timeout` settings expressed in units `ms`, `s`, `m`, `h`, `d`, `w`, `M`, or `y`. |
| routable application | service | [router.deis.io/maintenance](#app-maintenance) | `"false"` | Whether the app is under maintenance so that all traffic for this app is redirected to a static maintenance page with an error code of `503`. |
| routable application | service | [router.deis.io/ssl.enforce](#ssl-enforce) | `"false"` | Whether to respond with a 301 for all HTTP requests with a permanent redirect to the HTTPS equivalent address. |
+| routable application | service | [router.deis.io/nginx.proxyBuffers.enabled](#app-nginx-proxy-buffers-enabled) | `"false"` | Whether to enabled proxy buffering. This can be used to override the same option set globally on the router. |
+| routable application | service | [router.deis.io/nginx.proxyBuffers.number](#app-nginx-proxy-buffers-number) | `"8"` | `number` argument to the nginx `proxy_buffers` directive. This can be used to override the same option set globally on the router. |
+| routable application | service | [router.deis.io/nginx.proxyBuffers.size](#app-nginx-proxy-buffers-size) | `"4k"` | `size` argument to the nginx `proxy_buffers` directive expressed in bytes (no suffix), kilobytes (suffixes `k` and `K`), or megabytes (suffixes `m` and `M`). This can be used to override the same option set globally on the router. |
+| routable application | service | [router.deis.io/nginx.proxyBuffers.busySize](#app-nginx-proxy-buffers-busy-size) | `"8k"` | nginx `proxy_busy_buffers_size` expressed in bytes (no suffix), kilobytes (suffixes `k` and `K`), or megabytes (suffixes `m` and `M`). This can be used to override the same option set globally on the router. |
#### Annotations by example
diff --git a/model/model.go b/model/model.go
index 5538e88..6dde109 100644
--- a/model/model.go
+++ b/model/model.go
@@ -1,6 +1,8 @@
package model
import (
+ "bytes"
+ "encoding/gob"
"fmt"
"log"
"strings"
@@ -60,11 +62,16 @@ type RouterConfig struct {
AppConfigs []*AppConfig
BuilderConfig *BuilderConfig
PlatformCertificate *Certificate
- HTTP2Enabled bool `key:"http2Enabled" constraint:"(?i)^(true|false)$"`
- LogFormat string `key:"logFormat"`
+ HTTP2Enabled bool `key:"http2Enabled" constraint:"(?i)^(true|false)$"`
+ LogFormat string `key:"logFormat"`
+ ProxyBuffersConfig *ProxyBuffersConfig `key:"proxyBuffers"`
}
-func newRouterConfig() *RouterConfig {
+func newRouterConfig() (*RouterConfig, error) {
+ proxyBuffersConfig, err := newProxyBuffersConfig(nil)
+ if err != nil {
+ return nil, err
+ }
return &RouterConfig{
WorkerProcesses: "auto",
MaxWorkerConnections: "768",
@@ -87,7 +94,8 @@ func newRouterConfig() *RouterConfig {
DefaultServiceIP: "",
HTTP2Enabled: true,
LogFormat: `[$time_iso8601] - $app_name - $remote_addr - $remote_user - $status - "$request" - $bytes_sent - "$http_referer" - "$http_user_agent" - "$server_name" - $upstream_addr - $http_host - $upstream_response_time - $request_time`,
- }
+ ProxyBuffersConfig: proxyBuffersConfig,
+ }, nil
}
// GzipConfig encapsulates gzip configuration.
@@ -126,17 +134,23 @@ type AppConfig struct {
CertMappings map[string]string `key:"certificates" constraint:"(?i)^((([a-z0-9]+(-*[a-z0-9]+)*)|((\\*\\.)?[a-z0-9]+(-*[a-z0-9]+)*\\.)+[a-z0-9]+(-*[a-z0-9]+)+):([a-z0-9]+(-*[a-z0-9]+)*)(\\s*,\\s*)?)+$"`
Certificates map[string]*Certificate
Available bool
- Maintenance bool `key:"maintenance" constraint:"(?i)^(true|false)$"`
- SSLConfig *SSLConfig `key:"ssl"`
+ Maintenance bool `key:"maintenance" constraint:"(?i)^(true|false)$"`
+ SSLConfig *SSLConfig `key:"ssl"`
+ Nginx *NginxAppConfig `key:"nginx"`
}
-func newAppConfig(routerConfig *RouterConfig) *AppConfig {
+func newAppConfig(routerConfig *RouterConfig) (*AppConfig, error) {
+ nginxConfig, err := newNginxAppConfig(routerConfig)
+ if err != nil {
+ return nil, err
+ }
return &AppConfig{
ConnectTimeout: "30s",
TCPTimeout: routerConfig.DefaultTimeout,
Certificates: make(map[string]*Certificate, 0),
SSLConfig: newSSLConfig(),
- }
+ Nginx: nginxConfig,
+ }, nil
}
// BuilderConfig encapsulates the configuration of the deis-builder-- if it's in use.
@@ -215,6 +229,55 @@ func newHSTSConfig() *HSTSConfig {
}
}
+// NginxAppConfig is a wrapper for all Nginx-specific app configurations. These
+// options shouldn't be expected to be universally supported by alternative
+// router implementations.
+type NginxAppConfig struct {
+ ProxyBuffersConfig *ProxyBuffersConfig `key:"proxyBuffers"`
+}
+
+func newNginxAppConfig(routerConfig *RouterConfig) (*NginxAppConfig, error) {
+ proxyBuffersConfig, err := newProxyBuffersConfig(routerConfig.ProxyBuffersConfig)
+ if err != nil {
+ return nil, err
+ }
+ return &NginxAppConfig{
+ ProxyBuffersConfig: proxyBuffersConfig,
+ }, nil
+}
+
+// ProxyBuffersConfig represents configuration options having to do with Nginx
+// proxy buffers.
+type ProxyBuffersConfig struct {
+ Enabled bool `key:"enabled" constraint:"(?i)^(true|false)$"`
+ Number int `key:"number" constraint:"^[1-9]\\d*$"`
+ Size string `key:"size" constraint:"^[1-9]\\d*[kKmM]?$"`
+ BusySize string `key:"busySize" constraint:"^[1-9]\\d*[kKmM]?$"`
+}
+
+func newProxyBuffersConfig(proxyBuffersConfig *ProxyBuffersConfig) (*ProxyBuffersConfig, error) {
+ if proxyBuffersConfig != nil {
+ var buf bytes.Buffer
+ enc := gob.NewEncoder(&buf)
+ dec := gob.NewDecoder(&buf)
+ err := enc.Encode(proxyBuffersConfig)
+ if err != nil {
+ return nil, err
+ }
+ var copy *ProxyBuffersConfig
+ err = dec.Decode(©)
+ if err != nil {
+ return nil, err
+ }
+ return copy, nil
+ }
+ return &ProxyBuffersConfig{
+ Number: 8,
+ Size: "4k",
+ BusySize: "8k",
+ }, nil
+}
+
// Build creates a RouterConfig configuration object by querying the k8s API for
// relevant metadata concerning itself and all routable services.
func Build(kubeClient *kubernetes.Clientset) (*RouterConfig, error) {
@@ -328,8 +391,11 @@ func build(kubeClient *kubernetes.Clientset, routerDeployment *v1beta1ext.Deploy
}
func buildRouterConfig(routerDeployment *v1beta1.Deployment, platformCertSecret *v1.Secret, dhParamSecret *v1.Secret) (*RouterConfig, error) {
- routerConfig := newRouterConfig()
- err := modeler.MapToModel(routerDeployment.Annotations, "nginx", routerConfig)
+ routerConfig, err := newRouterConfig()
+ if err != nil {
+ return nil, err
+ }
+ err = modeler.MapToModel(routerDeployment.Annotations, "nginx", routerConfig)
if err != nil {
return nil, err
}
@@ -351,7 +417,10 @@ func buildRouterConfig(routerDeployment *v1beta1.Deployment, platformCertSecret
}
func buildAppConfig(kubeClient *kubernetes.Clientset, service v1.Service, routerConfig *RouterConfig) (*AppConfig, error) {
- appConfig := newAppConfig(routerConfig)
+ appConfig, err := newAppConfig(routerConfig)
+ if err != nil {
+ return nil, err
+ }
appConfig.Name = service.Labels["app"]
// If we didn't get the app name from the app label, fall back to inferring the app name from
// the service's own name.
@@ -363,7 +432,7 @@ func buildAppConfig(kubeClient *kubernetes.Clientset, service v1.Service, router
if appConfig.Name != service.Namespace {
appConfig.Name = service.Namespace + "/" + appConfig.Name
}
- err := modeler.MapToModel(service.Annotations, "", appConfig)
+ err = modeler.MapToModel(service.Annotations, "", appConfig)
if err != nil {
return nil, err
}
diff --git a/model/model_test.go b/model/model_test.go
index 62faeb8..35a1084 100644
--- a/model/model_test.go
+++ b/model/model_test.go
@@ -84,7 +84,10 @@ func TestBuildRouterConfig(t *testing.T) {
},
}
- expectedConfig := newRouterConfig()
+ expectedConfig, err := newRouterConfig()
+ if err != nil {
+ t.Error(err)
+ }
sslConfig := newSSLConfig()
hstsConfig := newHSTSConfig()
platformCert := newCertificate("foo", "bar")
diff --git a/model/model_validation_test.go b/model/model_validation_test.go
index 91265ff..7aff2ef 100644
--- a/model/model_validation_test.go
+++ b/model/model_validation_test.go
@@ -343,22 +343,74 @@ func TestValidHSTSPreload(t *testing.T) {
testValidValues(t, newTestHSTSConfig, "Preload", "preload", []string{"true", "false", "TRUE", "FALSE"})
}
-func testInvalidValues(t *testing.T, builder func() interface{}, fieldName string, key string, badValues []string) {
+func TestInvalidProxyBuffersEnabled(t *testing.T) {
+ testInvalidValues(t, newTestProxyBuffersConfig, "Enabled", "enabled", []string{"0", "-1", "foobar"})
+}
+
+func TestValidProxyBuffersEnabled(t *testing.T) {
+ testValidValues(t, newTestProxyBuffersConfig, "Enabled", "enabled", []string{"true", "false", "TRUE", "FALSE"})
+}
+
+func TestInvalidProxyBuffersNumber(t *testing.T) {
+ testInvalidValues(t, newTestProxyBuffersConfig, "Number", "number", []string{"0", "-1", "foobar"})
+}
+
+func TestValidProxyBuffersNumber(t *testing.T) {
+ testValidValues(t, newTestProxyBuffersConfig, "Number", "number", []string{"1", "2", "10"})
+}
+
+func TestInvalidProxyBuffersSize(t *testing.T) {
+ testInvalidValues(t, newTestProxyBuffersConfig, "Size", "size", []string{"0", "-1", "foobar"})
+}
+
+func TestValidProxyBuffersSize(t *testing.T) {
+ testValidValues(t, newTestProxyBuffersConfig, "Size", "size", []string{"1", "2", "20", "1k", "2k", "10m", "10M"})
+}
+
+func TestInvalidProxyBuffersBusySize(t *testing.T) {
+ testInvalidValues(t, newTestProxyBuffersConfig, "BusySize", "busySize", []string{"0", "-1", "foobar"})
+}
+
+func TestValidProxyBusyBuffersBusySize(t *testing.T) {
+ testValidValues(t, newTestProxyBuffersConfig, "BusySize", "busySize", []string{"1", "2", "20", "1k", "2k", "10m", "10M"})
+}
+
+func testInvalidValues(
+ t *testing.T,
+ builder func() (interface{}, error),
+ fieldName string,
+ key string,
+ badValues []string,
+) {
badMap := make(map[string]string, 1)
for _, badValue := range badValues {
badMap[key] = badValue
- model := builder()
- err := testModeler.MapToModel(badMap, "", model)
+ model, err := builder()
+ if err != nil {
+ t.Errorf("Unexpected error: %s", err)
+ t.FailNow()
+ }
+ err = testModeler.MapToModel(badMap, "", model)
checkError(t, badValue, err)
}
}
-func testValidValues(t *testing.T, builder func() interface{}, fieldName string, key string, goodValues []string) {
+func testValidValues(
+ t *testing.T,
+ builder func() (interface{}, error),
+ fieldName string,
+ key string,
+ goodValues []string,
+) {
goodMap := make(map[string]string, 1)
for _, goodValue := range goodValues {
goodMap[key] = goodValue
- model := builder()
- err := testModeler.MapToModel(goodMap, "", model)
+ model, err := builder()
+ if err != nil {
+ t.Errorf("Unexpected error: %s", err)
+ t.FailNow()
+ }
+ err = testModeler.MapToModel(goodMap, "", model)
if err != nil {
t.Errorf("Using value \"%s\", received an unexpected error: %s", goodValue, err)
t.FailNow()
@@ -366,28 +418,36 @@ func testValidValues(t *testing.T, builder func() interface{}, fieldName string,
}
}
-func newTestRouterConfig() interface{} {
+func newTestRouterConfig() (interface{}, error) {
return newRouterConfig()
}
-func newTestGzipConfig() interface{} {
- return newGzipConfig()
+func newTestGzipConfig() (interface{}, error) {
+ return newGzipConfig(), nil
+}
+
+func newTestAppConfig() (interface{}, error) {
+ routerConfig, err := newRouterConfig()
+ if err != nil {
+ return nil, err
+ }
+ return newAppConfig(routerConfig)
}
-func newTestAppConfig() interface{} {
- return newAppConfig(newRouterConfig())
+func newTestBuilderConfig() (interface{}, error) {
+ return newBuilderConfig(), nil
}
-func newTestBuilderConfig() interface{} {
- return newBuilderConfig()
+func newTestSSLConfig() (interface{}, error) {
+ return newSSLConfig(), nil
}
-func newTestSSLConfig() interface{} {
- return newSSLConfig()
+func newTestHSTSConfig() (interface{}, error) {
+ return newHSTSConfig(), nil
}
-func newTestHSTSConfig() interface{} {
- return newHSTSConfig()
+func newTestProxyBuffersConfig() (interface{}, error) {
+ return newProxyBuffersConfig(nil)
}
func checkError(t *testing.T, value string, err error) {
diff --git a/nginx/config.go b/nginx/config.go
index 03cb8ff..f33a14d 100644
--- a/nginx/config.go
+++ b/nginx/config.go
@@ -146,7 +146,10 @@ http {
}
location / {
- proxy_buffering off;
+ proxy_buffering {{ if $routerConfig.ProxyBuffersConfig.Enabled }}on{{ else }}off{{ end }};
+ proxy_buffer_size {{ $routerConfig.ProxyBuffersConfig.Size }};
+ proxy_buffers {{ $routerConfig.ProxyBuffersConfig.Number }} {{ $routerConfig.ProxyBuffersConfig.Size }};
+ proxy_busy_buffers_size {{ $routerConfig.ProxyBuffersConfig.BusySize }};
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $access_scheme;
@@ -242,7 +245,11 @@ http {
add_header X-Correlation-Id $correlation_id always;
{{end}}
- {{ if $appConfig.Maintenance }}return 503;{{ else if $appConfig.Available }}proxy_buffering off;
+ {{ if $appConfig.Maintenance }}return 503;{{ else if $appConfig.Available }}
+ proxy_buffering {{ if $appConfig.Nginx.ProxyBuffersConfig.Enabled }}on{{ else }}off{{ end }};
+ proxy_buffer_size {{ $appConfig.Nginx.ProxyBuffersConfig.Size }};
+ proxy_buffers {{ $appConfig.Nginx.ProxyBuffersConfig.Number }} {{ $appConfig.Nginx.ProxyBuffersConfig.Size }};
+ proxy_busy_buffers_size {{ $appConfig.Nginx.ProxyBuffersConfig.BusySize }};
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $access_scheme;