Merge pull request #2353 from bashofmann/master

Add proxy-add-original-uri-header config flag
kubernetes · Apr 16, 2018 · 564ec88 · 564ec88
2 parents 986e87e + 1c17962
commit 564ec88
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 17 deletions.
diff --git a/docs/user-guide/configmap.md b/docs/user-guide/configmap.md
@@ -104,6 +104,7 @@ The following table shows a configuration option's name, type, and the default v
 |[bind-address-ipv6](#bind-address-ipv6)|[]string|""|
 |[forwarded-for-header](#forwarded-for-header)|string|"X-Forwarded-For"|
 |[compute-full-forwarded-for](#compute-full-forwarded-for)|bool|"false"|
+|[proxy-add-original-uri-header](#proxy-add-original-uri-header)|bool|"true"|
 |[enable-opentracing](#enable-opentracing)|bool|"false"|
 |[zipkin-collector-host](#zipkin-collector-host)|string|""|
 |[zipkin-collector-port](#zipkin-collector-port)|int|9411|
@@ -585,6 +586,10 @@ Sets the header field for identifying the originating IP address of a client. De
 
 Append the remote address to the X-Forwarded-For header instead of replacing it. When this option is enabled, the upstream application is responsible for extracting the client IP based on its own list of trusted proxies.
 
+## proxy-add-original-uri-header
+
+Adds an X-Original-Uri header with the original request URI to the backend request
+
 ## enable-opentracing
 
 Enables the nginx Opentracing extension. By default this is disabled.

diff --git a/internal/file/bindata.go b/internal/file/bindata.go
diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go
@@ -424,6 +424,10 @@ type Configuration struct {
 	// Default: false
 	ComputeFullForwardedFor bool `json:"compute-full-forwarded-for,omitempty"`
 
+	// Adds an X-Original-Uri header with the original request URI to the backend request
+	// Default: true
+	ProxyAddOriginalUriHeader bool `json:"proxy-add-original-uri-header"`
+
 	// EnableOpentracing enables the nginx Opentracing extension
 	// https://github.com/rnburn/nginx-opentracing
 	// By default this is disabled
@@ -536,6 +540,7 @@ func NewDefault() Configuration {
 		ErrorLogLevel:              errorLevel,
 		ForwardedForHeader:         "X-Forwarded-For",
 		ComputeFullForwardedFor:    false,
+		ProxyAddOriginalUriHeader:  true,
 		HTTP2MaxFieldSize:          "4k",
 		HTTP2MaxHeaderSize:         "16k",
 		HTTPRedirectCode:           308,

diff --git a/internal/ingress/controller/template/configmap_test.go b/internal/ingress/controller/template/configmap_test.go
@@ -33,22 +33,23 @@ func TestFilterErrors(t *testing.T) {
 
 func TestMergeConfigMapToStruct(t *testing.T) {
 	conf := map[string]string{
-		"custom-http-errors":          "300,400,demo",
-		"proxy-read-timeout":          "1",
-		"proxy-send-timeout":          "2",
-		"skip-access-log-urls":        "/log,/demo,/test",
-		"use-proxy-protocol":          "true",
-		"disable-access-log":          "true",
-		"access-log-path":             "/var/log/test/access.log",
-		"error-log-path":              "/var/log/test/error.log",
-		"use-gzip":                    "true",
-		"enable-dynamic-tls-records":  "false",
-		"gzip-types":                  "text/html",
-		"proxy-real-ip-cidr":          "1.1.1.1/8,2.2.2.2/24",
-		"bind-address":                "1.1.1.1,2.2.2.2,3.3.3,2001:db8:a0b:12f0::1,3731:54:65fe:2::a7,33:33:33::33::33",
-		"worker-shutdown-timeout":     "99s",
-		"nginx-status-ipv4-whitelist": "127.0.0.1,10.0.0.0/24",
-		"nginx-status-ipv6-whitelist": "::1,2001::/16",
+		"custom-http-errors":            "300,400,demo",
+		"proxy-read-timeout":            "1",
+		"proxy-send-timeout":            "2",
+		"skip-access-log-urls":          "/log,/demo,/test",
+		"use-proxy-protocol":            "true",
+		"disable-access-log":            "true",
+		"access-log-path":               "/var/log/test/access.log",
+		"error-log-path":                "/var/log/test/error.log",
+		"use-gzip":                      "true",
+		"enable-dynamic-tls-records":    "false",
+		"gzip-types":                    "text/html",
+		"proxy-real-ip-cidr":            "1.1.1.1/8,2.2.2.2/24",
+		"bind-address":                  "1.1.1.1,2.2.2.2,3.3.3,2001:db8:a0b:12f0::1,3731:54:65fe:2::a7,33:33:33::33::33",
+		"worker-shutdown-timeout":       "99s",
+		"nginx-status-ipv4-whitelist":   "127.0.0.1,10.0.0.0/24",
+		"nginx-status-ipv6-whitelist":   "::1,2001::/16",
+		"proxy-add-original-uri-header": "false",
 	}
 	def := config.NewDefault()
 	def.CustomHTTPErrors = []int{300, 400}
@@ -67,6 +68,7 @@ func TestMergeConfigMapToStruct(t *testing.T) {
 	def.WorkerShutdownTimeout = "99s"
 	def.NginxStatusIpv4Whitelist = []string{"127.0.0.1", "10.0.0.0/24"}
 	def.NginxStatusIpv6Whitelist = []string{"::1", "2001::/16"}
+	def.ProxyAddOriginalUriHeader = false
 
 	to := ReadConfig(conf)
 	if diff := pretty.Compare(to, def); diff != "" {

diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
@@ -1009,7 +1009,9 @@ stream {
             proxy_set_header X-Forwarded-Host       $best_http_host;
             proxy_set_header X-Forwarded-Port       $pass_port;
             proxy_set_header X-Forwarded-Proto      $pass_access_scheme;
+            {{ if $all.Cfg.ProxyAddOriginalUriHeader }}
             proxy_set_header X-Original-URI         $request_uri;
+            {{ end }}
             proxy_set_header X-Scheme               $pass_access_scheme;
 
             # Pass the original X-Forwarded-For