From abec4a8e8feaa49406cde358ff8020eccf7605ee Mon Sep 17 00:00:00 2001 From: tdeheurles Date: Sat, 23 Sep 2017 16:50:55 +0100 Subject: [PATCH] nsgate handle 404 for https --- deploy/docker/build/nsgate/nginx.conf | 21 ---------- .../build/nsgate/template.writeFunctions.sh | 39 +++++++++++++++---- docs/deployment/nsgate.md | 8 +++- 3 files changed, 38 insertions(+), 30 deletions(-) diff --git a/deploy/docker/build/nsgate/nginx.conf b/deploy/docker/build/nsgate/nginx.conf index 864e3c1dfc..91139fa574 100644 --- a/deploy/docker/build/nsgate/nginx.conf +++ b/deploy/docker/build/nsgate/nginx.conf @@ -26,26 +26,5 @@ http { error_log /dev/stderr ; server_names_hash_bucket_size 128; - server { - server_name _; - root /www/404; - expires 1M; - - error_page 404 /404.html; - - location / { - add_header X-ReactiveTraderCloud-Proxy-NsGate-Config '404'; - add_header X-ReactiveTraderCloud-Proxy-NsGate-Version "__NSGATE_VERSION__"; - - index index.html; - rewrite ^/(.*)/$ /$1 permanent; - try_files "${uri}.html" $uri $uri/ =404; - } - - location = /404.html { - internal; - } - } - include /servers/*; } diff --git a/deploy/docker/build/nsgate/template.writeFunctions.sh b/deploy/docker/build/nsgate/template.writeFunctions.sh index 30fbf34d82..1178ed1eb7 100755 --- a/deploy/docker/build/nsgate/template.writeFunctions.sh +++ b/deploy/docker/build/nsgate/template.writeFunctions.sh @@ -16,39 +16,62 @@ createProxyConfiguration() { port_number=$3 namespace=$4 - nginx_conf_file="/servers/server.$port_name.$namespace" mkdir -p /servers # Write file file_content="server {\n" file_content+=" server_name ${port_name}-${namespace}.*;\n" - file_content+=" listen ${port_number};\n" - file_content+="\n" if [[ "$port_number" == "80" ]] then + file_content+=" listen 80;\n" file_content+=" listen 443 ssl;\n" file_content+=" ssl_certificate ${CERTIFICATE};\n" file_content+=" ssl_certificate_key ${CERTIFICATE_KEY};\n" - file_content+="\n" + else + file_content+=" listen ${port_number};\n" fi - file_content+=" location / {\n" file_content+=" # Miscalneous\n" file_content+=" add_header X-ReactiveTraderCloud-Proxy-NsGate-Version \"${NSGATE_VERSION}\";\n" - file_content+="\n" file_content+=" # Proxy\n" file_content+=" proxy_set_header Host \$host;\n" file_content+=" proxy_set_header X-Real-IP \$remote_addr;\n" file_content+=" proxy_set_header X-Forwarded-Proto \$scheme;\n" file_content+=" proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n" file_content+=" proxy_pass http://${service}.${namespace}:${port_number};\n" - file_content+="\n" file_content+=" # ws\n" file_content+=" proxy_http_version 1.1;\n" file_content+=" proxy_set_header Upgrade \$http_upgrade;\n" file_content+=" proxy_set_header Connection \"upgrade\";\n" file_content+=" }\n" file_content+="}\n" + echo -e ${file_content} > "/servers/server.$port_name.$namespace" - echo -e ${file_content} > $nginx_conf_file + # 404 + file_content="server {\n" + file_content+=" server_name _;\n" + if [[ "$port_number" == "80" ]] + then + file_content+=" listen 80 default_server;\n" + file_content+=" listen 443 ssl default_server;\n" + file_content+=" ssl_certificate ${CERTIFICATE};\n" + file_content+=" ssl_certificate_key ${CERTIFICATE_KEY};\n" + else + file_content+=" listen $port_number default_server;\n" + fi + file_content+=" root /www/404;\n" + file_content+=" expires 1M;\n" + file_content+=" error_page 404 /404.html;\n" + file_content+=" location / {\n" + file_content+=" add_header X-ReactiveTraderCloud-Proxy-NsGate-Config '404';\n" + file_content+=" add_header X-ReactiveTraderCloud-Proxy-NsGate-Version \"__NSGATE_VERSION__\";\n" + file_content+=" index index.html;\n" + file_content+=" rewrite ^/(.*)/$ /\$1 permanent;\n" + file_content+=" try_files \"\${uri}.html\" \$uri \$uri/ =404;\n" + file_content+=" }\n" + file_content+=" location = /404.html {\n" + file_content+=" internal;\n" + file_content+=" }\n" + file_content+="}\n" + echo -e ${file_content} > "/servers/server.$port_number" } diff --git a/docs/deployment/nsgate.md b/docs/deployment/nsgate.md index 07ac750365..7e5b980a2f 100644 --- a/docs/deployment/nsgate.md +++ b/docs/deployment/nsgate.md @@ -15,7 +15,7 @@ The **Kubernetes ingress** are load balancer level 7, but these one didn't exist The **Kubernetes service** resource is a load balancers level 4. So we did have to implement a small program named **nsgate** based on **nginx** that do the load balancers level 7 for us without the ingress limitations. ## High level -**nsgate** means **namespace-gate**. It concist of 2 containers running behind a **Kubernetes service** with one static external ip. We have created a domain for the cluster **adaptivecluster.com** and we redirect all subdomains **wildcard.adaptivecluster.com** to this static ip in order that every connection goes through **nsgate**. **nsgate** is a nginx service that will read the subdomain to dynamicly choose the backend to proxy the connection to. +**nsgate** means **namespace-gate**. It concists of 2 containers running behind a **Kubernetes service** with one static external ip. We have created a domain for the cluster **adaptivecluster.com** and we redirect all subdomains **wildcard.adaptivecluster.com** to this static ip in order that every connection goes through **nsgate**. **nsgate** is a nginx service that will read the subdomain to dynamicly choose the backend to proxy the connection to. ## Mechanism ### Configuration @@ -35,3 +35,9 @@ The issue is only present with https. **http://foo-bar.adaptivecluster.com** is [service-official-doc]: https://Kubernetes.io/docs/concepts/services-networking/service/ [ingress-official-doc]: https://Kubernetes.io/docs/concepts/services-networking/ingress/ + +## Update +- update the code as expected (/deploy/docker/nsgate) +- choose the build number by looking latest nsgate built +- `./deploy/docker/helpers/listAllTags.sh weareadaptive/nsgate` +- `./deploy/debug/build-and-update-nsgate.sh build`