nginx
diff --git a/‎nginx-plus-controller/Dockerfile
Lines changed: 2 additions & 3 deletions b/‎nginx-plus-controller/Dockerfile
Lines changed: 2 additions & 3 deletions
diff --git a/‎nginx-plus-controller/controller/controller.go
Lines changed: 59 additions & 0 deletions b/‎nginx-plus-controller/controller/controller.go
Lines changed: 59 additions & 0 deletions
diff --git a/‎nginx-plus-controller/nginx/config.go
Lines changed: 11 additions & 0 deletions b/‎nginx-plus-controller/nginx/config.go
Lines changed: 11 additions & 0 deletions
diff --git a/‎nginx-plus-controller/nginx/configurator.go
Lines changed: 83 additions & 10 deletions b/‎nginx-plus-controller/nginx/configurator.go
Lines changed: 83 additions & 10 deletions
diff --git a/‎nginx-plus-controller/nginx/convert.go
Lines changed: 40 additions & 0 deletions b/‎nginx-plus-controller/nginx/convert.go
Lines changed: 40 additions & 0 deletions
@@ -1,19 +1,18 @@
-FROM ubuntu:14.04
+FROM ubuntu:16.04
 
 MAINTAINER NGINX Docker Maintainers "[email protected]"
 
 # Set the debconf front end to Noninteractive
 RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
 
-RUN apt-get update && apt-get install -y -q wget apt-transport-https
+RUN apt-get update && apt-get install -y -q wget lsb-release apt-transport-https
 
 # Download certificate and key from the customer portal (https://cs.nginx.com)
 # and copy to the build context
 ADD nginx-repo.crt /etc/ssl/nginx/
 ADD nginx-repo.key /etc/ssl/nginx/
 
 # Get other files required for installation
-RUN wget -q -O /etc/ssl/nginx/CA.crt https://cs.nginx.com/static/files/CA.crt
 RUN wget -q -O - http://nginx.org/keys/nginx_signing.key | apt-key add -
 RUN wget -q -O /etc/apt/apt.conf.d/90nginx https://cs.nginx.com/static/files/90nginx
 
 
@@ -324,6 +324,65 @@ func (lbc *LoadBalancerController) syncCfgm(key string) {
 		if serverNamesHashMaxSize, exists := cfgm.Data["server-names-hash-max-size"]; exists {
 			cfg.MainServerNamesHashMaxSize = serverNamesHashMaxSize
 		}
+		if HTTP2, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "http2", cfgm); exists {
+			if err != nil {
+				glog.Error(err)
+			} else {
+				cfg.HTTP2 = HTTP2
+			}
+		}
+
+		// HSTS block
+		if hsts, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "hsts", cfgm); exists {
+			if err != nil {
+				glog.Error(err)
+			} else {
+				parsingErrors := false
+
+				hstsMaxAge, existsMA, err := nginx.GetMapKeyAsInt(cfgm.Data, "hsts-max-age", cfgm)
+				if existsMA && err != nil {
+					glog.Error(err)
+					parsingErrors = true
+				}
+				hstsIncludeSubdomains, existsIS, err := nginx.GetMapKeyAsBool(cfgm.Data, "hsts-include-subdomains", cfgm)
+				if existsIS && err != nil {
+					glog.Error(err)
+					parsingErrors = true
+				}
+
+				if parsingErrors {
+					glog.Errorf("Configmap %s/%s: There are configuration issues with hsts annotations, skipping options for all hsts settings", cfgm.GetNamespace(), cfgm.GetName())
+				} else {
+					cfg.HSTS = hsts
+					if existsMA {
+						cfg.HSTSMaxAge = hstsMaxAge
+					}
+					if existsIS {
+						cfg.HSTSIncludeSubdomains = hstsIncludeSubdomains
+					}
+				}
+			}
+		}
+
+		if logFormat, exists := cfgm.Data["log-format"]; exists {
+			cfg.MainLogFormat = logFormat
+		}
+		if proxyBuffering, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "proxy-buffering", cfgm); exists {
+			if err != nil {
+				glog.Error(err)
+			} else {
+				cfg.ProxyBuffering = proxyBuffering
+			}
+		}
+		if proxyBuffers, exists := cfgm.Data["proxy-buffers"]; exists {
+			cfg.ProxyBuffers = proxyBuffers
+		}
+		if proxyBufferSize, exists := cfgm.Data["proxy-buffer-size"]; exists {
+			cfg.ProxyBufferSize = proxyBufferSize
+		}
+		if proxyMaxTempFileSize, exists := cfgm.Data["proxy-max-temp-file-size"]; exists {
+			cfg.ProxyMaxTempFileSize = proxyMaxTempFileSize
+		}
 	}
 	lbc.cnf.UpdateConfig(cfg)
 
 
@@ -5,8 +5,17 @@ type Config struct {
 	ProxyConnectTimeout           string
 	ProxyReadTimeout              string
 	ClientMaxBodySize             string
+	HTTP2                         bool
 	MainServerNamesHashBucketSize string
 	MainServerNamesHashMaxSize    string
+	MainLogFormat                 string
+	ProxyBuffering                bool
+	ProxyBuffers                  string
+	ProxyBufferSize               string
+	ProxyMaxTempFileSize          string
+	HSTS                          bool
+	HSTSMaxAge                    int64
+	HSTSIncludeSubdomains         bool
 }
 
 // NewDefaultConfig creates a Config with default values
@@ -16,5 +25,7 @@ func NewDefaultConfig() *Config {
 		ProxyReadTimeout:           "60s",
 		ClientMaxBodySize:          "1m",
 		MainServerNamesHashMaxSize: "512",
+		ProxyBuffering:             true,
+		HSTSMaxAge:                 2592000,
 	}
 }
@@ -111,7 +111,14 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri
 			glog.Warningf("Host field of ingress rule in %v/%v is empty", ingEx.Ingress.Namespace, ingEx.Ingress.Name)
 		}
 
-		server := Server{Name: serverName, StatusZone: statuzZone}
+		server := Server{
+			Name:                  serverName,
+			HTTP2:                 ingCfg.HTTP2,
+			HSTS:                  ingCfg.HSTS,
+			HSTSMaxAge:            ingCfg.HSTSMaxAge,
+			HSTSIncludeSubdomains: ingCfg.HSTSIncludeSubdomains,
+			StatusZone:            statuzZone,
+		}
 
 		if pemFile, ok := pems[serverName]; ok {
 			server.SSL = true
@@ -153,7 +160,14 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri
 		statuzZone := ingEx.Ingress.Namespace + "-" + ingEx.Ingress.Name
 		glog.Warningf("Host field of ingress rule in %v/%v is empty", ingEx.Ingress.Namespace, ingEx.Ingress.Name)
 
-		server := Server{Name: serverName, StatusZone: statuzZone}
+		server := Server{
+			Name:                  serverName,
+			HTTP2:                 ingCfg.HTTP2,
+			HSTS:                  ingCfg.HSTS,
+			HSTSMaxAge:            ingCfg.HSTSMaxAge,
+			HSTSIncludeSubdomains: ingCfg.HSTSIncludeSubdomains,
+			StatusZone:            statuzZone,
+		}
 
 		if pemFile, ok := pems[emptyHost]; ok {
 			server.SSL = true
@@ -186,7 +200,61 @@ func (cnf *Configurator) createConfig(ingEx *IngressEx) Config {
 	if clientMaxBodySize, exists := ingEx.Ingress.Annotations["nginx.org/client-max-body-size"]; exists {
 		ingCfg.ClientMaxBodySize = clientMaxBodySize
 	}
+	if HTTP2, exists, err := GetMapKeyAsBool(ingEx.Ingress.Annotations, "nginx.org/http2", ingEx.Ingress); exists {
+		if err != nil {
+			glog.Error(err)
+		} else {
+			ingCfg.HTTP2 = HTTP2
+		}
+	}
+	if proxyBuffering, exists, err := GetMapKeyAsBool(ingEx.Ingress.Annotations, "nginx.org/proxy-buffering", ingEx.Ingress); exists {
+		if err != nil {
+			glog.Error(err)
+		} else {
+			ingCfg.ProxyBuffering = proxyBuffering
+		}
+	}
+
+	if hsts, exists, err := GetMapKeyAsBool(ingEx.Ingress.Annotations, "nginx.org/hsts", ingEx.Ingress); exists {
+		if err != nil {
+			glog.Error(err)
+		} else {
+			parsingErrors := false
+
+			hstsMaxAge, existsMA, err := GetMapKeyAsInt(ingEx.Ingress.Annotations, "nginx.org/hsts-max-age", ingEx.Ingress)
+			if existsMA && err != nil {
+				glog.Error(err)
+				parsingErrors = true
+			}
+			hstsIncludeSubdomains, existsIS, err := GetMapKeyAsBool(ingEx.Ingress.Annotations, "nginx.org/hsts-include-subdomains", ingEx.Ingress)
+			if existsIS && err != nil {
+				glog.Error(err)
+				parsingErrors = true
+			}
+
+			if parsingErrors {
+				glog.Errorf("Ingress %s/%s: There are configuration issues with hsts annotations, skipping annotions for all hsts settings", ingEx.Ingress.GetNamespace(), ingEx.Ingress.GetName())
+			} else {
+				ingCfg.HSTS = hsts
+				if existsMA {
+					ingCfg.HSTSMaxAge = hstsMaxAge
+				}
+				if existsIS {
+					ingCfg.HSTSIncludeSubdomains = hstsIncludeSubdomains
+				}
+			}
+		}
+	}
 
+	if proxyBuffers, exists := ingEx.Ingress.Annotations["nginx.org/proxy-buffers"]; exists {
+		ingCfg.ProxyBuffers = proxyBuffers
+	}
+	if proxyBufferSize, exists := ingEx.Ingress.Annotations["nginx.org/proxy-buffer-size"]; exists {
+		ingCfg.ProxyBufferSize = proxyBufferSize
+	}
+	if proxyMaxTempFileSize, exists := ingEx.Ingress.Annotations["nginx.org/proxy-max-temp-file-size"]; exists {
+		ingCfg.ProxyMaxTempFileSize = proxyMaxTempFileSize
+	}
 	return ingCfg
 }
 
@@ -283,14 +351,18 @@ func parseStickyService(service string) (serviceName string, stickyCookie string
 
 func createLocation(path string, upstream Upstream, cfg *Config, websocket bool, rewrite string, ssl bool) Location {
 	loc := Location{
-		Path:                path,
-		Upstream:            upstream,
-		ProxyConnectTimeout: cfg.ProxyConnectTimeout,
-		ProxyReadTimeout:    cfg.ProxyReadTimeout,
-		ClientMaxBodySize:   cfg.ClientMaxBodySize,
-		Websocket:           websocket,
-		Rewrite:             rewrite,
-		SSL:                 ssl,
+		Path:                 path,
+		Upstream:             upstream,
+		ProxyConnectTimeout:  cfg.ProxyConnectTimeout,
+		ProxyReadTimeout:     cfg.ProxyReadTimeout,
+		ClientMaxBodySize:    cfg.ClientMaxBodySize,
+		Websocket:            websocket,
+		Rewrite:              rewrite,
+		SSL:                  ssl,
+		ProxyBuffering:       cfg.ProxyBuffering,
+		ProxyBuffers:         cfg.ProxyBuffers,
+		ProxyBufferSize:      cfg.ProxyBufferSize,
+		ProxyMaxTempFileSize: cfg.ProxyMaxTempFileSize,
 	}
 
 	return loc
@@ -377,6 +449,7 @@ func (cnf *Configurator) UpdateConfig(config *Config) {
 	mainCfg := &NginxMainConfig{
 		ServerNamesHashBucketSize: config.MainServerNamesHashBucketSize,
 		ServerNamesHashMaxSize:    config.MainServerNamesHashMaxSize,
+		LogFormat:                 config.MainLogFormat,
 	}
 
 	cnf.nginx.UpdateMainConfigFile(mainCfg)
 
@@ -0,0 +1,40 @@
+package nginx
+
+import (
+	"fmt"
+	"strconv"
+
+	"k8s.io/kubernetes/pkg/api/meta"
+	"k8s.io/kubernetes/pkg/runtime"
+)
+
+// There seems to be no composite interface in the kubernetes api package,
+// so we have to declare our own.
+type apiObject interface {
+	meta.Object
+	runtime.Object
+}
+
+// GetMapKeyAsBool searches the map for the given key and parses the key as bool
+func GetMapKeyAsBool(m map[string]string, key string, context apiObject) (bool, bool, error) {
+	if str, exists := m[key]; exists {
+		b, err := strconv.ParseBool(str)
+		if err != nil {
+			return false, exists, fmt.Errorf("%s %v/%v '%s' contains invalid bool: %v, ignoring", context.GetObjectKind().GroupVersionKind().Kind, context.GetNamespace(), context.GetName(), key, err)
+		}
+		return b, exists, nil
+	}
+	return false, false, nil
+}
+
+// GetMapKeyAsInt tries to find and parse a key in a map as int64
+func GetMapKeyAsInt(m map[string]string, key string, context apiObject) (int64, bool, error) {
+	if str, exists := m[key]; exists {
+		i, err := strconv.ParseInt(str, 10, 64)
+		if err != nil {
+			return 0, exists, fmt.Errorf("%s %v/%v '%s' contains invalid integer: %v, ignoring", context.GetObjectKind().GroupVersionKind().Kind, context.GetNamespace(), context.GetName(), key, err)
+		}
+		return i, exists, nil
+	}
+	return 0, false, nil
+}