diff --git a/build/Dockerfile b/build/Dockerfile index 24e49593f8..a7321e673e 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -114,14 +114,12 @@ ENV NGINX_VERSION=${NGINX_PLUS_VERSION} RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \ --mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \ - --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \ --mount=type=bind,from=nginx-files,src=nginx_signing.rsa.pub,target=/etc/apk/keys/nginx_signing.rsa.pub \ --mount=type=bind,from=nginx-files,src=user_agent,target=/tmp/user_agent \ --mount=type=bind,from=nginx-files,src=tracking.info,target=/tmp/nginx/reporting/tracking.info \ export $(cat /tmp/user_agent) \ && printf "%s\n" "https://${PACKAGE_REPO}/plus/${NGINX_PLUS_VERSION}/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \ - && apk add --no-cache nginx-plus nginx-plus-module-njs nginx-plus-module-opentracing nginx-plus-module-fips-check libcap libcurl \ - && cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \ + && apk add --no-cache nginx-plus nginx-plus-module-njs nginx-plus-module-fips-check libcap libcurl \ && mkdir -p /etc/nginx/reporting/ && cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \ && ldconfig /usr/local/lib/ \ && sed -i -e '/nginx.com/d' /etc/apk/repositories @@ -154,7 +152,6 @@ ENV NGINX_VERSION=${NGINX_PLUS_VERSION} RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \ --mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \ --mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \ - --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \ --mount=type=bind,from=nginx-files,src=app-protect-security-updates.rsa.pub,target=/etc/apk/keys/app-protect-security-updates.rsa.pub \ --mount=type=bind,from=nginx-files,src=nginx_signing.rsa.pub,target=/etc/apk/keys/nginx_signing.rsa.pub \ --mount=type=bind,from=nginx-files,src=agent.sh,target=/usr/local/bin/agent.sh \ @@ -164,13 +161,12 @@ RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \ && printf "%s\n" "https://${PACKAGE_REPO}/app-protect/${NGINX_PLUS_VERSION}/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \ && printf "%s\n" "https://pkgs.nginx.com/app-protect-security-updates/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \ && printf "%s\n" "https://${PACKAGE_REPO}/nginx-agent/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \ - && apk add --no-cache libcap-utils libcurl nginx-plus nginx-plus-module-njs nginx-plus-module-opentracing nginx-plus-module-fips-check \ + && apk add --no-cache libcap-utils libcurl nginx-plus nginx-plus-module-njs nginx-plus-module-fips-check \ && if [ "${NGINX_AGENT}" = "true" ]; then apk add --no-cache nginx-agent; fi \ && mkdir -p /usr/ssl \ && cp -av /tmp/fips/usr/lib/ossl-modules/fips.so /usr/lib/ossl-modules/fips.so \ && cp -av /tmp/fips/usr/ssl/fipsmodule.cnf /usr/ssl/fipsmodule.cnf \ && cp -av /tmp/fips/etc/ssl/openssl.cnf /etc/ssl/openssl.cnf \ - && cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \ && mkdir -p /etc/nginx/reporting/ \ && cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \ && ldconfig /usr/local/lib/ \ @@ -194,7 +190,6 @@ ENV NGINX_VERSION=${NGINX_PLUS_VERSION} RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \ --mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \ --mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \ - --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \ --mount=type=bind,from=nginx-files,src=nginx_signing.rsa.pub,target=/etc/apk/keys/nginx_signing.rsa.pub \ --mount=type=bind,from=nginx-files,src=agent.sh,target=/usr/local/bin/agent.sh \ --mount=type=bind,from=nginx-files,src=nap-waf.sh,target=/usr/local/bin/nap-waf.sh \ @@ -202,13 +197,12 @@ RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \ printf "%s\n" "https://${PACKAGE_REPO}/plus/${NGINX_PLUS_VERSION}/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \ && printf "%s\n" "https://${PACKAGE_REPO}/app-protect-x-plus/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \ && printf "%s\n" "https://${PACKAGE_REPO}/nginx-agent/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \ - && apk add --no-cache libcap-utils libcurl nginx-plus nginx-plus-module-njs nginx-plus-module-opentracing nginx-plus-module-fips-check \ + && apk add --no-cache libcap-utils libcurl nginx-plus nginx-plus-module-njs nginx-plus-module-fips-check \ && if [ "${NGINX_AGENT}" = "true" ]; then apk add --no-cache nginx-agent; fi \ && mkdir -p /usr/ssl \ && cp -av /tmp/fips/usr/lib/ossl-modules/fips.so /usr/lib/ossl-modules/fips.so \ && cp -av /tmp/fips/usr/ssl/fipsmodule.cnf /usr/ssl/fipsmodule.cnf \ && cp -av /tmp/fips/etc/ssl/openssl.cnf /etc/ssl/openssl.cnf \ - && cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \ && mkdir -p /etc/nginx/reporting/ \ && cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \ && ldconfig /usr/local/lib/ \ @@ -229,7 +223,6 @@ ENV NGINX_VERSION=${NGINX_PLUS_VERSION} SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ - --mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \ --mount=type=bind,from=nginx-files,src=nginx_signing.key,target=/tmp/nginx_signing.key \ --mount=type=bind,from=nginx-files,src=app-protect-security-updates.key,target=/tmp/app-protect-security-updates.key \ --mount=type=bind,from=nginx-files,src=90pkgs-nginx,target=/etc/apt/apt.conf.d/90pkgs-nginx \ @@ -243,9 +236,8 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && gpg --dearmor -o /usr/share/keyrings/app-protect-archive-keyring.gpg /tmp/app-protect-security-updates.key \ && cp /tmp/nginx-plus.sources /etc/apt/sources.list.d/nginx-plus.sources \ && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y nginx-plus nginx-plus-module-njs nginx-plus-module-opentracing nginx-plus-module-fips-check \ + && apt-get install --no-install-recommends --no-install-suggests -y nginx-plus nginx-plus-module-njs nginx-plus-module-fips-check \ && apt-get purge --auto-remove -y gpg \ - && cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \ && mkdir -p /etc/nginx/reporting/ \ && cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \ && ldconfig \ @@ -262,7 +254,6 @@ ENV NGINX_VERSION=${NGINX_PLUS_VERSION} RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ - --mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \ --mount=type=bind,from=nginx-files,src=nginx_signing.key,target=/tmp/nginx_signing.key \ --mount=type=bind,from=nginx-files,src=90pkgs-nginx,target=/etc/apt/apt.conf.d/90pkgs-nginx \ --mount=type=bind,from=nginx-files,src=nap-waf-12.sources,target=/tmp/app-protect.sources \ @@ -321,7 +312,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && apt-get update \ && if [ "${NGINX_AGENT}" = "true" ]; then apt-get install --no-install-recommends --no-install-suggests -y nginx-agent; fi \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ - apt-get install --no-install-recommends --no-install-suggests -y app-protect-module-plus=33+5.264* nginx-plus-module-appprotect=33+5.264*; \ + apt-get install --no-install-recommends --no-install-suggests -y app-protect-module-plus=33+5.264* nginx-plus-module-appprotect=33+5.264* app-protect-plugin=6.9.0*; \ rm -f /etc/apt/sources.list.d/app-protect.sources; \ nap-waf.sh; \ fi \ diff --git a/internal/configs/configmaps.go b/internal/configs/configmaps.go index 60bd2590f4..c467e67d2d 100644 --- a/internal/configs/configmaps.go +++ b/internal/configs/configmaps.go @@ -538,7 +538,7 @@ func ParseConfigMap(ctx context.Context, cfgm *v1.ConfigMap, nginxPlus bool, has cfgParams.MainOpenTracingTracerConfig = openTracingTracerConfig } - if cfgParams.MainOpenTracingTracer != "" || cfgParams.MainOpenTracingTracerConfig != "" { + if cfgParams.MainOpenTracingTracer != "" && cfgParams.MainOpenTracingTracerConfig != "" { cfgParams.MainOpenTracingLoadModule = true } @@ -547,11 +547,14 @@ func ParseConfigMap(ctx context.Context, cfgm *v1.ConfigMap, nginxPlus bool, has nl.Error(l, err) eventLog.Event(cfgm, v1.EventTypeWarning, nl.EventReasonInvalidValue, err.Error()) configOk = false + } else if openTracing && nginxPlus { + errorText := fmt.Sprintf("ConfigMap %s/%s key %s is not compatible with NGINX Plus", cfgm.Namespace, cfgm.Name, "opentracing") + nl.Warn(l, errorText) + eventLog.Event(cfgm, v1.EventTypeWarning, nl.EventReasonInvalidValue, errorText) + configOk = false + clearOpenTracingParams(cfgParams) } else if !openTracing { - cfgParams.MainOpenTracingEnabled = false - cfgParams.MainOpenTracingLoadModule = false - cfgParams.MainOpenTracingTracer = "" - cfgParams.MainOpenTracingTracerConfig = "" + clearOpenTracingParams(cfgParams) } else { if cfgParams.MainOpenTracingLoadModule { cfgParams.MainOpenTracingEnabled = openTracing @@ -674,6 +677,13 @@ func ParseConfigMap(ctx context.Context, cfgm *v1.ConfigMap, nginxPlus bool, has return cfgParams, configOk } +func clearOpenTracingParams(cfgParams *ConfigParams) { + cfgParams.MainOpenTracingEnabled = false + cfgParams.MainOpenTracingLoadModule = false + cfgParams.MainOpenTracingTracer = "" + cfgParams.MainOpenTracingTracerConfig = "" +} + //nolint:gocyclo func parseConfigMapZoneSync(l *slog.Logger, cfgm *v1.ConfigMap, cfgParams *ConfigParams, eventLog record.EventRecorder, nginxPlus bool) (*ZoneSync, error) { if zoneSync, exists, err := GetMapKeyAsBool(cfgm.Data, "zone-sync", cfgm); exists { diff --git a/internal/configs/configmaps_test.go b/internal/configs/configmaps_test.go index 7890e86658..86e839de73 100644 --- a/internal/configs/configmaps_test.go +++ b/internal/configs/configmaps_test.go @@ -1170,12 +1170,14 @@ func makeEventLogger() record.EventRecorder { func TestOpenTracingConfiguration(t *testing.T) { t.Parallel() tests := []struct { - configMap *v1.ConfigMap - enabled bool - loadModule bool - tracer string - tracerConfig string - msg string + configMap *v1.ConfigMap + isPlus bool + expectedOpenTracingEnabled bool + expectedLoadModule bool + expectedTracer string + expectedTracerConfig string + expectedConfigOk bool + msg string }{ { configMap: &v1.ConfigMap{ @@ -1185,11 +1187,42 @@ func TestOpenTracingConfiguration(t *testing.T) { "opentracing-tracer-config": "/etc/nginx/opentracing.json", }, }, - enabled: true, - loadModule: true, - tracer: "/usr/local/lib/libjaegertracing.so", - tracerConfig: "/etc/nginx/opentracing.json", - msg: "opentracing enabled", + isPlus: false, + expectedOpenTracingEnabled: true, + expectedLoadModule: true, + expectedTracer: "/usr/local/lib/libjaegertracing.so", + expectedTracerConfig: "/etc/nginx/opentracing.json", + expectedConfigOk: true, + msg: "oss: opentracing enabled (valid)", + }, + { + configMap: &v1.ConfigMap{ + Data: map[string]string{ + "opentracing": "true", + "opentracing-tracer": "/usr/local/lib/libjaegertracing.so", + }, + }, + isPlus: false, + expectedOpenTracingEnabled: false, + expectedLoadModule: false, + expectedTracer: "/usr/local/lib/libjaegertracing.so", + expectedTracerConfig: "", + expectedConfigOk: false, + msg: "oss: opentracing enabled, tracer-config not set (invalid)", + }, + { + configMap: &v1.ConfigMap{ + Data: map[string]string{ + "opentracing": "true", + }, + }, + isPlus: false, + expectedOpenTracingEnabled: false, + expectedLoadModule: false, + expectedTracer: "", + expectedTracerConfig: "", + expectedConfigOk: false, + msg: "oss: opentracing enabled, tracer and tracer-config not set (invalid)", }, { configMap: &v1.ConfigMap{ @@ -1199,11 +1232,13 @@ func TestOpenTracingConfiguration(t *testing.T) { "opentracing-tracer-config": "/etc/nginx/opentracing.json", }, }, - enabled: false, - loadModule: false, - tracer: "", - tracerConfig: "", - msg: "opentracing disabled", + isPlus: false, + expectedOpenTracingEnabled: false, + expectedLoadModule: false, + expectedTracer: "", + expectedTracerConfig: "", + expectedConfigOk: true, + msg: "oss: opentracing disabled, tracer and tracer-config set (valid)", }, { configMap: &v1.ConfigMap{ @@ -1211,44 +1246,118 @@ func TestOpenTracingConfiguration(t *testing.T) { "opentracing": "false", }, }, - enabled: false, - loadModule: false, - tracer: "", - tracerConfig: "", - msg: "opentracing disabled", + isPlus: false, + expectedOpenTracingEnabled: false, + expectedLoadModule: false, + expectedTracer: "", + expectedTracerConfig: "", + expectedConfigOk: true, + msg: "oss: opentracing disabled (valid)", + }, + { + configMap: &v1.ConfigMap{ + Data: map[string]string{ + "opentracing": "false", + }, + }, + isPlus: true, + expectedOpenTracingEnabled: false, + expectedLoadModule: false, + expectedTracer: "", + expectedTracerConfig: "", + expectedConfigOk: true, + msg: "plus: opentracing explicitly disabled (valid)", + }, + { + configMap: &v1.ConfigMap{ + Data: map[string]string{}, + }, + isPlus: true, + expectedOpenTracingEnabled: false, + expectedLoadModule: false, + expectedTracer: "", + expectedTracerConfig: "", + expectedConfigOk: true, + msg: "plus: no opentracing keys set (valid)", + }, + { + configMap: &v1.ConfigMap{ + Data: map[string]string{ + "opentracing": "false", + "opentracing-tracer": "/usr/local/lib/libjaegertracing.so", + "opentracing-tracer-config": "/etc/nginx/opentracing.json", + }, + }, + isPlus: true, + expectedOpenTracingEnabled: false, + expectedLoadModule: false, + expectedTracer: "", + expectedTracerConfig: "", + expectedConfigOk: true, + msg: "plus: opentracing disabled, tracer and tracer-config set (valid)", + }, + { + configMap: &v1.ConfigMap{ + Data: map[string]string{ + "opentracing": "true", + }, + }, + isPlus: true, + expectedOpenTracingEnabled: false, + expectedLoadModule: false, + expectedTracer: "", + expectedTracerConfig: "", + expectedConfigOk: false, + msg: "plus: opentracing enabled (invalid)", + }, + { + configMap: &v1.ConfigMap{ + Data: map[string]string{ + "opentracing": "true", + "opentracing-tracer": "/usr/local/lib/libjaegertracing.so", + "opentracing-tracer-config": "/etc/nginx/opentracing.json", + }, + }, + isPlus: true, + expectedOpenTracingEnabled: false, + expectedLoadModule: false, + expectedTracer: "", + expectedTracerConfig: "", + expectedConfigOk: false, + msg: "plus: opentracing enabled, tracer and tracer-config set (invalid)", }, } - nginxPlus := false + hasAppProtect := false hasAppProtectDos := false hasTLSPassthrough := false for _, test := range tests { t.Run(test.msg, func(t *testing.T) { - result, configOk := ParseConfigMap(context.Background(), test.configMap, nginxPlus, + result, configOk := ParseConfigMap(context.Background(), test.configMap, test.isPlus, hasAppProtect, hasAppProtectDos, hasTLSPassthrough, makeEventLogger()) - if !configOk { - t.Errorf("Expected valid config, got invalid") + if configOk != test.expectedConfigOk { + t.Errorf("configOk: want %v, got %v", test.expectedConfigOk, configOk) } - if result.MainOpenTracingEnabled != test.enabled { + if result.MainOpenTracingEnabled != test.expectedOpenTracingEnabled { t.Errorf("MainOpenTracingEnabled: want %v, got %v", - test.enabled, result.MainOpenTracingEnabled) + test.expectedOpenTracingEnabled, result.MainOpenTracingEnabled) } - if result.MainOpenTracingLoadModule != test.loadModule { + if result.MainOpenTracingLoadModule != test.expectedLoadModule { t.Errorf("MainOpenTracingLoadModule: want %v, got %v", - test.loadModule, result.MainOpenTracingLoadModule) + test.expectedLoadModule, result.MainOpenTracingLoadModule) } - if result.MainOpenTracingTracer != test.tracer { + if result.MainOpenTracingTracer != test.expectedTracer { t.Errorf("MainOpenTracingTracer: want %q, got %q", - test.tracer, result.MainOpenTracingTracer) + test.expectedTracer, result.MainOpenTracingTracer) } - if result.MainOpenTracingTracerConfig != test.tracerConfig { + if result.MainOpenTracingTracerConfig != test.expectedTracerConfig { t.Errorf("MainOpenTracingTracerConfig: want %q, got %q", - test.tracerConfig, result.MainOpenTracingTracerConfig) + test.expectedTracerConfig, result.MainOpenTracingTracerConfig) } }) } diff --git a/internal/configs/version1/__snapshots__/template_test.snap b/internal/configs/version1/__snapshots__/template_test.snap index 153829110d..63ba1f6a6b 100644 --- a/internal/configs/version1/__snapshots__/template_test.snap +++ b/internal/configs/version1/__snapshots__/template_test.snap @@ -200,6 +200,7 @@ http { default upgrade; '' $default_connection_header; } + resolver example.com 127.0.0.1 valid=10s ipv6=off; resolver_timeout 15s; @@ -248,7 +249,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } @@ -1662,6 +1665,7 @@ http { default upgrade; '' $default_connection_header; } + resolver example.com 127.0.0.1 valid=10s ipv6=off; resolver_timeout 15s; @@ -1710,7 +1714,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } @@ -1803,6 +1809,7 @@ http { default upgrade; '' $default_connection_header; } + resolver example.com 127.0.0.1 valid=10s ipv6=off; resolver_timeout 15s; @@ -1851,7 +1858,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } @@ -1944,6 +1953,7 @@ http { default upgrade; '' $default_connection_header; } + resolver example.com 127.0.0.1 valid=10s ipv6=off; resolver_timeout 15s; @@ -1992,7 +2002,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } @@ -2085,6 +2097,7 @@ http { default upgrade; '' $default_connection_header; } + resolver example.com 127.0.0.1 valid=10s ipv6=off; resolver_timeout 15s; @@ -2133,7 +2146,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } @@ -2226,6 +2241,7 @@ http { default upgrade; '' $default_connection_header; } + resolver example.com 127.0.0.1 valid=10s ipv6=off; resolver_timeout 15s; @@ -2275,7 +2291,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } @@ -2400,6 +2418,7 @@ http { default upgrade; '' $default_connection_header; } + resolver example.com 127.0.0.1 valid=10s ipv6=off; resolver_timeout 15s; @@ -2448,7 +2467,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } @@ -2554,6 +2575,7 @@ http { default upgrade; '' $default_connection_header; } + resolver example.com 127.0.0.1 valid=10s ipv6=off; resolver_timeout 15s; @@ -2603,7 +2625,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } @@ -2711,6 +2735,7 @@ http { default upgrade; '' $default_connection_header; } + resolver example.com 127.0.0.1 valid=10s ipv6=off; resolver_timeout 15s; @@ -2759,7 +2784,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } @@ -2852,6 +2879,7 @@ http { default upgrade; '' $default_connection_header; } + resolver example.com 127.0.0.1 valid=10s ipv6=off; resolver_timeout 15s; @@ -2901,7 +2929,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } @@ -3874,6 +3904,7 @@ http { default upgrade; '' $default_connection_header; } + @@ -3922,7 +3953,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } @@ -4016,6 +4049,7 @@ http { default upgrade; '' $default_connection_header; } + @@ -4064,7 +4098,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } @@ -4158,6 +4194,7 @@ http { default upgrade; '' $default_connection_header; } + @@ -4206,7 +4243,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } @@ -4300,6 +4339,7 @@ http { default upgrade; '' $default_connection_header; } + @@ -4348,7 +4388,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } @@ -4442,6 +4484,7 @@ http { default upgrade; '' $default_connection_header; } + @@ -4490,7 +4533,9 @@ http { server { listen unix:/var/lib/nginx/nginx-418-server.sock; - access_log off;return 418; + access_log off; + + return 418; } } diff --git a/internal/configs/version1/nginx-plus.tmpl b/internal/configs/version1/nginx-plus.tmpl index baa488122e..32cd00a680 100644 --- a/internal/configs/version1/nginx-plus.tmpl +++ b/internal/configs/version1/nginx-plus.tmpl @@ -12,9 +12,6 @@ daemon off; error_log stderr {{.ErrorLogLevel}}; pid /var/lib/nginx/nginx.pid; -{{- if .OpenTracingLoadModule}} -load_module modules/ngx_http_opentracing_module.so; -{{- end}} {{- if .AppProtectLoadModule}} load_module modules/ngx_http_app_protect_module.so; {{- end}} @@ -146,12 +143,6 @@ http { ssl_dhparam {{.SSLDHParam}}; {{- end}} - {{- if .OpenTracingEnabled}} - opentracing on; - {{- end}} - {{- if .OpenTracingLoadModule}} - opentracing_load_tracer {{ .OpenTracingTracer }} /var/lib/nginx/tracer-config.json; - {{- end}} {{ $resolverIPV6HTTPBool := boolToPointerBool .ResolverIPV6 -}} {{ makeResolver .ResolverAddresses .ResolverValid $resolverIPV6HTTPBool }} {{if .ResolverTimeout}}resolver_timeout {{.ResolverTimeout}};{{end}} @@ -202,10 +193,6 @@ http { access_log off; {{end -}} - {{- if .OpenTracingEnabled}} - opentracing off; - {{- end}} - {{- if .HealthStatus}} location {{.HealthStatusURI}} { default_type text/plain; @@ -228,10 +215,6 @@ http { access_log off; - {{if .OpenTracingEnabled}} - opentracing off; - {{end}} - location = /dashboard.html { } {{if .AppProtectDosLoadModule}} @@ -256,10 +239,6 @@ http { listen unix:/var/lib/nginx/nginx-plus-api.sock; access_log off; - {{- if .OpenTracingEnabled}} - opentracing off; - {{- end}} - # $config_version_mismatch is defined in /etc/nginx/config-version.conf location /configVersionCheck { if ($config_version_mismatch) { @@ -280,10 +259,6 @@ http { listen unix:/var/lib/nginx/nginx-418-server.sock; access_log off; - {{- if .OpenTracingEnabled}} - opentracing off; - {{- end -}} - return 418; } {{- if .InternalRouteServer}}