github.com/nginxinc/kubernetes-ingress@v1.12.5/internal/configs/version1/nginx.tmpl

github.com/nginxinc/kubernetes-ingress@v1.12.5/internal/configs/version1/nginx.tmpl (about)

     1  
     2  worker_processes  {{.WorkerProcesses}};
     3  {{- if .WorkerRlimitNofile}}
     4  worker_rlimit_nofile {{.WorkerRlimitNofile}};{{end}}
     5  {{- if .WorkerCPUAffinity}}
     6  worker_cpu_affinity {{.WorkerCPUAffinity}};{{end}}
     7  {{- if .WorkerShutdownTimeout}}
     8  worker_shutdown_timeout {{.WorkerShutdownTimeout}};{{end}}
     9  daemon off;
    10  
    11  error_log  stderr {{.ErrorLogLevel}};
    12  pid        /var/lib/nginx/nginx.pid;
    13  
    14  {{- if .OpenTracingLoadModule}}
    15  load_module modules/ngx_http_opentracing_module.so;
    16  {{- end}}
    17  
    18  {{- if .MainSnippets}}
    19  {{range $value := .MainSnippets}}
    20  {{$value}}{{end}}
    21  {{- end}}
    22  
    23  events {
    24      worker_connections  {{.WorkerConnections}};
    25  }
    26  
    27  http {
    28      include       /etc/nginx/mime.types;
    29      default_type  application/octet-stream;
    30  
    31      {{- if .HTTPSnippets}}
    32      {{range $value := .HTTPSnippets}}
    33      {{$value}}{{end}}
    34      {{- end}}
    35  
    36      {{if .LogFormat -}}
    37      log_format  main {{if .LogFormatEscaping}}escape={{ .LogFormatEscaping }} {{end}}
    38                       {{range $i, $value := .LogFormat -}}
    39                       {{with $value}}'{{if $i}} {{end}}{{$value}}'
    40                       {{end}}{{end}};
    41      {{- else -}}
    42      log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    43                        '$status $body_bytes_sent "$http_referer" '
    44                        '"$http_user_agent" "$http_x_forwarded_for"';
    45      {{- end}}
    46  
    47      {{if .AccessLogOff}}
    48      access_log off;
    49      {{else}}
    50      access_log  /dev/stdout  main;
    51      {{end}}
    52  
    53      {{if .LatencyMetrics}}
    54      log_format response_time '{"upstreamAddress":"$upstream_addr", "upstreamResponseTime":"$upstream_response_time", "proxyHost":"$proxy_host", "upstreamStatus": "$upstream_status"}';
    55      access_log syslog:server=unix:/var/lib/nginx/nginx-syslog.sock,nohostname,tag=nginx response_time;
    56      {{end}}
    57  
    58      sendfile        on;
    59      #tcp_nopush     on;
    60  
    61      keepalive_timeout {{.KeepaliveTimeout}};
    62      keepalive_requests {{.KeepaliveRequests}};
    63  
    64      #gzip  on;
    65  
    66      server_names_hash_max_size {{.ServerNamesHashMaxSize}};
    67      {{if .ServerNamesHashBucketSize}}server_names_hash_bucket_size {{.ServerNamesHashBucketSize}};{{end}}
    68  
    69      variables_hash_bucket_size {{.VariablesHashBucketSize}};
    70      variables_hash_max_size {{.VariablesHashMaxSize}};
    71  
    72      map $http_upgrade $connection_upgrade {
    73          default upgrade;
    74          ''      close;
    75      }
    76      map $http_upgrade $vs_connection_header {
    77          default upgrade;
    78          ''      $default_connection_header;
    79      }
    80      {{if .SSLProtocols}}ssl_protocols {{.SSLProtocols}};{{end}}
    81      {{if .SSLCiphers}}ssl_ciphers "{{.SSLCiphers}}";{{end}}
    82      {{if .SSLPreferServerCiphers}}ssl_prefer_server_ciphers on;{{end}}
    83      {{if .SSLDHParam}}ssl_dhparam {{.SSLDHParam}};{{end}}
    84  
    85      {{if .OpenTracingEnabled}}
    86      opentracing on;
    87      {{end}}
    88      {{if .OpenTracingLoadModule}}
    89      opentracing_load_tracer {{ .OpenTracingTracer }} /var/lib/nginx/tracer-config.json;
    90      {{end}}
    91  
    92      server {
    93          # required to support the Websocket protocol in VirtualServer/VirtualServerRoutes
    94          set $default_connection_header "";
    95          set $resource_type "";
    96          set $resource_name "";
    97          set $resource_namespace "";
    98          set $service "";
    99  
   100          listen 80 default_server{{if .ProxyProtocol}} proxy_protocol{{end}};
   101  
   102          {{if .TLSPassthrough}}
   103          listen unix:/var/lib/nginx/passthrough-https.sock ssl default_server{{if .HTTP2}} http2{{end}} proxy_protocol;
   104          set_real_ip_from unix:;
   105          real_ip_header proxy_protocol;
   106          {{else}}
   107          listen 443 ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};
   108          {{end}}
   109  
   110          {{if .SSLRejectHandshake}}
   111          ssl_reject_handshake on;
   112          {{else}}
   113          ssl_certificate /etc/nginx/secrets/default;
   114          ssl_certificate_key /etc/nginx/secrets/default;
   115          {{end}}
   116  
   117          {{range $setRealIPFrom := .SetRealIPFrom}}
   118          set_real_ip_from {{$setRealIPFrom}};{{end}}
   119          {{if .RealIPHeader}}real_ip_header {{.RealIPHeader}};{{end}}
   120          {{if .RealIPRecursive}}real_ip_recursive on;{{end}}
   121  
   122          server_name _;
   123          server_tokens "{{.ServerTokens}}";
   124          {{if .DefaultServerAccessLogOff}}
   125          access_log off;
   126          {{end}}
   127  
   128          {{if .OpenTracingEnabled}}
   129          opentracing off;
   130          {{end}}
   131  
   132          {{if .HealthStatus}}
   133          location {{.HealthStatusURI}} {
   134              default_type text/plain;
   135              return 200 "healthy\n";
   136          }
   137          {{end}}
   138  
   139          location / {
   140              return {{.DefaultServerReturn}};
   141          }
   142      }
   143  
   144      {{- if .NginxStatus}}
   145      # stub_status
   146      server {
   147          listen {{.NginxStatusPort}};
   148          {{range $value := .NginxStatusAllowCIDRs}}
   149          allow {{$value}};{{end}}
   150          deny all;
   151          {{if .OpenTracingEnabled}}
   152          opentracing off;
   153          {{end}}
   154          location /stub_status {
   155              stub_status;
   156          }
   157      }
   158      {{- end}}
   159  
   160      {{- if .StubStatusOverUnixSocketForOSS }}
   161      server {
   162          listen unix:/var/lib/nginx/nginx-status.sock;
   163          access_log off;
   164  
   165          {{if .OpenTracingEnabled}}
   166          opentracing off;
   167          {{end}}
   168  
   169          location /stub_status {
   170              stub_status;
   171          }
   172      }
   173      {{- end}}
   174  
   175      include /etc/nginx/config-version.conf;
   176      include /etc/nginx/conf.d/*.conf;
   177  
   178      server {
   179          listen unix:/var/lib/nginx/nginx-502-server.sock;
   180          access_log off;
   181  
   182          {{if .OpenTracingEnabled}}
   183          opentracing off;
   184          {{end}}
   185  
   186          return 502;
   187      }
   188  
   189      server {
   190          listen unix:/var/lib/nginx/nginx-418-server.sock;
   191          access_log off;
   192  
   193          {{if .OpenTracingEnabled}}
   194          opentracing off;
   195          {{end}}
   196  
   197          return 418;
   198      }
   199  }
   200  
   201  stream {
   202      {{if .StreamLogFormat -}}
   203      log_format  stream-main {{if .StreamLogFormatEscaping}}escape={{ .StreamLogFormatEscaping }} {{end}}
   204                              {{range $i, $value := .StreamLogFormat -}}
   205                              {{with $value}}'{{if $i}} {{end}}{{$value}}'
   206                              {{end}}{{end}};
   207      {{- else -}}
   208      log_format  stream-main  '$remote_addr [$time_local] '
   209                        '$protocol $status $bytes_sent $bytes_received '
   210                        '$session_time "$ssl_preread_server_name"';
   211      {{- end}}
   212  
   213      access_log  /dev/stdout  stream-main;
   214  
   215      {{range $value := .StreamSnippets}}
   216      {{$value}}{{end}}
   217  
   218      {{if .TLSPassthrough}}
   219      map $ssl_preread_server_name $dest_internal_passthrough  {
   220          default unix:/var/lib/nginx/passthrough-https.sock;
   221          include /etc/nginx/tls-passthrough-hosts.conf;
   222      }
   223  
   224      server {
   225          listen 443;
   226  
   227          ssl_preread on;
   228  
   229          proxy_protocol on;
   230          proxy_pass $dest_internal_passthrough;
   231      }
   232      {{end}}
   233  
   234      include /etc/nginx/stream-conf.d/*.conf;
   235  }