diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index 297abf777e..fae3dc9d74 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -104,6 +104,9 @@ export OPENTELEMETRY_CPP_VERSION=v1.18.0 # Check for recent changes: https://github.com/open-telemetry/opentelemetry-proto/compare/v1.5.0...main export OPENTELEMETRY_PROTO_VERSION=v1.5.0 +# http://hg.nginx.org/njs +export NGINX_NJS_VERSION="0.8.4" + export BUILD_PATH=/tmp/build ARCH=$(uname -m) @@ -271,6 +274,9 @@ get_src efb767487ea3f6031577b9b224467ddbda2ad51a41c5867a47582d4ad85d609e \ get_src d74f86ada2329016068bc5a243268f1f555edd620b6a7d6ce89295e7d6cf18da \ "https://github.com/microsoft/mimalloc/archive/${MIMALOC_VERSION}.tar.gz" "mimalloc" +get_src 8191bff8491af9169a92e30e383ef8614717b0c6d40913d83b95051031e92321 \ + "http://hg.nginx.org/njs/archive/${NGINX_NJS_VERSION}.tar.gz" "njs" + # improve compilation times CORES=$(($(grep -c ^processor /proc/cpuinfo) - 1)) @@ -489,7 +495,8 @@ WITH_MODULES=" \ --add-dynamic-module=$BUILD_PATH/nginx-http-auth-digest \ --add-dynamic-module=$BUILD_PATH/ModSecurity-nginx \ --add-dynamic-module=$BUILD_PATH/ngx_http_geoip2_module \ - --add-dynamic-module=$BUILD_PATH/ngx_brotli" + --add-dynamic-module=$BUILD_PATH/ngx_brotli \ + --add-dynamic-module=$BUILD_PATH/njs/nginx" ./configure \ --prefix=/usr/local/nginx \ diff --git a/rootfs/etc/nginx/js/nginx/ngx_srv_redirect.js b/rootfs/etc/nginx/js/nginx/ngx_srv_redirect.js new file mode 100644 index 0000000000..da1942bc8e --- /dev/null +++ b/rootfs/etc/nginx/js/nginx/ngx_srv_redirect.js @@ -0,0 +1,16 @@ +function srv_redirect(req) { + const redirectTo = req.variables.tmp_redirect_to; + + const requestUri = req.variables.request_uri.replace(/\/$/, ''); + + const useForwardedHeaders = req.variables.forwarded_headers + const xForwardedProto = req.variables.http_x_forwarded_proto; + const xForwardedPort = req.variables.http_x_forwarded_port; + + const redirectScheme = useForwardedHeaders && xForwardedProto ? xForwardedProto : req.variables.scheme; + const redirectPort = useForwardedHeaders && xForwardedPort ? xForwardedPort : req.variables.server_port; + + return `${redirectScheme}://${redirectTo}:${redirectPort}${requestUri}`; +} + +export default { srv_redirect }; \ No newline at end of file diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 6b8e750b06..b0858aa85e 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -12,6 +12,8 @@ # setup custom paths that do not require root access pid {{ .PID }}; +load_module /etc/nginx/modules/ngx_http_js_module.so; + {{ if $cfg.UseGeoIP2 }} load_module /etc/nginx/modules/ngx_http_geoip2_module.so; {{ end }} @@ -74,6 +76,10 @@ http { init_worker_by_lua_file /etc/nginx/lua/ngx_conf_init_worker.lua; + js_import /etc/nginx/js/nginx/ngx_srv_redirect.js; + + js_set $njs_srv_redirect ngx_srv_redirect.srv_redirect; + {{/* Enable the real_ip module only if we use either X-Forwarded headers or Proxy Protocol. */}} {{/* we use the value of the real IP for the geo_ip module */}} {{ if or (or $cfg.UseForwardedHeaders $cfg.UseProxyProtocol) $cfg.EnableRealIP }} @@ -572,9 +578,10 @@ http { } {{ end }} - set_by_lua_file $redirect_to /etc/nginx/lua/nginx/ngx_srv_redirect.lua {{ $redirect.To }}; + set $tmp_redirect_to '{{ $redirect.To }}'; + set $tmp_forwarded_headers '{{ $cfg.UseForwardedHeaders }}'; - return {{ $all.Cfg.HTTPRedirectCode }} $redirect_to; + return {{ $all.Cfg.HTTPRedirectCode }} $njs_srv_redirect; } ## end server {{ $redirect.From }} {{ end }} diff --git a/test/e2e/annotations/fromtowwwredirect.go b/test/e2e/annotations/fromtowwwredirect.go index a3fb3b9b5d..5d4e7af0ef 100644 --- a/test/e2e/annotations/fromtowwwredirect.go +++ b/test/e2e/annotations/fromtowwwredirect.go @@ -49,7 +49,7 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() { f.WaitForNginxConfiguration( func(cfg string) bool { return strings.Contains(cfg, `server_name www.fromtowwwredirect.bar.com;`) && - strings.Contains(cfg, `return 308 $redirect_to;`) + strings.Contains(cfg, `return 308 $njs_srv_redirect;`) }) ginkgo.By("sending request to www.fromtowwwredirect.bar.com") @@ -88,7 +88,7 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() { f.WaitForNginxServer(toHost, func(server string) bool { return strings.Contains(server, fmt.Sprintf(`server_name %v;`, toHost)) && - strings.Contains(server, `return 308 $redirect_to;`) + strings.Contains(server, `return 308 $njs_srv_redirect;`) }) ginkgo.By("sending request to www should redirect to domain")