fix nginx#98: allow non-standard listen ports

seletskiy · seletskiy · commit 6ced7bcbb1e5 · 2017-08-30T10:31:50.000+07:00
diff --git a/.gitignore b/.gitignore
@@ -26,6 +26,7 @@ osx-nginx-ingress
 nginx-ingress
 osx-nginx-plus-ingress
 nginx-plus-ingress
+nginx-controller/nginx-controller
 
 # NGINX Plus license files
 *.crt
diff --git a/nginx-controller/nginx/config.go b/nginx-controller/nginx/config.go
@@ -41,6 +41,9 @@ type Config struct {
 	JWTKey      string
 	JWTToken    string
 	JWTLoginURL string
+
+	Ports    []int
+	SSLPorts []int
 }
 
 // NewDefaultConfig creates a Config with default values
@@ -53,5 +56,7 @@ func NewDefaultConfig() *Config {
 		MainServerNamesHashMaxSize: "512",
 		ProxyBuffering:             true,
 		HSTSMaxAge:                 2592000,
+		Ports:                      []int{80},
+		SSLPorts:                   []int{443},
 	}
 }
diff --git a/nginx-controller/nginx/configurator.go b/nginx-controller/nginx/configurator.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"os"
+	"strconv"
 	"strings"
 
 	"github.com/golang/glog"
@@ -132,6 +133,8 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri
 			ProxyHideHeaders:      ingCfg.ProxyHideHeaders,
 			ProxyPassHeaders:      ingCfg.ProxyPassHeaders,
 			ServerSnippets:        ingCfg.ServerSnippets,
+			Ports:                 ingCfg.Ports,
+			SSLPorts:              ingCfg.SSLPorts,
 		}
 
 		if pemFile, ok := pems[serverName]; ok {
@@ -311,6 +314,15 @@ func (cnf *Configurator) createConfig(ingEx *IngressEx) Config {
 		}
 	}
 
+	ports, sslPorts := getServicesPorts(ingEx)
+	if len(ports) > 0 {
+		ingCfg.Ports = ports
+	}
+
+	if len(sslPorts) > 0 {
+		ingCfg.SSLPorts = sslPorts
+	}
+
 	return ingCfg
 }
 
@@ -405,6 +417,53 @@ func parseStickyService(service string) (serviceName string, stickyCookie string
 	return svcNameParts[1], parts[1], nil
 }
 
+func getServicesPorts(ingEx *IngressEx) ([]int, []int) {
+	ports := map[string][]int{}
+
+	annotations := []string{
+		"nginx.org/listen-ports",
+		"nginx.org/listen-ports-ssl",
+	}
+
+	for _, annotation := range annotations {
+		if values, exists := ingEx.Ingress.Annotations[annotation]; exists {
+			for _, value := range strings.Split(values, ",") {
+				if port, err := parsePort(value); err != nil {
+					glog.Errorf(
+						"In %v %s contains invalid declaration: %v, ignoring",
+						ingEx.Ingress.Name,
+						annotation,
+						err,
+					)
+				} else {
+					ports[annotation] = append(ports[annotation], port)
+				}
+			}
+		}
+	}
+
+	return ports[annotations[0]], ports[annotations[1]]
+}
+
+func parsePort(value string) (int, error) {
+	port, err := strconv.ParseInt(value, 10, 16)
+	if err != nil {
+		return 0, fmt.Errorf(
+			"Unable to parse port as integer: %s\n",
+			err,
+		)
+	}
+
+	if port <= 0 {
+		return 0, fmt.Errorf(
+			"Port number should be greater than zero: %q",
+			port,
+		)
+	}
+
+	return int(port), nil
+}
+
 func createLocation(path string, upstream Upstream, cfg *Config, websocket bool, rewrite string, ssl bool) Location {
 	loc := Location{
 		Path:                 path,
diff --git a/nginx-controller/nginx/nginx.go b/nginx-controller/nginx/nginx.go
@@ -76,6 +76,9 @@ type Server struct {
 	JWTRealm    string
 	JWTToken    string
 	JWTLoginURL string
+
+	Ports    []int
+	SSLPorts []int
 }
 
 // Location describes an NGINX location
diff --git a/nginx-controller/nginx/templates/nginx.ingress.tmpl b/nginx-controller/nginx/templates/nginx.ingress.tmpl
@@ -7,9 +7,13 @@ upstream {{$upstream.Name}} {
 
 {{range $server := .Servers}}
 server {
-	listen 80{{if $server.ProxyProtocol}} proxy_protocol{{end}};
+	{{range $port := $server.Ports}}
+	listen {{$port}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};
+	{{- end}}
 	{{if $server.SSL}}
-	listen 443 ssl{{if $server.HTTP2}} http2{{end}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};
+	{{- range $port := $server.SSLPorts}}
+	listen {{$port}} ssl{{if $server.HTTP2}} http2{{end}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};
+	{{- end}}
 	ssl_certificate {{$server.SSLCertificate}};
 	ssl_certificate_key {{$server.SSLCertificateKey}};
 	{{end}}
@@ -28,7 +32,7 @@ server {
 	proxy_pass_header {{$proxyPassHeader}};{{end}}
 	{{if $server.SSL}}
 	if ($scheme = http) {
-		return 301 https://$host$request_uri;
+		return 301 https://$host:{{index $server.SSLPorts 0}}$request_uri;
 	}
 	{{- if $server.HSTS}}
 	proxy_hide_header Strict-Transport-Security;

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,9 @@ type Config struct {`
`41`	`41`	`JWTKey string`
`42`	`42`	`JWTToken string`
`43`	`43`	`JWTLoginURL string`
	`44`	`+`
	`45`	`+ Ports []int`
	`46`	`+ SSLPorts []int`
`44`	`47`	`}`
`45`	`48`
`46`	`49`	`// NewDefaultConfig creates a Config with default values`
`@@ -53,5 +56,7 @@ func NewDefaultConfig() *Config {`
`53`	`56`	`MainServerNamesHashMaxSize: "512",`
`54`	`57`	`ProxyBuffering: true,`
`55`	`58`	`HSTSMaxAge: 2592000,`
	`59`	`+ Ports: []int{80},`
	`60`	`+ SSLPorts: []int{443},`
`56`	`61`	`}`
`57`	`62`	`}`
Original file line number	Diff line number	Diff line change
`@@ -76,6 +76,9 @@ type Server struct {`
`76`	`76`	`JWTRealm string`
`77`	`77`	`JWTToken string`
`78`	`78`	`JWTLoginURL string`
	`79`	`+`
	`80`	`+ Ports []int`
	`81`	`+ SSLPorts []int`
`79`	`82`	`}`
`80`	`83`
`81`	`84`	`// Location describes an NGINX location`