New config 'https-allow-http' of configmap for https listener allow http request

Question

New config 'https-allow-http' of configmap for https listener allow http request

lianglli opened this issue a year ago · 0 comments

A new config https-allow-http: "true" of configmap

apiVersion: v1
data:
  access-log-path: |-
    "pipe:rollback /home/admin/tengine-ingress/logs/tengine-access.log
     baknum=10 maxsize=5G interval=1d adjust=600"
  error-log-path: |-
    "pipe:rollback /home/admin/tengine-ingress/logs/tengine-error.log
     baknum=10 maxsize=2G interval=1d adjust=600"
  https-allow-http: "true"
  log-format-upstream: $request_time|$status|$upstream_status|$remote_addr|$upstream_addr|$upstream_response_time|$time_local|$request_method|$scheme|$host|$server_port|$request_uri|$body_bytes_sent|$http_referer|$http_user_agent|$proxy_add_x_forwarded_for|$http_x_forwarded_for|$http_ns_client_ip|$http_accept_language|$connection_requests|$ssl_protocol|$ssl_cipher|$ssl_session_reused|$host|$request_length|$bytes_sent|$metadata_ssl_protocols|$ingress_route_target|$http_open|
kind: ConfigMap
metadata:
  creationTimestamp: "2023-11-01T08:20:16Z"
  name: tengine-ingress-configmap-anolis-configuration
  namespace: default
  resourceVersion: "28532685"
  uid: 7d53db52-7af0-4626-a3c7-cdd7ba87e85a

listen 443 default_server reuseport backlog=4096 ssl http2 https_allow_http ;

        ## start server _
        server {
                server_name _ ;

                listen 80 default_server reuseport backlog=4096 ;
                listen [::]:80 default_server reuseport backlog=4096 ;
                listen 443 default_server reuseport backlog=4096 ssl http2 https_allow_http ;
                listen [::]:443 default_server reuseport backlog=4096 ssl http2 https_allow_http ;
                listen 443 default_server reuseport backlog=4096 xquic ;
                listen [::]:443 default_server reuseport backlog=4096 xquic ;

                ingress_gateway shm_service_cfg;
                ingress_gateway_metadata "ssl-protocols" $metadata_ssl_protocols;

                # set log host
                set $log_host $host;

                set $proxy_upstream_name "-";

                ssl_certificate_by_lua_block {
                        certificate.call()
                }

                location = /status.tengine {
                if ($host !~* "^\d{1,3}(\.\d{1,3}){3}|^status\.tengine\.com$") {
                        return 404;
                        break;
                }
                sysguard off;
                access_log off;
                root /etc/nginx/htdocs;
        }

sh-4.4# curl -i http://127.0.0.1:80/status.tengine
HTTP/1.1 200 OK
Server: Tengine/3.1.0
Date: Thu, 02 Nov 2023 03:34:31 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Thu, 02 Nov 2023 03:31:20 GMT
Connection: keep-alive
ETag: "65431808-0"
Accept-Ranges: bytes

sh-4.4# curl -i http://127.0.0.1:443/status.tengine
HTTP/1.1 200 OK
Server: Tengine/3.1.0
Date: Thu, 02 Nov 2023 03:34:35 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Thu, 02 Nov 2023 03:31:20 GMT
Connection: keep-alive
ETag: "65431808-0"
Accept-Ranges: bytes