Skip to content

Commit

Permalink
Update use of http2 listen directive to align with deprecation (#4526)
Browse files Browse the repository at this point in the history
  • Loading branch information
@shaun-nx
shaun-nx authored Oct 17, 2023
1 parent 5efe0f6 commit 6e48c61
Show file tree
Hide file tree
Showing 9 changed files with 879 additions and 24 deletions.
9 changes: 6 additions & 3 deletions internal/configs/version1/nginx-plus.ingress.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,15 +36,18 @@ server {

{{if $server.SSL}}
{{if $server.TLSPassthrough}}
listen unix:/var/lib/nginx/passthrough-https.sock ssl{{if $server.HTTP2}} http2{{end}} proxy_protocol;
listen unix:/var/lib/nginx/passthrough-https.sock ssl proxy_protocol;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
{{else}}
{{- range $port := $server.SSLPorts}}
listen {{$port}} ssl{{if $server.HTTP2}} http2{{end}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};
{{if not $server.DisableIPV6}}listen [::]:{{$port}} ssl{{if $server.HTTP2}} http2{{end}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};{{end}}
listen {{$port}} ssl{{if $server.ProxyProtocol}} proxy_protocol{{end}};
{{if not $server.DisableIPV6}}listen [::]:{{$port}} ssl{{if $server.ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{- end}}
{{end}}
{{if $server.HTTP2}}
http2 on;
{{end}}
{{if $server.SSLRejectHandshake}}
ssl_reject_handshake on;
{{else}}
Expand Down
10 changes: 7 additions & 3 deletions internal/configs/version1/nginx-plus.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,12 +157,16 @@ http {
{{if not .DisableIPV6}}listen [::]:{{ .DefaultHTTPListenerPort }} default_server{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}

{{if .TLSPassthrough}}
listen unix:/var/lib/nginx/passthrough-https.sock ssl default_server{{if .HTTP2}} http2{{end}} proxy_protocol;
listen unix:/var/lib/nginx/passthrough-https.sock ssl default_server proxy_protocol;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
{{else}}
listen {{ .DefaultHTTPSListenerPort }} ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:{{ .DefaultHTTPSListenerPort }} ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
listen {{ .DefaultHTTPSListenerPort }} ssl default_server{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:{{ .DefaultHTTPSListenerPort }} ssl default_server{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{end}}

{{if .HTTP2}}
http2 on;
{{end}}

{{if .SSLRejectHandshake}}
Expand Down
9 changes: 6 additions & 3 deletions internal/configs/version1/nginx.ingress.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,15 +26,18 @@ server {

{{if $server.SSL}}
{{if $server.TLSPassthrough}}
listen unix:/var/lib/nginx/passthrough-https.sock ssl{{if $server.HTTP2}} http2{{end}} proxy_protocol;
listen unix:/var/lib/nginx/passthrough-https.sock ssl proxy_protocol;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
{{else}}
{{- range $port := $server.SSLPorts}}
listen {{$port}} ssl{{if $server.HTTP2}} http2{{end}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};
{{if not $server.DisableIPV6}}listen [::]:{{$port}} ssl{{if $server.HTTP2}} http2{{end}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};{{end}}
listen {{$port}} ssl{{if $server.ProxyProtocol}} proxy_protocol{{end}};
{{if not $server.DisableIPV6}}listen [::]:{{$port}} ssl{{if $server.ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{- end}}
{{end}}
{{if $server.HTTP2}}
http2 on;
{{end}}
{{if $server.SSLRejectHandshake}}
ssl_reject_handshake on;
{{else}}
Expand Down
10 changes: 7 additions & 3 deletions internal/configs/version1/nginx.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,12 +110,16 @@ http {
{{if not .DisableIPV6}}listen [::]:{{ .DefaultHTTPListenerPort}} default_server{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}

{{if .TLSPassthrough}}
listen unix:/var/lib/nginx/passthrough-https.sock ssl default_server{{if .HTTP2}} http2{{end}} proxy_protocol;
listen unix:/var/lib/nginx/passthrough-https.sock ssl default_server proxy_protocol;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
{{else}}
listen {{ .DefaultHTTPSListenerPort}} ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:{{ .DefaultHTTPSListenerPort}} ssl default_server{{if .HTTP2}} http2{{end}}{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
listen {{ .DefaultHTTPSListenerPort}} ssl default_server{{if .ProxyProtocol}} proxy_protocol{{end}};
{{if not .DisableIPV6}}listen [::]:{{ .DefaultHTTPSListenerPort}} ssl default_server{{if .ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{end}}

{{if .HTTP2}}
http2 on;
{{end}}

{{if .SSLRejectHandshake}}
Expand Down
Loading

0 comments on commit 6e48c61

Please sign in to comment.