Skip to content
This repository was archived by the owner on Apr 17, 2019. It is now read-only.

Ingress Not Forwarding to sub routes #935

Closed
sekka1 opened this issue May 9, 2016 · 7 comments
Closed

Ingress Not Forwarding to sub routes #935

sekka1 opened this issue May 9, 2016 · 7 comments

Comments

@sekka1
Copy link

sekka1 commented May 9, 2016

I am using this Ingress gcr.io/google_containers/nginx-ingress-controller:0.61 and it is not forwarding to sub routes such as /eventData or /api/v1/sdkErrors. Those routes are returning the default 404 backend. However the root / route works.

Ingress yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  creationTimestamp: 2016-03-28T22:20:47Z
  generation: 1
  name: ticket-test
spec:
  rules:
  - host: ticket.test.com
    http:
      paths:
      - backend:
          serviceName: aa-test-http-server-svc
          servicePort: 80
        path: /
      - backend:
          serviceName: aa-test-http-server-svc
          servicePort: 80
        path: /eventData
      - backend:
          serviceName: aa-test-http-server-svc
          servicePort: 80
        path: /api/v1/sdkErrors
      - backend:
          serviceName: aa-test-http-server-svc
          servicePort: 80
        path: /tpat
status:
  loadBalancer: {}

nginx.conf in the ingress pod:


# configuration file /etc/nginx/nginx.conf:

daemon off;

worker_processes 16;

pid /run/nginx.pid;

worker_rlimit_nofile 131072;

pcre_jit on;

events {
    multi_accept        on;
    worker_connections  16384;
    use                 epoll; 
}

http {
    vhost_traffic_status_zone shared:vhost_traffic_status:10m;

    # lus sectrion to return proper error codes when custom pages are used
    lua_package_path '.?.lua;./etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/lua-resty-http/lib/?.lua;';
    init_by_lua_block {        
        require("error_page")
    }

    sendfile            on;
    aio                 threads;
    tcp_nopush          on;
    tcp_nodelay         on;

    log_subrequest      on;

    reset_timedout_connection on;

    keepalive_timeout 75s;

    types_hash_max_size 2048;
    server_names_hash_max_size 512;
    server_names_hash_bucket_size 100;

    include /etc/nginx/mime.types;
    default_type text/html;

    gzip on;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component;    
    gzip_proxied any;
    gzip_vary on;


    client_max_body_size "2000m";



    log_format upstreaminfo '$remote_addr - '
        '[$proxy_add_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" '
        '$request_length $request_time $upstream_addr $upstream_response_length $upstream_response_time $upstream_status';

    access_log /var/log/nginx/access.log upstreaminfo;
    error_log  /var/log/nginx/error.log notice;

    # Custom dns resolver.
    resolver 172.16.0.2 valid=30s;


    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    # trust http_x_forwarded_proto headers correctly indicate ssl offloading
    map $http_x_forwarded_proto $pass_access_scheme {
      default $http_x_forwarded_proto;
      ''      $scheme;
    }

    # Map a response error watching the header Content-Type
    map $http_accept $httpAccept {
        default          html;
        application/json json;
        application/xml  xml;
        text/plain       text;
    }

    map $httpAccept $httpReturnType {
        default          text/html;
        json             application/json;
        xml              application/xml;
        text             text/plain;
    }

    server_name_in_redirect off;
    port_in_redirect off;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    # turn on session caching to drastically improve performance

    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_session_timeout 10m;


    # allow configuring ssl session tickets
    ssl_session_tickets on;

    # slightly reduce the time-to-first-byte
    ssl_buffer_size 4k;


    # allow configuring custom ssl ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;




    # Custom error pages
    proxy_intercept_errors on;

    error_page 403 = @custom_403;
    error_page 404 = @custom_404;
    error_page 405 = @custom_405;
    error_page 408 = @custom_408;
    error_page 413 = @custom_413;
    error_page 501 = @custom_501;
    error_page 502 = @custom_502;
    error_page 503 = @custom_503;
    error_page 504 = @custom_504;

    # In case of errors try the next upstream server before returning an error
    proxy_next_upstream                     error timeout invalid_header http_502 http_503 http_504 ;


    upstream prod-aa-test-http-server-svc-80 {

        least_conn;

        server 10.20.162.16:3000;
        server 10.20.238.9:3000;
        server 10.20.51.17:3000;

    }

    upstream upstream-default-backend {

        least_conn;

        server 10.20.145.5:8080;
        server 10.20.166.12:8080;
        server 10.20.183.5:8080;

    }



    server {
        listen 80;


        server_name _;




        location / {
            proxy_set_header Host                   $host;

            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;

            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;

            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $host;
            proxy_set_header X-Forwarded-Port       $server_port;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;

            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;

            proxy_redirect                          off;
            proxy_buffering                         off;

            proxy_http_version                      1.1;

            proxy_pass http://upstream-default-backend;
        }



        # this is required to avoid error if nginx is being monitored
        # with an external software (like sysdig)
        location /nginx_status {
            allow 127.0.0.1;
            deny all;

            access_log off;
            stub_status on;
        }


        location @custom_403 {
            internal;
            content_by_lua_block {
                openURL(403)
            }
        }

        location @custom_404 {
            internal;
            content_by_lua_block {
                openURL(404)
            }
        }

        location @custom_405 {
            internal;
            content_by_lua_block {
                openURL(405)
            }
        }

        location @custom_408 {
            internal;
            content_by_lua_block {
                openURL(408)
            }
        }

        location @custom_413 {
            internal;
            content_by_lua_block {
                openURL(413)
            }
        }

        location @custom_502 {
            internal;
            content_by_lua_block {
                openURL(502)
            }
        }

        location @custom_503 {
            internal;
            content_by_lua_block {
                openURL(503)
            }
        }

        location @custom_504 {
            internal;
            content_by_lua_block {
                openURL(504)
            }
        }

    }

    server {
        listen 80;


        server_name test-http-server-prod1-prod.kube-prod1.vungle.io;




        location / {
            proxy_set_header Host                   $host;

            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;

            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;

            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $host;
            proxy_set_header X-Forwarded-Port       $server_port;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;

            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;

            proxy_redirect                          off;
            proxy_buffering                         off;

            proxy_http_version                      1.1;

            proxy_pass http://prod-aa-test-http-server-svc-80;
        }




        location @custom_403 {
            internal;
            content_by_lua_block {
                openURL(403)
            }
        }

        location @custom_404 {
            internal;
            content_by_lua_block {
                openURL(404)
            }
        }

        location @custom_405 {
            internal;
            content_by_lua_block {
                openURL(405)
            }
        }

        location @custom_408 {
            internal;
            content_by_lua_block {
                openURL(408)
            }
        }

        location @custom_413 {
            internal;
            content_by_lua_block {
                openURL(413)
            }
        }

        location @custom_502 {
            internal;
            content_by_lua_block {
                openURL(502)
            }
        }

        location @custom_503 {
            internal;
            content_by_lua_block {
                openURL(503)
            }
        }

        location @custom_504 {
            internal;
            content_by_lua_block {
                openURL(504)
            }
        }

    }

    server {
        listen 80;


        server_name ticket.test.com;


        location / {
            proxy_set_header Host                   $host;

            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;

            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;

            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $host;
            proxy_set_header X-Forwarded-Port       $server_port;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;

            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;

            proxy_redirect                          off;
            proxy_buffering                         off;

            proxy_http_version                      1.1;

            proxy_pass http://prod-aa-test-http-server-svc-80;
        }



        location /api/v1/sdkErrors {
            proxy_set_header Host                   $host;

            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;

            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;

            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $host;
            proxy_set_header X-Forwarded-Port       $server_port;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;

            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;

            proxy_redirect                          off;
            proxy_buffering                         off;

            proxy_http_version                      1.1;

            proxy_pass http://prod-aa-test-http-server-svc-80;
        }

        location /eventData {
            proxy_set_header Host                   $host;

            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;

            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;

            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $host;
            proxy_set_header X-Forwarded-Port       $server_port;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;

            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;

            proxy_redirect                          off;
            proxy_buffering                         off;

            proxy_http_version                      1.1;

            proxy_pass http://prod-aa-test-http-server-svc-80;
        }

        location /tpat {
            proxy_set_header Host                   $host;

            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;

            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;

            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $host;
            proxy_set_header X-Forwarded-Port       $server_port;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;

            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;

            proxy_redirect                          off;
            proxy_buffering                         off;

            proxy_http_version                      1.1;

            proxy_pass http://prod-aa-test-http-server-svc-80;
        }




        location @custom_403 {
            internal;
            content_by_lua_block {
                openURL(403)
            }
        }

        location @custom_404 {
            internal;
            content_by_lua_block {
                openURL(404)
            }
        }

        location @custom_405 {
            internal;
            content_by_lua_block {
                openURL(405)
            }
        }

        location @custom_408 {
            internal;
            content_by_lua_block {
                openURL(408)
            }
        }

        location @custom_413 {
            internal;
            content_by_lua_block {
                openURL(413)
            }
        }

        location @custom_502 {
            internal;
            content_by_lua_block {
                openURL(502)
            }
        }

        location @custom_503 {
            internal;
            content_by_lua_block {
                openURL(503)
            }
        }

        location @custom_504 {
            internal;
            content_by_lua_block {
                openURL(504)
            }
        }

    }


    # default server, including healthcheck
    server {
        listen 8080 default_server reuseport;

        location /healthz {
            access_log off;
            return 200;
        }

        location /nginx_status {

            vhost_traffic_status_display;
            vhost_traffic_status_display_format html;

        }

        location / {
            proxy_pass             http://upstream-default-backend;
        }

        location @custom_403 {
            internal;
            content_by_lua_block {
                openURL(403)
            }
        }

        location @custom_404 {
            internal;
            content_by_lua_block {
                openURL(404)
            }
        }

        location @custom_405 {
            internal;
            content_by_lua_block {
                openURL(405)
            }
        }

        location @custom_408 {
            internal;
            content_by_lua_block {
                openURL(408)
            }
        }

        location @custom_413 {
            internal;
            content_by_lua_block {
                openURL(413)
            }
        }

        location @custom_502 {
            internal;
            content_by_lua_block {
                openURL(502)
            }
        }

        location @custom_503 {
            internal;
            content_by_lua_block {
                openURL(503)
            }
        }

        location @custom_504 {
            internal;
            content_by_lua_block {
                openURL(504)
            }
        }

    }

    # default server for services without endpoints
    server {
        listen 8181;

        location / {
            content_by_lua_block {
                openURL(503)
            }
        }        
    }    
}

stream {
# TCP services


# UDP services

}




# configuration file /etc/nginx/mime.types:

types {
    text/html                             html htm shtml;
    text/css                              css;
    text/xml                              xml;
    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    application/javascript                js;
    application/atom+xml                  atom;
    application/rss+xml                   rss;

    text/mathml                           mml;
    text/plain                            txt;
    text/vnd.sun.j2me.app-descriptor      jad;
    text/vnd.wap.wml                      wml;
    text/x-component                      htc;

    image/png                             png;
    image/tiff                            tif tiff;
    image/vnd.wap.wbmp                    wbmp;
    image/x-icon                          ico;
    image/x-jng                           jng;
    image/x-ms-bmp                        bmp;
    image/svg+xml                         svg svgz;
    image/webp                            webp;

    application/font-woff                 woff;
    application/java-archive              jar war ear;
    application/json                      json;
    application/mac-binhex40              hqx;
    application/msword                    doc;
    application/pdf                       pdf;
    application/postscript                ps eps ai;
    application/rtf                       rtf;
    application/vnd.apple.mpegurl         m3u8;
    application/vnd.ms-excel              xls;
    application/vnd.ms-fontobject         eot;
    application/vnd.ms-powerpoint         ppt;
    application/vnd.wap.wmlc              wmlc;
    application/vnd.google-earth.kml+xml  kml;
    application/vnd.google-earth.kmz      kmz;
    application/x-7z-compressed           7z;
    application/x-cocoa                   cco;
    application/x-java-archive-diff       jardiff;
    application/x-java-jnlp-file          jnlp;
    application/x-makeself                run;
    application/x-perl                    pl pm;
    application/x-pilot                   prc pdb;
    application/x-rar-compressed          rar;
    application/x-redhat-package-manager  rpm;
    application/x-sea                     sea;
    application/x-shockwave-flash         swf;
    application/x-stuffit                 sit;
    application/x-tcl                     tcl tk;
    application/x-x509-ca-cert            der pem crt;
    application/x-xpinstall               xpi;
    application/xhtml+xml                 xhtml;
    application/xspf+xml                  xspf;
    application/zip                       zip;

    application/octet-stream              bin exe dll;
    application/octet-stream              deb;
    application/octet-stream              dmg;
    application/octet-stream              iso img;
    application/octet-stream              msi msp msm;

    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;

    audio/midi                            mid midi kar;
    audio/mpeg                            mp3;
    audio/ogg                             ogg;
    audio/x-m4a                           m4a;
    audio/x-realaudio                     ra;

    video/3gpp                            3gpp 3gp;
    video/mp2t                            ts;
    video/mp4                             mp4;
    video/mpeg                            mpeg mpg;
    video/quicktime                       mov;
    video/webm                            webm;
    video/x-flv                           flv;
    video/x-m4v                           m4v;
    video/x-mng                           mng;
    video/x-ms-asf                        asx asf;
    video/x-ms-wmv                        wmv;
    video/x-msvideo                       avi;
}
@aledbf
Copy link
Contributor

aledbf commented May 9, 2016

@sekka1 this issue is fixed in #898 (not published yet).
The issue here is that the order of the / location must be the last one.
Same thing for overlapped locations like /dir1/dir2/dir3, /dir1/dir2, /dir1.

@sekka1
Copy link
Author

sekka1 commented May 9, 2016

@aledbf cool...when will the new container show up? Is there a place to find a list of these ingress containers? I had to ask in the git issues here to find out that this gcr.io/google_containers/nginx-ingress-controller:0.61 was one of the latest ingress containers.

@bprashanth
Copy link

Yep you can find out from https://github.com/kubernetes/contrib/blob/master/ingress/controllers/nginx/Makefile#L4 what the lastest is. We'll move Ingress out into a seperate repo and at that point should do more regular releases. Can we close this out?

@sekka1
Copy link
Author

sekka1 commented May 11, 2016

Yes, thanks.

@sekka1 sekka1 closed this as completed May 11, 2016
@sekka1
Copy link
Author

sekka1 commented May 12, 2016

I dont think this issue is fixed in #898 or maybe it is another issue. I have recompiled and created a new ingress with the code from master. I can see the change of the re-ordering of the location routes putting the / route at the end now. However it does not forward to all routes still.

Here is my ingress config. Using the real one this time (changed the domain name)

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: dataingestion
spec:
  rules:
  - host: ingest.example.com
    http:
      paths:
      - backend:
          serviceName: dataingestioneventdata
          servicePort: 80
        path: /eventData
      - backend:
          serviceName: dataingestionsdk
          servicePort: 80
        path: /api/v1/sdkErrors
      - backend:
          serviceName: dataingestiontpat
          servicePort: 80
        path: /tpat

All routes except for /api/v1/sdkErrors works.

Not getting why and trying to troubleshoot i copied the nginx.conf file that the ingress generates and loaded it up locally into the nginx container on docker hub:

docker run -v nginx-kube-config.conf:/etc/nginx/nginx.conf:ro -p 80:80  nginx:stable

With this i can get to all three routes. So this is even more odd to me on why it does work in the kube pod while it works locally. It is basically the same nginx.conf.

I even tried with the container nginx container ive built for the kube and it works also.

Hopefully someone that knows nginx better than I do can see the what is wrong here.

Here is the nginx.conf file from my kube pod that i used locally. I had to remove some of the directives like the vhost status modules and the custom error routes b/c it is not loaded into the nginx container i downloaded from Docker hub.



worker_processes 16;


pid /run/nginx.pid;

worker_rlimit_nofile 131072;

pcre_jit on;

events {
    multi_accept        on;
    worker_connections  16384;
    use                 epoll; 
}

http {


    sendfile            on;
    aio                 threads;
    tcp_nopush          on;
    tcp_nodelay         on;

    log_subrequest      on;

    reset_timedout_connection on;

    keepalive_timeout 75s;

    types_hash_max_size 2048;
    server_names_hash_max_size 512;
    server_names_hash_bucket_size 100;

    include /etc/nginx/mime.types;
    default_type text/html;

    gzip on;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component;    
    gzip_proxied any;
    gzip_vary on;


    client_max_body_size "2000m";



    log_format upstreaminfo '$remote_addr - '
        '[$proxy_add_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" '
        '$request_length $request_time $upstream_addr $upstream_response_length $upstream_response_time $upstream_status';

    access_log /var/log/nginx/access.log upstreaminfo;
    error_log  /var/log/nginx/error.log notice;

    # Custom dns resolver.
    resolver 172.16.0.2 valid=30s;


    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    # trust http_x_forwarded_proto headers correctly indicate ssl offloading
    map $http_x_forwarded_proto $pass_access_scheme {
      default $http_x_forwarded_proto;
      ''      $scheme;
    }

    # Map a response error watching the header Content-Type
    map $http_accept $httpAccept {
        default          html;
        application/json json;
        application/xml  xml;
        text/plain       text;
    }

    map $httpAccept $httpReturnType {
        default          text/html;
        json             application/json;
        xml              application/xml;
        text             text/plain;
    }

    server_name_in_redirect off;
    port_in_redirect off;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    # turn on session caching to drastically improve performance

    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_session_timeout 10m;


    # allow configuring ssl session tickets
    ssl_session_tickets on;

    # slightly reduce the time-to-first-byte
    ssl_buffer_size 4k;


    # allow configuring custom ssl ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;




    # Custom error pages
    proxy_intercept_errors on;

    error_page 403 = @custom_403;
    error_page 404 = @custom_404;
    error_page 405 = @custom_405;
    error_page 408 = @custom_408;
    error_page 413 = @custom_413;
    error_page 501 = @custom_501;
    error_page 502 = @custom_502;
    error_page 503 = @custom_503;
    error_page 504 = @custom_504;

    # In case of errors try the next upstream server before returning an error
    proxy_next_upstream                     error timeout invalid_header http_502 http_503 http_504 ;



    upstream prod-dataingestioneventdata-80 {

        least_conn;

        server 10.20.102.5:8080;
        server 10.20.135.5:8080;
        server 10.20.14.4:8080;
        server 10.20.191.6:8080;
        server 10.20.39.5:8080;
        server 10.20.64.5:8080;
        server 10.20.67.4:8080;
        server 10.20.69.5:8080;
        server 10.20.80.5:8080;
        server 10.20.84.4:8080;

    }

    upstream prod-dataingestionsdk-80 {

        least_conn;

        server 10.20.102.6:8080;
        server 10.20.135.6:8080;
        server 10.20.145.6:8080;
        server 10.20.192.5:8080;
        server 10.20.69.6:8080;

    }

    upstream prod-dataingestiontpat-80 {

        least_conn;

        server 10.20.102.4:8080;
        server 10.20.119.12:8080;
        server 10.20.119.13:8080;
        server 10.20.127.7:8080;
        server 10.20.135.4:8080;
        server 10.20.14.8:8080;
        server 10.20.145.4:8080;
        server 10.20.147.4:8080;
        server 10.20.16.6:8080;
        server 10.20.169.10:8080;
        server 10.20.173.4:8080;
        server 10.20.183.4:8080;
        server 10.20.183.6:8080;
        server 10.20.191.4:8080;
        server 10.20.192.4:8080;
        server 10.20.49.4:8080;
        server 10.20.49.5:8080;
        server 10.20.60.14:8080;
        server 10.20.64.4:8080;
        server 10.20.67.10:8080;
        server 10.20.67.6:8080;
        server 10.20.69.4:8080;
        server 10.20.69.7:8080;
        server 10.20.70.9:8080;
        server 10.20.77.4:8080;
        server 10.20.77.5:8080;
        server 10.20.80.4:8080;
        server 10.20.85.4:8080;
        server 10.20.85.5:8080;

    }


    upstream upstream-default-backend {

        least_conn;

        server 10.20.84.5:80;

    }



    server {
        listen 80;


        server_name _;




        location / {
            proxy_set_header Host                   $host;

            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;

            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;

            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $host;
            proxy_set_header X-Forwarded-Port       $server_port;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;

            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;

            proxy_redirect                          off;
            proxy_buffering                         off;

            proxy_http_version                      1.1;

            proxy_pass http://upstream-default-backend;
        }



        # this is required to avoid error if nginx is being monitored
        # with an external software (like sysdig)
        location /nginx_status {
            allow 127.0.0.1;
            deny all;

            access_log off;
            stub_status on;
        }


    }




    server {
        listen 80;


        server_name ingest.example.com;




        location /tpat {
            proxy_set_header Host                   $host;

            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;

            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;

            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $host;
            proxy_set_header X-Forwarded-Port       $server_port;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;

            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;

            proxy_redirect                          off;
            proxy_buffering                         off;

            proxy_http_version                      1.1;

            proxy_pass http://prod-dataingestiontpat-80;
        }

        location /eventData {
            proxy_set_header Host                   $host;

            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;

            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;

            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $host;
            proxy_set_header X-Forwarded-Port       $server_port;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;

            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;

            proxy_redirect                          off;
            proxy_buffering                         off;

            proxy_http_version                      1.1;

            proxy_pass http://prod-dataingestioneventdata-80;
        }

        location /api/v1/sdkErrors {
            proxy_set_header Host                   $host;

            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;

            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;

            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $host;
            proxy_set_header X-Forwarded-Port       $server_port;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;

            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;

            proxy_redirect                          off;
            proxy_buffering                         off;

            proxy_http_version                      1.1;

            proxy_pass http://prod-dataingestionsdk-80;
        }

        location / {
            proxy_set_header Host                   $host;

            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;

            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;

            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $host;
            proxy_set_header X-Forwarded-Port       $server_port;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;

            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;

            proxy_redirect                          off;
            proxy_buffering                         off;

            proxy_http_version                      1.1;

            proxy_pass http://upstream-default-backend;
        }




    }






    # default server, including healthcheck
    server {
        listen 8080 default_server reuseport;

        location /healthz {
            access_log off;
            return 200;
        }

        location /nginx_status {


        }

        location / {
            proxy_pass             http://upstream-default-backend;
        }

    }

    # default server for services without endpoints
    server {
        listen 8181;
    }    
}

stream {
# TCP services


# UDP services

}

This is how i test it out locally and when Kube launches it:

curl -H 'Host: ingest.example.com' -v localhost/api/v1/sdkErrors

@sekka1 sekka1 reopened this May 12, 2016
@sekka1 sekka1 closed this as completed May 18, 2016
@rsmitty
Copy link
Contributor

rsmitty commented May 20, 2016

Sorry to resurrect the dead here, but is there a way that we can get this new nginx-ingress-controller image built? The pull request has been merged into master for a while.

@bprashanth
Copy link

If there's an image later than 0.61 please update the makefile and I can push it.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@aledbf @sekka1 @rsmitty @bprashanth