From de9f053b47fe3c6f943cccc98b0dd3e7c23aa46e Mon Sep 17 00:00:00 2001 From: Saloni Date: Mon, 6 May 2024 14:09:52 -0600 Subject: [PATCH 1/4] add directives for SSL server blocks --- internal/mode/static/nginx/config/servers_template.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/mode/static/nginx/config/servers_template.go b/internal/mode/static/nginx/config/servers_template.go index d4ad022202..8c851c3b02 100644 --- a/internal/mode/static/nginx/config/servers_template.go +++ b/internal/mode/static/nginx/config/servers_template.go @@ -22,6 +22,7 @@ server { listen {{ $s.Port }} ssl; ssl_certificate {{ $s.SSL.Certificate }}; ssl_certificate_key {{ $s.SSL.CertificateKey }}; + proxy_ssl_server_name on; if ($ssl_server_name != $host) { return 421; From 19cd828a0509daeba418462de1328625ee889516 Mon Sep 17 00:00:00 2001 From: Saloni Date: Mon, 6 May 2024 14:58:58 -0600 Subject: [PATCH 2/4] add unit tests --- internal/mode/static/nginx/config/servers_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/mode/static/nginx/config/servers_test.go b/internal/mode/static/nginx/config/servers_test.go index 990a3a4c52..ba474f601d 100644 --- a/internal/mode/static/nginx/config/servers_test.go +++ b/internal/mode/static/nginx/config/servers_test.go @@ -61,6 +61,7 @@ func TestExecuteServers(t *testing.T) { "server_name cafe.example.com;": 2, "ssl_certificate /etc/nginx/secrets/test-keypair.pem;": 2, "ssl_certificate_key /etc/nginx/secrets/test-keypair.pem;": 2, + "proxy_ssl_server_name on;": 2, } g := NewWithT(t) serverResults := executeServers(conf) From 4c5f48aab7672493cf330647e41a5f508bef450a Mon Sep 17 00:00:00 2001 From: Saloni Date: Tue, 7 May 2024 12:10:14 -0600 Subject: [PATCH 3/4] correct location for directive --- internal/mode/static/nginx/config/servers_template.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/mode/static/nginx/config/servers_template.go b/internal/mode/static/nginx/config/servers_template.go index 8c851c3b02..cbbc36f196 100644 --- a/internal/mode/static/nginx/config/servers_template.go +++ b/internal/mode/static/nginx/config/servers_template.go @@ -22,7 +22,6 @@ server { listen {{ $s.Port }} ssl; ssl_certificate {{ $s.SSL.Certificate }}; ssl_certificate_key {{ $s.SSL.CertificateKey }}; - proxy_ssl_server_name on; if ($ssl_server_name != $host) { return 421; @@ -61,6 +60,7 @@ server { {{ $proxyOrGRPC }}_pass {{ $l.ProxyPass }}; proxy_http_version 1.1; {{- if $l.ProxySSLVerify }} + {{ $proxyOrGRPC }}_ssl_server_name on; {{ $proxyOrGRPC }}_ssl_verify on; {{ $proxyOrGRPC }}_ssl_name {{ $l.ProxySSLVerify.Name }}; {{ $proxyOrGRPC }}_ssl_trusted_certificate {{ $l.ProxySSLVerify.TrustedCertificate }}; From 694817b2e57cad698cc395cb15d1de9b5493e07d Mon Sep 17 00:00:00 2001 From: Saloni Date: Tue, 7 May 2024 12:36:54 -0600 Subject: [PATCH 4/4] update unit tests --- .../mode/static/nginx/config/servers_test.go | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/internal/mode/static/nginx/config/servers_test.go b/internal/mode/static/nginx/config/servers_test.go index ba474f601d..163b5beccd 100644 --- a/internal/mode/static/nginx/config/servers_test.go +++ b/internal/mode/static/nginx/config/servers_test.go @@ -48,6 +48,32 @@ func TestExecuteServers(t *testing.T) { KeyPairID: "test-keypair", }, Port: 8443, + PathRules: []dataplane.PathRule{ + { + Path: "/", + PathType: dataplane.PathTypePrefix, + MatchRules: []dataplane.MatchRule{ + { + Match: dataplane.Match{}, + BackendGroup: dataplane.BackendGroup{ + Source: types.NamespacedName{Namespace: "test", Name: "route1"}, + RuleIdx: 0, + Backends: []dataplane.Backend{ + { + UpstreamName: "test_foo_443", + Valid: true, + Weight: 1, + VerifyTLS: &dataplane.VerifyTLS{ + CertBundleID: "test-foo", + Hostname: "test-foo.example.com", + }, + }, + }, + }, + }, + }, + }, + }, }, }, } @@ -61,7 +87,7 @@ func TestExecuteServers(t *testing.T) { "server_name cafe.example.com;": 2, "ssl_certificate /etc/nginx/secrets/test-keypair.pem;": 2, "ssl_certificate_key /etc/nginx/secrets/test-keypair.pem;": 2, - "proxy_ssl_server_name on;": 2, + "proxy_ssl_server_name on;": 1, } g := NewWithT(t) serverResults := executeServers(conf)