Skip to content

Commit 1761671

Browse files
liangllilianglli
authored
Merge pull request #96 from lianglli/fix-1.0.0-bugs
Fix duplicate location robots.txt and unknown "https_use_timing" for static configuration
2 parents 94a364d + d15fe99 commit 1761671

File tree

2 files changed

+69
-52
lines changed

2 files changed

+69
-52
lines changed

rootfs/etc/nginx/apps/ssl.conf

-1
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,6 @@ if ($https_redirect_mode = '1_https') {
1919
}
2020

2121
add_header "Strict-Transport-Security" $https_use_hsts;
22-
add_header "Timing-Allow-Origin" $https_use_timing;
2322

2423
if ($https_redirect_mode = '1_http') {
2524
set $log_host "http301https.tengine.com";

rootfs/etc/nginx/template/nginx.tmpl

+69-51
Original file line numberDiff line numberDiff line change
@@ -239,6 +239,10 @@ http {
239239
large_client_header_buffers {{ $cfg.LargeClientHeaderBuffers }};
240240
client_body_buffer_size {{ $cfg.ClientBodyBufferSize }};
241241
client_body_timeout {{ $cfg.ClientBodyTimeout }}s;
242+
243+
http2_max_field_size {{ $cfg.HTTP2MaxFieldSize }};
244+
http2_max_header_size {{ $cfg.HTTP2MaxHeaderSize }};
245+
http2_max_requests {{ $cfg.HTTP2MaxRequests }};
242246
http2_max_concurrent_streams {{ $cfg.HTTP2MaxConcurrentStreams }};
243247

244248
types_hash_max_size 2048;
@@ -847,24 +851,33 @@ stream {
847851

848852
{{/* CORS support from https://michielkalkman.com/snippets/nginx-cors-open-configuration.html */}}
849853
{{ define "CORS" }}
850-
{{ $cors := .CorsConfig }}
851-
# Cors Preflight methods needs additional options and different Return Code
852-
if ($request_method = 'OPTIONS') {
853-
more_set_headers 'Access-Control-Allow-Origin: {{ $cors.CorsAllowOrigin }}';
854-
{{ if $cors.CorsAllowCredentials }} more_set_headers 'Access-Control-Allow-Credentials: {{ $cors.CorsAllowCredentials }}'; {{ end }}
855-
more_set_headers 'Access-Control-Allow-Methods: {{ $cors.CorsAllowMethods }}';
856-
more_set_headers 'Access-Control-Allow-Headers: {{ $cors.CorsAllowHeaders }}';
857-
more_set_headers 'Access-Control-Max-Age: {{ $cors.CorsMaxAge }}';
858-
more_set_headers 'Content-Type: text/plain charset=UTF-8';
859-
more_set_headers 'Content-Length: 0';
860-
return 204;
861-
}
862-
863-
more_set_headers 'Access-Control-Allow-Origin: {{ $cors.CorsAllowOrigin }}';
854+
{{ $cors := .CorsConfig }}
855+
# Cors Preflight methods needs additional options and different Return Code
856+
{{ if $cors.CorsAllowOrigin }}
857+
{{ buildCorsOriginRegex $cors.CorsAllowOrigin }}
858+
{{ end }}
859+
if ($request_method = 'OPTIONS') {
860+
set $cors ${cors}options;
861+
}
862+
863+
if ($cors = "true") {
864+
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
864865
{{ if $cors.CorsAllowCredentials }} more_set_headers 'Access-Control-Allow-Credentials: {{ $cors.CorsAllowCredentials }}'; {{ end }}
865866
more_set_headers 'Access-Control-Allow-Methods: {{ $cors.CorsAllowMethods }}';
866867
more_set_headers 'Access-Control-Allow-Headers: {{ $cors.CorsAllowHeaders }}';
868+
more_set_headers 'Access-Control-Max-Age: {{ $cors.CorsMaxAge }}';
869+
}
867870

871+
if ($cors = "trueoptions") {
872+
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
873+
{{ if $cors.CorsAllowCredentials }} more_set_headers 'Access-Control-Allow-Credentials: {{ $cors.CorsAllowCredentials }}'; {{ end }}
874+
more_set_headers 'Access-Control-Allow-Methods: {{ $cors.CorsAllowMethods }}';
875+
more_set_headers 'Access-Control-Allow-Headers: {{ $cors.CorsAllowHeaders }}';
876+
more_set_headers 'Access-Control-Max-Age: {{ $cors.CorsMaxAge }}';
877+
more_set_headers 'Content-Type: text/plain charset=UTF-8';
878+
more_set_headers 'Content-Length: 0';
879+
return 204;
880+
}
868881
{{ end }}
869882

870883
{{/* definition of server-template to avoid repetitions with server-alias */}}
@@ -905,6 +918,8 @@ stream {
905918
root /etc/nginx/htdocs;
906919
}
907920

921+
922+
908923
{{ if not (empty $server.AuthTLSError) }}
909924
# {{ $server.AuthTLSError }}
910925
return 403;
@@ -1255,42 +1270,6 @@ stream {
12551270

12561271
set $enable_cors_options_credentials "${metadata_enable_cors}_${request_method}_${metadata_cors_allow_credentials}";
12571272
set $metadata_enable_cors_credentials "${metadata_enable_cors}_${metadata_cors_allow_credentials}";
1258-
1259-
if ($enable_cors_options_credentials = "true_OPTIONS_true") {
1260-
# Cors Preflight methods needs additional options and different Return Code
1261-
more_set_headers 'Access-Control-Allow-Origin: $metadata_cors_allow_origin';
1262-
more_set_headers 'Access-Control-Allow-Credentials: $metadata_cors_allow_credentials';
1263-
more_set_headers 'Access-Control-Allow-Methods: $metadata_cors_allow_methods';
1264-
more_set_headers 'Access-Control-Allow-Headers: $metadata_cors_allow_headers';
1265-
more_set_headers 'Access-Control-Max-Age: $metadata_cors_max_age';
1266-
more_set_headers 'Content-Type: text/plain charset=UTF-8';
1267-
more_set_headers 'Content-Length: 0';
1268-
return 204;
1269-
}
1270-
1271-
if ($enable_cors_options_credentials = "true_OPTIONS_false") {
1272-
# Cors Preflight methods needs additional options and different Return Code
1273-
more_set_headers 'Access-Control-Allow-Origin: $metadata_cors_allow_origin';
1274-
more_set_headers 'Access-Control-Allow-Methods: $metadata_cors_allow_methods';
1275-
more_set_headers 'Access-Control-Allow-Headers: $metadata_cors_allow_headers';
1276-
more_set_headers 'Access-Control-Max-Age: $metadata_cors_max_age';
1277-
more_set_headers 'Content-Type: text/plain charset=UTF-8';
1278-
more_set_headers 'Content-Length: 0';
1279-
return 204;
1280-
}
1281-
1282-
if ($metadata_enable_cors_credentials = "true_true") {
1283-
more_set_headers 'Access-Control-Allow-Origin: $metadata_cors_allow_origin';
1284-
more_set_headers 'Access-Control-Allow-Credentials: $metadata_cors_allow_credentials';
1285-
more_set_headers 'Access-Control-Allow-Methods: $metadata_cors_allow_methods';
1286-
more_set_headers 'Access-Control-Allow-Headers: $metadata_cors_allow_headers';
1287-
}
1288-
1289-
if ($metadata_enable_cors_credentials = "true_false") {
1290-
more_set_headers 'Access-Control-Allow-Origin: $metadata_cors_allow_origin';
1291-
more_set_headers 'Access-Control-Allow-Methods: $metadata_cors_allow_methods';
1292-
more_set_headers 'Access-Control-Allow-Headers: $metadata_cors_allow_headers';
1293-
}
12941273
{{ end }}
12951274

12961275
{{ buildInfluxDB $location.InfluxDB }}
@@ -1371,6 +1350,44 @@ stream {
13711350
{{ $proxySetHeader }} {{ $k }} {{ $v | quote }};
13721351
{{ end }}
13731352

1353+
{{ if not $all.Cfg.TengineReload }}
1354+
if ($enable_cors_options_credentials = "true_OPTIONS_true") {
1355+
# Cors Preflight methods needs additional options and different Return Code
1356+
more_set_headers 'Access-Control-Allow-Origin: $metadata_cors_allow_origin';
1357+
more_set_headers 'Access-Control-Allow-Credentials: $metadata_cors_allow_credentials';
1358+
more_set_headers 'Access-Control-Allow-Methods: $metadata_cors_allow_methods';
1359+
more_set_headers 'Access-Control-Allow-Headers: $metadata_cors_allow_headers';
1360+
more_set_headers 'Access-Control-Max-Age: $metadata_cors_max_age';
1361+
more_set_headers 'Content-Type: text/plain charset=UTF-8';
1362+
more_set_headers 'Content-Length: 0';
1363+
return 204;
1364+
}
1365+
1366+
if ($enable_cors_options_credentials = "true_OPTIONS_false") {
1367+
# Cors Preflight methods needs additional options and different Return Code
1368+
more_set_headers 'Access-Control-Allow-Origin: $metadata_cors_allow_origin';
1369+
more_set_headers 'Access-Control-Allow-Methods: $metadata_cors_allow_methods';
1370+
more_set_headers 'Access-Control-Allow-Headers: $metadata_cors_allow_headers';
1371+
more_set_headers 'Access-Control-Max-Age: $metadata_cors_max_age';
1372+
more_set_headers 'Content-Type: text/plain charset=UTF-8';
1373+
more_set_headers 'Content-Length: 0';
1374+
return 204;
1375+
}
1376+
1377+
if ($metadata_enable_cors_credentials = "true_true") {
1378+
more_set_headers 'Access-Control-Allow-Origin: $metadata_cors_allow_origin';
1379+
more_set_headers 'Access-Control-Allow-Credentials: $metadata_cors_allow_credentials';
1380+
more_set_headers 'Access-Control-Allow-Methods: $metadata_cors_allow_methods';
1381+
more_set_headers 'Access-Control-Allow-Headers: $metadata_cors_allow_headers';
1382+
}
1383+
1384+
if ($metadata_enable_cors_credentials = "true_false") {
1385+
more_set_headers 'Access-Control-Allow-Origin: $metadata_cors_allow_origin';
1386+
more_set_headers 'Access-Control-Allow-Methods: $metadata_cors_allow_methods';
1387+
more_set_headers 'Access-Control-Allow-Headers: $metadata_cors_allow_headers';
1388+
}
1389+
{{ end }}
1390+
13741391
proxy_connect_timeout {{ $location.Proxy.ConnectTimeout }}s;
13751392
proxy_send_timeout {{ $location.Proxy.SendTimeout }}s;
13761393
proxy_read_timeout {{ $location.Proxy.ReadTimeout }}s;
@@ -1459,6 +1476,7 @@ stream {
14591476
{{ end }}
14601477
}
14611478

1479+
{{ if eq $path "/" }}
14621480
location /robots.txt {
14631481
header_filter_by_lua_block {
14641482
lua_ingress.header()
@@ -1475,7 +1493,6 @@ stream {
14751493
set $log_host "robots.tengine.com";
14761494
proxy_set_header Host $http_host;
14771495
proxy_set_header X-Request-From {{ $all.Cfg.TengineIngressAppName }};
1478-
add_header Timing-Allow-Origin $https_use_timing;
14791496

14801497
{{ if $all.Cfg.TengineReload }}
14811498
{{ if not $location.DisableRobots }}
@@ -1504,6 +1521,7 @@ stream {
15041521
}
15051522
{{ end }}
15061523
{{ end }}
1524+
{{ end }}
15071525

15081526
{{ if eq $server.Hostname "_" }}
15091527
# health checks in cloud providers require the use of port {{ $all.ListenPorts.HTTP }}

0 commit comments

Comments
 (0)