add https server support and manifests made

sarthyparty · sarthyparty · commit 8b7ae44bc8b9 · 2024-06-21T12:06:46.000-06:00
diff --git a/config/tests/static-deployment.yaml b/config/tests/static-deployment.yaml
@@ -70,6 +70,8 @@ spec:
         volumeMounts:
         - name: nginx-conf
           mountPath: /etc/nginx/conf.d
+        - name: nginx-stream-conf
+          mountPath: /etc/nginx/stream-conf.d
         - name: module-includes
           mountPath: /etc/nginx/module-includes
         - name: nginx-secrets
@@ -98,6 +100,8 @@ spec:
         volumeMounts:
         - name: nginx-conf
           mountPath: /etc/nginx/conf.d
+        - name: nginx-stream-conf
+          mountPath: /etc/nginx/stream-conf.d
         - name: module-includes
           mountPath: /etc/nginx/module-includes
         - name: nginx-secrets
@@ -119,6 +123,8 @@ spec:
       volumes:
       - name: nginx-conf
         emptyDir: {}
+      - name: nginx-stream-conf
+        emptyDir: {}
       - name: module-includes
         emptyDir: {}
       - name: nginx-secrets
diff --git a/deploy/manifests/nginx-gateway-experimental.yaml b/deploy/manifests/nginx-gateway-experimental.yaml
@@ -226,6 +226,8 @@ spec:
         volumeMounts:
         - name: nginx-conf
           mountPath: /etc/nginx/conf.d
+        - name: nginx-stream-conf
+          mountPath: /etc/nginx/stream-conf.d
         - name: module-includes
           mountPath: /etc/nginx/module-includes
         - name: nginx-secrets
@@ -254,6 +256,8 @@ spec:
         volumeMounts:
         - name: nginx-conf
           mountPath: /etc/nginx/conf.d
+        - name: nginx-stream-conf
+          mountPath: /etc/nginx/stream-conf.d
         - name: module-includes
           mountPath: /etc/nginx/module-includes
         - name: nginx-secrets
@@ -275,6 +279,8 @@ spec:
       volumes:
       - name: nginx-conf
         emptyDir: {}
+      - name: nginx-stream-conf
+        emptyDir: {}
       - name: module-includes
         emptyDir: {}
       - name: nginx-secrets
diff --git a/deploy/manifests/nginx-gateway.yaml b/deploy/manifests/nginx-gateway.yaml
@@ -222,6 +222,8 @@ spec:
         volumeMounts:
         - name: nginx-conf
           mountPath: /etc/nginx/conf.d
+        - name: nginx-stream-conf
+          mountPath: /etc/nginx/stream-conf.d
         - name: module-includes
           mountPath: /etc/nginx/module-includes
         - name: nginx-secrets
@@ -250,6 +252,8 @@ spec:
         volumeMounts:
         - name: nginx-conf
           mountPath: /etc/nginx/conf.d
+        - name: nginx-stream-conf
+          mountPath: /etc/nginx/stream-conf.d
         - name: module-includes
           mountPath: /etc/nginx/module-includes
         - name: nginx-secrets
@@ -271,6 +275,8 @@ spec:
       volumes:
       - name: nginx-conf
         emptyDir: {}
+      - name: nginx-stream-conf
+        emptyDir: {}
       - name: module-includes
         emptyDir: {}
       - name: nginx-secrets
diff --git a/deploy/manifests/nginx-plus-gateway-experimental.yaml b/deploy/manifests/nginx-plus-gateway-experimental.yaml
@@ -233,6 +233,8 @@ spec:
         volumeMounts:
         - name: nginx-conf
           mountPath: /etc/nginx/conf.d
+        - name: nginx-stream-conf
+          mountPath: /etc/nginx/stream-conf.d
         - name: module-includes
           mountPath: /etc/nginx/module-includes
         - name: nginx-secrets
@@ -261,6 +263,8 @@ spec:
         volumeMounts:
         - name: nginx-conf
           mountPath: /etc/nginx/conf.d
+        - name: nginx-stream-conf
+          mountPath: /etc/nginx/stream-conf.d
         - name: module-includes
           mountPath: /etc/nginx/module-includes
         - name: nginx-secrets
@@ -282,6 +286,8 @@ spec:
       volumes:
       - name: nginx-conf
         emptyDir: {}
+      - name: nginx-stream-conf
+        emptyDir: {}
       - name: module-includes
         emptyDir: {}
       - name: nginx-secrets
diff --git a/deploy/manifests/nginx-plus-gateway.yaml b/deploy/manifests/nginx-plus-gateway.yaml
@@ -229,6 +229,8 @@ spec:
         volumeMounts:
         - name: nginx-conf
           mountPath: /etc/nginx/conf.d
+        - name: nginx-stream-conf
+          mountPath: /etc/nginx/stream-conf.d
         - name: module-includes
           mountPath: /etc/nginx/module-includes
         - name: nginx-secrets
@@ -257,6 +259,8 @@ spec:
         volumeMounts:
         - name: nginx-conf
           mountPath: /etc/nginx/conf.d
+        - name: nginx-stream-conf
+          mountPath: /etc/nginx/stream-conf.d
         - name: module-includes
           mountPath: /etc/nginx/module-includes
         - name: nginx-secrets
@@ -278,6 +282,8 @@ spec:
       volumes:
       - name: nginx-conf
         emptyDir: {}
+      - name: nginx-stream-conf
+        emptyDir: {}
       - name: module-includes
         emptyDir: {}
       - name: nginx-secrets
diff --git a/internal/mode/static/nginx/config/http/config.go b/internal/mode/static/nginx/config/http/config.go
@@ -4,9 +4,9 @@ package http
 type Server struct {
 	SSL           *SSL
 	ServerName    string
+	Listen        string
 	Locations     []Location
 	Includes      []string
-	Port          int32
 	IsDefaultHTTP bool
 	IsDefaultSSL  bool
 	GRPC          bool
diff --git a/internal/mode/static/nginx/config/maps.go b/internal/mode/static/nginx/config/maps.go
@@ -61,6 +61,23 @@ func createStreamMaps(conf dataplane.Configuration) []*http.Map {
 		}
 	}
 
+	for _, s := range conf.SSLServers {
+		streamMap, ok := portsToMap[s.Port]
+
+		hostname := s.Hostname
+
+		if s.IsDefault {
+			hostname = "default"
+		}
+
+		if ok {
+			streamMap.Parameters = append(streamMap.Parameters, http.MapParameter{
+				Value:  hostname,
+				Result: "unix:/var/lib/nginx/" + s.Hostname + fmt.Sprint(s.Port) + ".sock",
+			})
+		}
+	}
+
 	return maps
 }
 
diff --git a/internal/mode/static/nginx/config/maps_test.go b/internal/mode/static/nginx/config/maps_test.go
@@ -259,15 +259,22 @@ func TestCreateStreamMaps(t *testing.T) {
 				UpstreamName: "backend2",
 			},
 		},
+		SSLServers: []dataplane.VirtualServer{
+			{
+				Hostname: "app.example.com",
+				Port:     8080,
+			},
+		},
 	}
 
 	maps := createStreamMaps(conf)
 	g.Expect(maps).To(HaveLen(2))
 
 	g.Expect(maps[0].Parameters).To(HaveLen(1))
-	g.Expect(maps[1].Parameters).To(HaveLen(2))
+	g.Expect(maps[1].Parameters).To(HaveLen(3))
 
 	g.Expect(maps[0].Parameters[0].Result).To(Equal("unix:/var/lib/nginx/example.com8081.sock"))
 	g.Expect(maps[1].Parameters[0].Result).To(Equal("unix:/var/lib/nginx/example.com8080.sock"))
 	g.Expect(maps[1].Parameters[1].Result).To(Equal("unix:/var/lib/nginx/cafe.example.com8080.sock"))
+	g.Expect(maps[1].Parameters[2].Result).To(Equal("unix:/var/lib/nginx/app.example.com8080.sock"))
 }
diff --git a/internal/mode/static/nginx/config/servers.go b/internal/mode/static/nginx/config/servers.go
@@ -58,7 +58,7 @@ var grpcBaseHeaders = []http.Header{
 }
 
 func executeServers(conf dataplane.Configuration) []executeResult {
-	servers, httpMatchPairs := createServers(conf.HTTPServers, conf.SSLServers)
+	servers, httpMatchPairs := createServers(conf.HTTPServers, conf.SSLServers, conf.TLSServers)
 
 	serverResult := executeResult{
 		dest: httpConfigFile,
@@ -141,30 +141,47 @@ func createIncludes(additions []dataplane.Addition) []string {
 	return includes
 }
 
-func createServers(httpServers, sslServers []dataplane.VirtualServer) ([]http.Server, httpMatchPairs) {
+func createServers(
+	httpServers, sslServers []dataplane.VirtualServer,
+	tlsServers []dataplane.Layer4Server,
+) ([]http.Server, httpMatchPairs) {
 	servers := make([]http.Server, 0, len(httpServers)+len(sslServers))
 	finalMatchPairs := make(httpMatchPairs)
 
+	ports := map[int32]bool{}
+
+	for _, tlsServer := range tlsServers {
+		ports[tlsServer.Port] = true
+	}
+
 	for serverID, s := range httpServers {
 		httpServer, matchPairs := createServer(s, serverID)
 		servers = append(servers, httpServer)
 		maps.Copy(finalMatchPairs, matchPairs)
 	}
 
 	for serverID, s := range sslServers {
-		sslServer, matchPair := createSSLServer(s, serverID)
+		sslServer, matchPair := createSSLServer(s, serverID, ports[s.Port])
 		servers = append(servers, sslServer)
 		maps.Copy(finalMatchPairs, matchPair)
 	}
 
 	return servers, finalMatchPairs
 }
 
-func createSSLServer(virtualServer dataplane.VirtualServer, serverID int) (http.Server, httpMatchPairs) {
+func createSSLServer(
+	virtualServer dataplane.VirtualServer,
+	serverID int,
+	useSocket bool,
+) (http.Server, httpMatchPairs) {
+	listen := fmt.Sprint(virtualServer.Port)
+	if useSocket {
+		listen = "unix:/var/lib/nginx/" + virtualServer.Hostname + fmt.Sprint(virtualServer.Port) + ".sock"
+	}
 	if virtualServer.IsDefault {
 		return http.Server{
 			IsDefaultSSL: true,
-			Port:         virtualServer.Port,
+			Listen:       listen,
 		}, nil
 	}
 
@@ -177,17 +194,19 @@ func createSSLServer(virtualServer dataplane.VirtualServer, serverID int) (http.
 			CertificateKey: generatePEMFileName(virtualServer.SSL.KeyPairID),
 		},
 		Locations: locs,
-		Port:      virtualServer.Port,
 		GRPC:      grpc,
 		Includes:  createIncludes(virtualServer.Additions),
+		Listen:    listen,
 	}, matchPairs
 }
 
 func createServer(virtualServer dataplane.VirtualServer, serverID int) (http.Server, httpMatchPairs) {
+	listen := fmt.Sprint(virtualServer.Port)
+
 	if virtualServer.IsDefault {
 		return http.Server{
 			IsDefaultHTTP: true,
-			Port:          virtualServer.Port,
+			Listen:        listen,
 		}, nil
 	}
 
@@ -196,7 +215,7 @@ func createServer(virtualServer dataplane.VirtualServer, serverID int) (http.Ser
 	return http.Server{
 		ServerName: virtualServer.Hostname,
 		Locations:  locs,
-		Port:       virtualServer.Port,
+		Listen:     listen,
 		GRPC:       grpc,
 		Includes:   createIncludes(virtualServer.Additions),
 	}, matchPairs
diff --git a/internal/mode/static/nginx/config/servers_template.go b/internal/mode/static/nginx/config/servers_template.go
@@ -5,29 +5,29 @@ js_preload_object matches from /etc/nginx/conf.d/matches.json;
 {{- range $s := . -}}
     {{ if $s.IsDefaultSSL -}}
 server {
-    listen {{ $s.Port }} ssl default_server;
+    listen {{ $s.Listen }} ssl default_server;
 
     ssl_reject_handshake on;
 }
     {{- else if $s.IsDefaultHTTP }}
 server {
-    listen {{ $s.Port }} default_server;
+    listen {{ $s.Listen }} default_server;
 
     default_type text/html;
     return 404;
 }
     {{- else }}
 server {
         {{- if $s.SSL }}
-    listen {{ $s.Port }} ssl;
+    listen {{ $s.Listen }} ssl;
     ssl_certificate {{ $s.SSL.Certificate }};
     ssl_certificate_key {{ $s.SSL.CertificateKey }};
 
     if ($ssl_server_name != $host) {
         return 421;
     }
         {{- else }}
-    listen {{ $s.Port }};
+    listen {{ $s.Listen }};
         {{- end }}
 
     server_name {{ $s.ServerName }};
diff --git a/internal/mode/static/nginx/config/servers_test.go b/internal/mode/static/nginx/config/servers_test.go
@@ -1024,12 +1024,12 @@ func TestCreateServers(t *testing.T) {
 	expectedServers := []http.Server{
 		{
 			IsDefaultHTTP: true,
-			Port:          8080,
+			Listen:        "8080",
 		},
 		{
 			ServerName: "cafe.example.com",
 			Locations:  getExpectedLocations(false),
-			Port:       8080,
+			Listen:     "8080",
 			GRPC:       true,
 			Includes: []string{
 				includesFolder + "/server-addition-1.conf",
@@ -1038,7 +1038,7 @@ func TestCreateServers(t *testing.T) {
 		},
 		{
 			IsDefaultSSL: true,
-			Port:         8443,
+			Listen:       "8443",
 		},
 		{
 			ServerName: "cafe.example.com",
@@ -1047,7 +1047,7 @@ func TestCreateServers(t *testing.T) {
 				CertificateKey: expectedPEMPath,
 			},
 			Locations: getExpectedLocations(true),
-			Port:      8443,
+			Listen:    "8443",
 			GRPC:      true,
 			Includes: []string{
 				includesFolder + "/server-addition-1.conf",
@@ -1058,7 +1058,7 @@ func TestCreateServers(t *testing.T) {
 
 	g := NewWithT(t)
 
-	result, httpMatchPair := createServers(httpServers, sslServers)
+	result, httpMatchPair := createServers(httpServers, sslServers, []dataplane.Layer4Server{})
 
 	g.Expect(httpMatchPair).To(Equal(allExpMatchPair))
 	g.Expect(helpers.Diff(expectedServers, result)).To(BeEmpty())
@@ -1256,18 +1256,18 @@ func TestCreateServersConflicts(t *testing.T) {
 			expectedServers := []http.Server{
 				{
 					IsDefaultHTTP: true,
-					Port:          8080,
+					Listen:        "8080",
 				},
 				{
 					ServerName: "cafe.example.com",
 					Locations:  test.expLocs,
-					Port:       8080,
+					Listen:     "8080",
 				},
 			}
 
 			g := NewWithT(t)
 
-			result, _ := createServers(httpServers, []dataplane.VirtualServer{})
+			result, _ := createServers(httpServers, []dataplane.VirtualServer{}, []dataplane.Layer4Server{})
 			g.Expect(helpers.Diff(expectedServers, result)).To(BeEmpty())
 		})
 	}
