Commit 04f17008 authored by Sigmund Augdal's avatar Sigmund Augdal

Use environment variables directly from lua rather than envsubst-ing then into nginx variables

Also gets rid of the need for a server_name variable
parent 57b7051d
Pipeline #1626 passed with stage
in 2 minutes and 26 seconds
FROM uninett-docker-uninett.bintray.io/jessie/minbase
RUN install_packages.sh nginx-extras gettext lua-cjson
RUN install_packages.sh nginx-extras lua-cjson
COPY lua /usr/local/share/lua/5.1/
COPY nginx /etc/nginx/
COPY nginx/nginx.conf /etc/nginx/
COPY nginx/site.conf /etc/nginx/sites-enabled/default
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
ENV memcache=memcache
......
#! /bin/sh
export dollar='$'
export namespace="$(cat /run/secrets/kubernetes.io/serviceaccount/namespace)"
cat /etc/nginx/site.conf|envsubst>/etc/nginx/sites-enabled/default
exec "$@"
local returnTo = ngx.req.get_uri_args().ReturnTo
if not returnTo then
returnTo = ngx.var.scheme .. '://' .. ngx.var.host .. '/'
end
local authServer = os.getenv('auth_server')
local action = ngx.var.action
ngx.redirect('https://' .. authServer .. '/sp/' .. action .. '/?ReturnTo=' .. returnTo)
......@@ -72,8 +72,8 @@ function memcGetMultiple(hosta, hostb, port, key)
end
function memcache_server(index)
local domain = '.' .. ngx.var.namespace .. '.svc.cluster.local'
local memcache_service = ngx.var.memcache
local domain = '.' .. os.getenv('namespace') .. '.svc.cluster.local'
local memcache_service = os.getenv('memcache')
return memcache_service .. '-' .. index .. '.' .. memcache_service .. domain
end
......@@ -122,7 +122,7 @@ clearHeaders()
local feide_data = userData()
if not feide_data then
if ngx.var.feide_mode == 'info' then
if os.getenv('feide_mode') == 'info' then
return
else
local res = ngx.req.set_uri("/login", true)
......
server {
listen 80 default_server;
server_name ${server_name};
resolver 172.16.0.10;
set_by_lua $upstream_port 'return os.getenv("upstream_port")';
location / {
proxy_pass http://localhost:${upstream_port};
set ${dollar}feide_mode '${feide_mode}';
set ${dollar}namespace '${namespace}';
set ${dollar}memcache '${memcache}';
rewrite_by_lua_file /usr/local/share/lua/5.1/feide.lua;
}
......@@ -15,10 +12,12 @@ server {
}
location /logout {
return 303 https://${auth_server}/sp/logout/?ReturnTo=https://${server_name}/;
set $action 'logout';
rewrite_by_lua_file /usr/local/share/lua/5.1/auth.lua;
}
location /login {
return 303 https://${auth_server}/sp/login/?ReturnTo=https://${server_name}/;
set $action 'login';
rewrite_by_lua_file /usr/local/share/lua/5.1/auth.lua;
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment