Commit e91ff10

authored

[Feature] [Platform] Enable HTTP to HTTPS Redirect (#1942)

1 parent cb5fcaf commit e91ff10Copy full SHA for e91ff10

File tree

3 files changed

+88

-5

lines changed

CHANGELOG.md
pkg/deployment/resources/gateway
- gateway_config.go
- gateway_config_sni.go

3 files changed

+88

-5

lines changed

`‎CHANGELOG.md‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@`
`12`	`12`	`- (Feature) Compact Action`
`13`	`13`	`- (DebugPackage) Fetch All logs`
`14`	`14`	`- (Feature) (Platform) MetaV1 List Operation`
	`15`	`+- (Feature) (Platform) Enable HTTP to HTTPS Redirect`
`15`	`16`
`16`	`17`	`## [1.2.50](https://github.com/arangodb/kube-arangodb/tree/1.2.50) (2025年07月04日)`
`17`	`18`	`- (Feature) (Platform) MetaV1 Integration Service`

`‎pkg/deployment/resources/gateway/gateway_config.go‎`

Lines changed: 85 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -391,16 +391,97 @@ func (c Config) RenderDefaultFilterChain() (*pbEnvoyListenerV3.FilterChain, erro`
`391`	`391`	`}`
`392`	`392`
`393`	`393`	`func (c Config) RenderSecondaryFilterChains() ([]*pbEnvoyListenerV3.FilterChain, error) {`
`394`		`- if len(c.SNI) == 0 {`
	`394`	`+ var r []*pbEnvoyListenerV3.FilterChain`
	`395`	`+`
	`396`	`+ if chain, err := c.HttpToHttpsChain(); err != nil {`
	`397`	`+ return nil, err`
	`398`	`+ } else if chain != nil {`
	`399`	`+ r = append(r, chain)`
	`400`	`+ }`
	`401`	`+`
	`402`	`+ if len(c.SNI) > 0 {`
	`403`	`+ filters, err := c.RenderFilters()`
	`404`	`+ if err != nil {`
	`405`	`+ return nil, err`
	`406`	`+ }`
	`407`	`+`
	`408`	`+ chain, err := c.SNI.RenderFilterChain(filters)`
	`409`	`+ if err != nil {`
	`410`	`+ return nil, err`
	`411`	`+ }`
	`412`	`+`
	`413`	`+ r = append(r, chain...)`
	`414`	`+ }`
	`415`	`+`
	`416`	`+ return r, nil`
	`417`	`+}`
	`418`	`+`
	`419`	`+func (c Config) HttpToHttpsChain() (*pbEnvoyListenerV3.FilterChain, error) {`
	`420`	`+ if c.DefaultTLS == nil {`
`395`	`421`	`return nil, nil`
`396`	`422`	`}`
`397`	`423`
`398`		`- filters, err := c.RenderFilters()`
	`424`	`+ httpFilterConfigType, err := anypb.New(&routerAPI.Router{})`
`399`	`425`	`if err != nil {`
`400`		`- return nil, err`
	`426`	`+ return nil, errors.Wrapf(err, "Unable to create router filter configuration for HTTP to HTTPS redirect")`
`401`	`427`	`}`
`402`	`428`
`403`		`- return c.SNI.RenderFilterChain(filters)`
	`429`	`+ filterConfigType, err := anypb.New(&httpConnectionManagerAPI.HttpConnectionManager{`
	`430`	`+ StatPrefix: "ingress_http",`
	`431`	`+ CodecType: httpConnectionManagerAPI.HttpConnectionManager_AUTO,`
	`432`	`+ RouteSpecifier: &httpConnectionManagerAPI.HttpConnectionManager_RouteConfig{`
	`433`	`+ RouteConfig: &pbEnvoyRouteV3.RouteConfiguration{`
	`434`	`+ Name: "local_http",`
	`435`	`+ VirtualHosts: []*pbEnvoyRouteV3.VirtualHost{`
	`436`	`+ {`
	`437`	`+ Name: "local_http",`
	`438`	`+ Domains: []string{"*"},`
	`439`	`+ Routes: []*pbEnvoyRouteV3.Route{`
	`440`	`+ {`
	`441`	`+ Match: &pbEnvoyRouteV3.RouteMatch{`
	`442`	`+ PathSpecifier: &pbEnvoyRouteV3.RouteMatch_Prefix{`
	`443`	`+ Prefix: "/",`
	`444`	`+ },`
	`445`	`+ },`
	`446`	`+ Action: &pbEnvoyRouteV3.Route_Redirect{`
	`447`	`+ Redirect: &pbEnvoyRouteV3.RedirectAction{`
	`448`	`+ SchemeRewriteSpecifier: &pbEnvoyRouteV3.RedirectAction_HttpsRedirect{`
	`449`	`+ HttpsRedirect: true,`
	`450`	`+ },`
	`451`	`+ },`
	`452`	`+ },`
	`453`	`+ },`
	`454`	`+ },`
	`455`	`+ },`
	`456`	`+ },`
	`457`	`+ },`
	`458`	`+ },`
	`459`	`+ HttpFilters: []*httpConnectionManagerAPI.HttpFilter{`
	`460`	`+ {`
	`461`	`+ Name: "envoy.filters.http.router",`
	`462`	`+ ConfigType: &httpConnectionManagerAPI.HttpFilter_TypedConfig{`
	`463`	`+ TypedConfig: httpFilterConfigType,`
	`464`	`+ },`
	`465`	`+ },`
	`466`	`+ },`
	`467`	`+ })`
	`468`	`+ if err != nil {`
	`469`	`+ return nil, errors.Wrapf(err, "Unable to create HTTP connection manager configuration for HTTP to HTTPS redirect")`
	`470`	`+ }`
	`471`	`+`
	`472`	`+ return &pbEnvoyListenerV3.FilterChain{`
	`473`	`+ FilterChainMatch: &pbEnvoyListenerV3.FilterChainMatch{`
	`474`	`+ TransportProtocol: "raw_buffer",`
	`475`	`+ },`
	`476`	`+ Filters: []*pbEnvoyListenerV3.Filter{`
	`477`	`+ {`
	`478`	`+ Name: "envoy.filters.network.http_connection_manager",`
	`479`	`+ ConfigType: &pbEnvoyListenerV3.Filter_TypedConfig{`
	`480`	`+ TypedConfig: filterConfigType,`
	`481`	`+ },`
	`482`	`+ },`
	`483`	`+ },`
	`484`	`+ }, nil`
`404`	`485`	`}`
`405`	`486`
`406`	`487`	`func (c Config) RenderListener() (*pbEnvoyListenerV3.Listener, error) {`

`‎pkg/deployment/resources/gateway/gateway_config_sni.go‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,8 @@ func (c ConfigSNI) RenderFilterChain(filters []pbEnvoyListenerV3.Filter) (pbEn`
`64`	`64`	`return &pbEnvoyListenerV3.FilterChain{`
`65`	`65`	`TransportSocket: transport,`
`66`	`66`	`FilterChainMatch: &pbEnvoyListenerV3.FilterChainMatch{`
`67`		`- ServerNames: util.CopyList(c.ServerNames),`
	`67`	`+ ServerNames: util.CopyList(c.ServerNames),`
	`68`	`+ TransportProtocol: "tls",`
`68`	`69`	`},`
`69`	`70`	`Filters: filters,`
`70`	`71`	`}, nil`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit e91ff10

File tree

3 files changed

3 files changed

`‎CHANGELOG.md‎`

`‎pkg/deployment/resources/gateway/gateway_config.go‎`

`‎pkg/deployment/resources/gateway/gateway_config_sni.go‎`

0 commit comments