insert httpsListenOptions only for the first server

tsuru · Feb 7, 2025 · 35c26e6 · 35c26e6
1 parent 65fbd74
commit 35c26e6
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 3 deletions.
diff --git a/internal/pkg/rpaas/nginx/configuration_render.go b/internal/pkg/rpaas/nginx/configuration_render.go
@@ -57,6 +57,7 @@ func (r *rpaasConfigurationRenderer) Render(c ConfigurationData) (string, error)
 	if c.Servers == nil {
 		c.Servers = produceServers(&c.Instance.Spec, c.NginxTLS)
 	}
+	initListenOptions(c.Servers, c.Config)
 	err := r.t.Execute(buffer, c)
 	if err != nil {
 		return "", err
@@ -484,10 +485,9 @@ http {
 
     {{- range $_, $server := $servers }}
     server {
-        listen {{ httpPort $instance }}{{ with $server.Default }} default_server{{ end }};
+        listen {{ httpPort $instance }}{{ with $server.Default }} default_server{{ end }}{{- with $server.HTTPListenOptions }} {{ . }}{{ end }};
         {{- if $server.TLS }}
-        listen {{ httpsPort $instance }} ssl http2
-            {{- with $config.HTTPSListenOptions }} {{ . }}{{ end }};
+        listen {{ httpsPort $instance }} ssl http2{{- with $server.HTTPSListenOptions }} {{ . }}{{ end }};
         {{- end }}
 
         {{- with $server.Name }}

diff --git a/internal/pkg/rpaas/nginx/configuration_render_test.go b/internal/pkg/rpaas/nginx/configuration_render_test.go
@@ -243,10 +243,16 @@ func TestRpaasConfigurationRenderer_Render(t *testing.T) {
 				Instance: &v1alpha1.RpaasInstance{},
 				NginxTLS: []nginxv1alpha1.NginxTLS{
 					{SecretName: "my-cert-01", Hosts: []string{"*.example.com"}},
+					{SecretName: "my-cert-02", Hosts: []string{"www.example.com"}},
 				},
 			},
 			assertion: func(t *testing.T, result string) {
 				assert.Regexp(t, `listen 8443 ssl http2 backlog=2048 deferred reuseport;
+\s+server_name www.example.com;
+\s+ssl_certificate     certs/my-cert-02/tls.crt;
+\s+ssl_certificate_key certs/my-cert-02/tls.key;`, result)
+
+				assert.Regexp(t, `listen 8443 ssl http2;
 \s+server_name \*.example.com;
 \s+ssl_certificate     certs/my-cert-01/tls.crt;
 \s+ssl_certificate_key certs/my-cert-01/tls.key;`, result)

diff --git a/internal/pkg/rpaas/nginx/servers.go b/internal/pkg/rpaas/nginx/servers.go
@@ -20,6 +20,9 @@ type Server struct {
 	Default       bool   `json:"default,omitempty"`
 	Wildcard      bool   `json:"wildcard,omitempty"`
 
+	HTTPListenOptions  string `json:"httpListenOptions,omitempty"`
+	HTTPSListenOptions string `json:"httpsListenOptions,omitempty"`
+
 	Blocks    map[v1alpha1.BlockType]v1alpha1.Value
 	Locations []v1alpha1.Location `json:"locations,omitempty"`
 }
@@ -174,6 +177,22 @@ func produceServers(spec *v1alpha1.RpaasInstanceSpec, nginxTLS []nginxv1alpha1.N
 	return result
 }
 
+func initListenOptions(servers []*Server, config *v1alpha1.NginxConfig) {
+	for _, server := range servers {
+		if server.Default {
+			server.HTTPListenOptions = config.HTTPListenOptions
+			break
+		}
+	}
+
+	for _, server := range servers {
+		if server.TLS {
+			server.HTTPSListenOptions = config.HTTPSListenOptions
+			break
+		}
+	}
+}
+
 func sortServers(servers []*Server) {
 	sort.Slice(servers, func(i, j int) bool {
 		return servers[i].Name < servers[j].Name