1212# setup custom paths that do not require root access
1313pid {{ .PID }};
1414
15+ # enables the use of “just-in-time compilation” for the regular expressions known by the time of configuration parsing
16+ pcre_jit on;
17+
1518{{ if $cfg.UseGeoIP2 }}
1619load_module /etc/nginx/modules/ngx_http_geoip2_module.so;
1720{{ end }}
@@ -98,11 +101,11 @@ http {
98101 end
99102
100103 {{ if $all.EnableMetrics }}
101- ok, res = pcall(require, "monitor ")
104+ ok, res = pcall(require, "pbmetrics ")
102105 if not ok then
103106 error("require failed: " .. tostring(res))
104107 else
105- monitor = res
108+ pbmetrics = res
106109 end
107110 {{ end }}
108111
@@ -127,11 +130,9 @@ http {
127130 init_worker_by_lua_block {
128131 lua_ingress.init_worker()
129132 balancer.init_worker()
130- {{ if $all.EnableMetrics }}
131- monitor.init_worker({{ $all.MonitorMaxBatchSize }})
132- {{ end }}
133133
134134 plugins.run()
135+ pbmetrics.init_worker()
135136 }
136137
137138 {{/* Enable the real_ip module only if we use either X-Forwarded headers or Proxy Protocol. */}}
@@ -415,6 +416,15 @@ http {
415416 {{ $reqUri }} 0;{{ end }}
416417 default 1;
417418 }
419+ map $server_name $total_upstream_response_time {
420+ default 0;
421+ }
422+ map $server_name $upstream_retries {
423+ default 0;
424+ }
425+ map $server_name $formatted_status {
426+ default $status;
427+ }
418428
419429 {{ if or $cfg.DisableAccessLog $cfg.DisableHTTPAccessLog }}
420430 access_log off;
@@ -955,14 +965,15 @@ stream {
955965 proxy_set_header Host $best_http_host;
956966
957967 set $proxy_upstream_name {{ $upstreamName | quote }};
968+ set $formatted_status $status;
969+ set $upstream_retries "0";
970+ set $total_upstream_response_time "0";
958971
959972 rewrite (.*) / break;
960973
961974 proxy_pass http://upstream_balancer;
962975 log_by_lua_block {
963- {{ if $enableMetrics }}
964- monitor.call()
965- {{ end }}
976+ pbmetrics.call()
966977 }
967978 }
968979 {{ end }}
@@ -1010,10 +1021,13 @@ stream {
10101021 {{ buildHTTPSListener $all $server.Hostname }}
10111022
10121023 set $proxy_upstream_name "-";
1024+ set $formatted_status $status;
1025+ set $upstream_retries "0";
1026+ set $total_upstream_response_time "0";
10131027
10141028 {{ if not ( empty $server.CertificateAuth.MatchCN ) }}
10151029 {{ if gt (len $server.CertificateAuth.MatchCN) 0 }}
1016- if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) {
1030+ if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN | quote }} ) {
10171031 return 403 "client certificate unauthorized";
10181032 }
10191033 {{ end }}
@@ -1172,6 +1186,10 @@ stream {
11721186 proxy_set_header X-Auth-Request-Redirect $request_uri;
11731187 {{ end }}
11741188
1189+ {{ if not (contains $externalAuth.AuthSnippet "proxy_connect_timeout") }}
1190+ proxy_connect_timeout 15s;
1191+ {{ end }}
1192+
11751193 {{ if $externalAuth.AuthCacheKey }}
11761194 proxy_buffering "on";
11771195 {{ else }}
@@ -1219,7 +1237,7 @@ stream {
12191237 set $target {{ changeHostPort $externalAuth.URL $authUpstreamName }};
12201238 {{ else }}
12211239 proxy_http_version {{ $location.Proxy.ProxyHTTPVersion }};
1222- set $target {{ $externalAuth.URL }};
1240+ set $target {{ $externalAuth.URL | quote }};
12231241 {{ end }}
12241242 proxy_pass $target;
12251243 }
@@ -1255,10 +1273,12 @@ stream {
12551273 set $location_path {{ $ing.Path | escapeLiteralDollar | quote }};
12561274 set $global_rate_limit_exceeding n;
12571275
1276+ set $content_kind "";
1277+
12581278 {{ buildOpentelemetryForLocation $all.Cfg.EnableOpentelemetry $all.Cfg.OpentelemetryTrustIncomingSpan $location }}
12591279
12601280 {{ if $location.Mirror.Source }}
1261- mirror {{ $location.Mirror.Source }};
1281+ mirror {{ $location.Mirror.Source | quote }};
12621282 mirror_request_body {{ $location.Mirror.RequestBody }};
12631283 {{ end }}
12641284
@@ -1285,11 +1305,9 @@ stream {
12851305
12861306 log_by_lua_block {
12871307 balancer.log()
1288- {{ if $all.EnableMetrics }}
1289- monitor.call()
1290- {{ end }}
12911308
12921309 plugins.run()
1310+ pbmetrics.call()
12931311 }
12941312
12951313 {{ if not $location.Logs.Access }}
@@ -1577,14 +1595,15 @@ stream {
15771595
15781596 {{ if eq $server.Hostname "_" }}
15791597 # health checks in cloud providers require the use of port {{ $all.ListenPorts.HTTP }}
1580- location {{ $all.HealthzURI }} {
1598+ location = {{ $all.HealthzURI }} {
15811599
15821600 {{ if $all.Cfg.EnableOpentelemetry }}
15831601 opentelemetry off;
15841602 {{ end }}
15851603
15861604 access_log off;
1587- return 200;
1605+ proxy_set_header D8s-External-Check "True";
1606+ proxy_pass http://127.0.0.1:10254;
15881607 }
15891608
15901609 # this is required to avoid error if nginx is being monitored
0 commit comments