NODE-5467 Handle apifw block addition

wallarm · Jun 18, 2024 · f6aa6c9 · f6aa6c9
1 parent c31d938
commit f6aa6c9
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 29 deletions.
diff --git a/conf/nginx/nginx.conf b/conf/nginx/nginx.conf
@@ -11,6 +11,8 @@ events {
 }
 
 http {
+    # Auto-inclusion of apifw into server blocks
+    wallarm_srv_include /etc/nginx/wallarm-apifw-loc.conf;
 
     ##
     # Basic Settings

diff --git a/conf/nginx/wallarm-apifw-loc.conf b/conf/nginx/wallarm-apifw-loc.conf
@@ -0,0 +1,18 @@
+# wallarm-apifw-loc, required for APIFW.
+
+# Will be automatically included in each "server" section of the NGINX configuration
+# to enable the API Firewall functionality.
+
+location ~ ^/wallarm-apifw(.*)$ {
+	wallarm_mode off;
+	proxy_pass http://127.0.0.1:8088$1;
+	error_page 404 431         = @wallarm-apifw-fallback;
+	error_page 500 502 503 504 = @wallarm-apifw-fallback;
+	allow 127.0.0.0/8;
+	deny all;
+}
+
+location @wallarm-apifw-fallback {
+	wallarm_mode off;
+	return 500 "API FW fallback";
+}
diff --git a/conf/nginx_templates/default.conf.tmpl b/conf/nginx_templates/default.conf.tmpl
@@ -39,23 +39,6 @@ server {
         }
         {{ end }}
 
-        {{ if or (eq (env.Getenv "WALLARM_APIFW_ENABLE") "") (and (ne (env.Getenv "WALLARM_APIFW_ENABLE") "False") (ne (env.Getenv "WALLARM_APIFW_ENABLE") "false")) -}}
-        location ~ ^/wallarm-apifw(.*)$ {
-                wallarm_mode off;
-                proxy_pass http://127.0.0.1:8088$1;
-                error_page 404 431         = @wallarm-apifw-fallback;
-                error_page 500 502 503 504 = @wallarm-apifw-fallback;
-
-                allow 127.0.0.0/8;
-                deny all;
-        }
-
-        location @wallarm-apifw-fallback {
-                wallarm_mode off;
-                return 500 "API FW fallback";
-        }
-        {{ end }}
-
         location / {
                 {{ $nginxBackend := "http://127.0.0.1:8080" }}
                 {{ if env.Getenv "NGINX_BACKEND" -}}

diff --git a/scripts/init b/scripts/init
@@ -125,6 +125,8 @@ configure_services() {
   then
     sed -i -e '/\[program:api-firewall\]/,/\/api-firewall-out.log/d' \
       /opt/wallarm/etc/supervisord.conf
+    sed -i -e '/wallarm-apifw-loc/d' \
+      /etc/nginx/nginx.conf
   fi
 }
 

diff --git a/test/nginx_conf/wallarm_node.conf b/test/nginx_conf/wallarm_node.conf
@@ -53,16 +53,4 @@ server {
                 proxy_set_header X-Real-IP $remote_addr;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }
-
-        # apifw
-        location ~ ^/wallarm-apifw(.*)$ {
-            wallarm_mode off;
-            proxy_pass http://127.0.0.1:8088$1;
-            error_page 404 431         = @wallarm-apifw-fallback;
-            error_page 500 502 503 504 = @wallarm-apifw-fallback;
-        }
-        location @wallarm-apifw-fallback {
-            wallarm_mode off;
-            return 500 "API FW fallback";
-        }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -11,6 +11,8 @@ events { @@
     }
     http {
+        # Auto-inclusion of apifw into server blocks
+        wallarm_srv_include /etc/nginx/wallarm-apifw-loc.conf;
         ##
         # Basic Settings
@@ Expand Down @@