feat(router): Adding large_client_header_buffers annotations to hephy-router

Author: Cryptophobia

README.md

@@ -239,6 +239,8 @@ _Note that Kubernetes annotation maps are all of Go type `map[string]string`.  A
 | <a name="gzip-types"></a>deis-router | deployment | [router.deis.io/nginx.gzip.types](#gzip-types) | `"application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component"` | nginx `gzip_types` setting. |
 | <a name="gzip-vary"></a>deis-router | deployment | [router.deis.io/nginx.gzip.vary](#gzip-vary) | `"on"` | nginx `gzip_vary` setting. |
 | <a name="body-size"></a>deis-router | deployment | [router.deis.io/nginx.bodySize](#body-size) | `"1m"`| nginx `client_max_body_size` setting expressed in bytes (no suffix), kilobytes (suffixes `k` and `K`), or megabytes (suffixes `m` and `M`). |
+| <a name="large-client-header-buffers-count"></a>deis-router | deployment | [router.deis.io/nginx.largeHeaderBuffersCount](#large-client-header-buffers-count) | `"4"`| nginx `large_client_header_buffers` number setting. Sets the maximum number of buffers used for reading large client request header. |
+| <a name="large-client-header-buffers-size"></a>deis-router | deployment | [router.deis.io/nginx.largeHeaderBuffersSize](#large-client-header-buffers-size) | `"32k"`| nginx `large_client_header_buffers` size expressed in bytes (no suffix), kilobytes (suffixes `k` and `K`), or megabytes (suffixes `m` and `M`). Sets the maximum size of the buffers used for reading large client request header. |
 | <a name="proxy-real-ip-cidrs"></a>deis-router | deployment | [router.deis.io/nginx.proxyRealIpCidrs](#proxy-real-ip-cidrs) | `"10.0.0.0/8"` | Comma-delimited list of IP/CIDRs that define trusted addresses that are known to send correct replacement addresses. These map to multiple nginx `set_real_ip_from` directives. |
 | <a name="error-log-level"></a>deis-router | deployment | [router.deis.io/nginx.errorLogLevel](#error-log-level) | `"error"` | Log level used in the nginx `error_log` setting (valid values are: `debug`, `info`, `notice`, `warn`, `error`, `crit`, `alert`, and `emerg`). |
 | <a name="platform-domain"></a>deis-router | deployment | [router.deis.io/nginx.platformDomain](#platform-domain) | N/A | This defines the router's platform domain.  Any domains added to a routable application _not_ containing the `.` character will be assumed to be subdomains of this platform domain.  Thus, for example, a platform domain of `example.com` coupled with a routable app counting `foo` among its domains will result in router configuration that routes traffic for `foo.example.com` to that application. |

model/model.go

@@ -46,6 +46,8 @@ type RouterConfig struct {
 	ServerNameHashBucketSize string      `key:"serverNameHashBucketSize" constraint:"^[1-9]\\d*[kKmM]?$"`
 	GzipConfig               *GzipConfig `key:"gzip"`
 	BodySize                 string      `key:"bodySize" constraint:"^[0-9]\\d*[kKmM]?$"`
+	LargeHeaderBuffersCount  string      `key:"largeHeaderBuffersCount" constraint:"^[1-9]\\d*$"`
+	LargeHeaderBuffersSize   string      `key:"largeHeaderBuffersSize" constraint:"^[0-9]\\d*[kKmM]?$"`
 	ProxyRealIPCIDRs         []string    `key:"proxyRealIpCidrs" constraint:"^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))?(\\s*,\\s*)?)+$"`
 	ErrorLogLevel            string      `key:"errorLogLevel" constraint:"^(debug|info|notice|warn|error|crit|alert|emerg)$"`
 	PlatformDomain           string      `key:"platformDomain" constraint:"(?i)^([a-z0-9]+(-[a-z0-9]+)*\\.)+[a-z0-9]+(-*[a-z0-9]+)+$"`
@@ -81,6 +83,8 @@ func newRouterConfig() (*RouterConfig, error) {
 		ServerNameHashBucketSize: "64",
 		GzipConfig:               newGzipConfig(),
 		BodySize:                 "1m",
+		LargeHeaderBuffersCount:  "4",
+		LargeHeaderBuffersSize:   "32k",
 		ProxyRealIPCIDRs:         []string{"10.0.0.0/8"},
 		DisableServerTokens:      false,
 		ErrorLogLevel:            "error",

model/model_validation_test.go

@@ -71,6 +71,22 @@ func TestValidBodySize(t *testing.T) {
 	testValidValues(t, newTestRouterConfig, "BodySize", "bodySize", []string{"1", "2", "20", "1k", "2k", "10m", "10M"})
 }
 
+func TestInvalidLargeHeaderBuffersCount(t *testing.T) {
+	testInvalidValues(t, newTestRouterConfig, "LargeHeaderBuffersCount", "largeHeaderBuffersCount", []string{"0", "-1", "foobar"})
+}
+
+func TestValidLargeHeaderBuffersCount(t *testing.T) {
+	testValidValues(t, newTestRouterConfig, "LargeHeaderBuffersCount", "largeHeaderBuffersCount", []string{"1", "2", "4", "8", "16", "32"})
+}
+
+func TestInvalidLargeHeaderBuffersSize(t *testing.T) {
+	testInvalidValues(t, newTestRouterConfig, "LargeHeaderBuffersSize", "largeHeaderBuffersSize", []string{"-1", "foobar"})
+}
+
+func TestValidLargeHeaderBuffersSize(t *testing.T) {
+	testValidValues(t, newTestRouterConfig, "LargeHeaderBuffersSize", "largeHeaderBuffersSize", []string{"1", "2", "20", "1k", "2k", "10m", "10M"})
+}
+
 func TestInvalidProxyRealIPCIDRs(t *testing.T) {
 	testInvalidValues(t, newTestRouterConfig, "ProxyRealIPCIDRs", "proxyRealIpCidrs", []string{"0", "-1", "foobar"})
 }

nginx/config.go

@@ -47,6 +47,7 @@ http {
 	gzip_vary {{ $gzipConfig.Vary }};{{ end }}
 
 	client_max_body_size {{ $routerConfig.BodySize }};
+	large_client_header_buffers {{ $routerConfig.LargeHeaderBuffersCount }} {{ $routerConfig.LargeHeaderBuffersSize }};
 
 	{{ if $routerConfig.DisableServerTokens -}}
 	server_tokens off;

nginx/config_test.go

@@ -241,12 +241,14 @@ func TestDisableServerTokens(t *testing.T) {
 			Types:       "application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component",
 			Vary:        "on",
 		},
-		BodySize:          "1m",
-		ProxyRealIPCIDRs:  []string{"10.0.0.0/8"},
-		ErrorLogLevel:     "error",
-		UseProxyProtocol:  false,
-		EnforceWhitelists: false,
-		WhitelistMode:     "extend",
+		BodySize:                "1m",
+		LargeHeaderBuffersCount: "4",
+		LargeHeaderBuffersSize:  "32k",
+		ProxyRealIPCIDRs:        []string{"10.0.0.0/8"},
+		ErrorLogLevel:           "error",
+		UseProxyProtocol:        false,
+		EnforceWhitelists:       false,
+		WhitelistMode:           "extend",
 		SSLConfig: &model.SSLConfig{
 			Enforce:           false,
 			Protocols:         "TLSv1 TLSv1.1 TLSv1.2",