Improved README, increased variables_hash_max_size

revomatico · Dec 7, 2019 · c56e566 · c56e566
1 parent d2647f1
commit c56e566
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 45 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -18,8 +18,8 @@ RUN set -x \
     # May cause side effects when using another nginx under this kong, unless set to the same value
     && sed -i "/server_name kong;/a\ \n\
     set_decode_base64 \$session_secret \${{X_SESSION_SECRET}};\n" "$TPL" \
- # Patch nginx_kong.lua to insert shm memory
-    && sed -i -E '/^lua_shared_dict kong\s+.+$/i lua_shared_dict \${{X_SESSION_SHM_STORE}} \${{X_SESSION_SHM_STORE_SIZE}};' "$TPL" \
+ # Patch nginx_kong.lua to insert shm size
+    && sed -i -E '/^lua_shared_dict kong\s+.+$/i variables_hash_max_size 2048;\nlua_shared_dict \${{X_SESSION_SHM_STORE}} \${{X_SESSION_SHM_STORE_SIZE}};' "$TPL" \
  # Patch nginx_kong.lua to add for memcached sessions
     && sed -i "/server_name kong;/a\ \n\
     set \$session_storage \${{X_SESSION_STORAGE}};\n\
@@ -47,20 +47,20 @@ RUN set -x \
     && sed -i "/\]\]/i x_session_storage = cookie\n\
 \n\
 x_session_name = oidc_session\n\
+x_session_secret = ''\n\
 \n\
-x_session_memcache_prefix = 'oidc_sessions'\n\
+x_session_memcache_prefix = oidc_sessions\n\
 x_session_memcache_host = memcached\n\
 x_session_memcache_port = '11211'\n\
-x_session_secret = ''\n\
-x_session_memcache_uselocking = 'off'\n\
+x_session_memcache_uselocking = off\n\
 x_session_memcache_spinlockwait = '10000'\n\
 x_session_memcache_maxlockwait = '30'\n\
 x_session_memcache_pool_timeout = '10'\n\
 x_session_memcache_pool_size = '10'\n\
 \n\
 x_session_shm_store_size = 5m\n\
 x_session_shm_store = oidc_sessions\n\
-x_session_shm_uselocking = 'off'\n\
+x_session_shm_uselocking = off\n\
 x_session_shm_lock_exptime = '30'\n\
 x_session_shm_lock_timeout = '5'\n\
 x_session_shm_lock_step = '0.001'\n\

diff --git a/README.md b/README.md
@@ -1,70 +1,68 @@
 # docker-kong-oidc
 > Builds a Docker image from base Kong + nokia/kong-oidc (based on zmartzone/lua-resty-openidc)
 
-# Kong v1.4.1
-- [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/master/Dockerfile)
-
-# Kong v1.4.0
-- [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/1.4.0-1/Dockerfile)
-
-# Kong v1.3.0
-- [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/1.3.0-2/Dockerfile)
-
-# Kong v1.2.2
-- [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/1.2.2-1/Dockerfile)
-
-# Kong v1.1.2
-- [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/1.1.2-1/Dockerfile)
-
-
-# Kong v1.0.3
-- [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/1.0.3-1/Dockerfile)
-
-
-# Kong v0.14
-- [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/0.14-2/Dockerfile)
-
-
-# Kong v0.13
-- [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/0.13-3/Dockerfile)
-- Added [kong-http-to-https-redirect plugin](https://github.com/HappyValleyIO/kong-http-to-https-redirect)
-
-
-# Kong v0.12 (not maintained anymore)
-- [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/0.12/Dockerfile)
-- OpenID Connect plugin: [kong-oidc](https://github.com/nokia/kong-oidc)
+## Releases
+- Kong v1.4.1: [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/master/Dockerfile)
+- Kong v1.4.0: [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/1.4.0-1/Dockerfile)
+- Kong v1.3.0: [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/1.3.0-2/Dockerfile)
+- Kong v1.2.2: [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/1.2.2-1/Dockerfile)
+- Kong v1.1.2: [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/1.1.2-1/Dockerfile)
+- Kong v1.0.3: [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/1.0.3-1/Dockerfile)
+- Kong v0.14: [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/0.14-2/Dockerfile)
+- Kong v0.13: [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/0.13-3/Dockerfile)
+    - Added [kong-http-to-https-redirect plugin](https://github.com/HappyValleyIO/kong-http-to-https-redirect)
+- Kong v0.12:  [Dockerfile](https://github.com/Revomatico/docker-kong-oidc/blob/0.12/Dockerfile)
+    - OpenID Connect plugin: [kong-oidc](https://github.com/nokia/kong-oidc)
     - Based on: [lua-resty-openidc](https://github.com/zmartzone/lua-resty-openidc)
 
 
-# Memcached
-- Reference: https://github.com/bungle/lua-resty-session#pluggable-storage-adapters
-- To replace the default sesion storage: **cookie** with memcached, set
+## Memcached
+- Reference: https://github.com/bungle/lua-resty-session#memcache-storage-adapter
+- To replace the default sesion storage: **cookie** with **memcache**, set
     - `KONG_X_SESSION_STORAGE=memcache`
 - Memcached hostname is by default **mcd-memcached** (in my case installed via helm in a Kubernetes cluster)
     - Set `KONG_X_SESSION_MEMCACHE_HOST=mynewhost`
-    - Alternatively, set up DNS entry for **mcd-memcached** to be resolved from within the container
+    - Alternatively, set up DNS entry for **memcached** to be resolved from within the container
 - Memcached port is by default **11211**, override by setting:
     - `KONG_X_SESSION_MEMCACHE_PORT=12345`
+- KONG_X_SESSION_MEMCACHE_USELOCKING, default: off
 - KONG_X_SESSION_MEMCACHE_SPINLOCKWAIT, default: 10000
 - KONG_X_SESSION_MEMCACHE_MAXLOCKWAIT, default: 30
 - KONG_X_SESSION_MEMCACHE_POOL_TIMEOUT, default: 10
 - KONG_X_SESSION_MEMCACHE_POOL_SIZE, default: 10
 
 
+## Shm
+- Reference: https://github.com/bungle/lua-resty-session#shared-dictionary-storage-adapter
+- To replace the default sesion storage: **cookie** with **shm**, set
+    - `KONG_X_SESSION_STORAGE=shm`
+- KONG_X_SESSION_SHM_STORE, default: oidc_sessions
+- KONG_X_SESSION_SHM_STORE_SIZE, default: 5m
+- KONG_X_SESSION_SHM_USELOCKING, default: no
+- KONG_X_SESSION_SHM_LOCK_EXPTIME, default: 30
+- KONG_X_SESSION_SHM_LOCK_TIMEOUT, default: 5
+- KONG_X_SESSION_SHM_LOCK_STEP, default: 0.001
+- KONG_X_SESSION_SHM_LOCK_RATIO, default: 2
+- KONG_X_SESSION_SHM_LOCK_MAX_STEP, default: 0.5
+
+
 # Notes
 - Dockerfile will patch `nginx_kong.lua` template at build time, to include `set_decode_base64 $session_secret 'some_base64_string';`
     - This is needed for the kong-oidc plugin to set a session secret that will later override the template string
     - See: https://github.com/nokia/kong-oidc/issues/1
 - To enable the plugins, set the env variable for the container with comma separated plugin values:
-    - [Kong < 0.14] `KONG_CUSTOM_PLUGINS=oidc,kong-http-to-https-redirect`
-    - [Kong >= 0.14] `KONG_PLUGINS=bundled,oidc,kong-http-to-https-redirect`
+    - [Kong < 0.14] `KONG_CUSTOM_PLUGINS=oidc`
+    - [Kong >= 0.14] `KONG_PLUGINS=bundled,oidc`
 - A common default session_secret should be defined by setting env KONG_X_SESSION_SECRET
+- KONG_X_SESSION_NAME=oidc_session
 
 
 # Release notes
 - 2019-10-28 [1.4.1-1]:
     - Bumped Kong version to 1.4.1
     - Added shm session storage support
+    - Added test.sh to quickly validate the build
+    - Improved README.md
 - 2019-10-28 [1.4.0-1]:
     - Bumped Kong version to 1.4.0
 - 2019-09-05 [1.3.0-2]:

diff --git a/run.sh b/run.sh
@@ -6,4 +6,4 @@ docker run --rm -it \
     -u root \
     --name $DOCKER_CONTAINER \
     $DOCKER_IMAGE \
-    bash
+    bash -c "$*"
diff --git a/test.sh b/test.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+./run.sh kong prepare -p /usr/local/kong/
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/bin/bash

		./run.sh kong prepare -p /usr/local/kong/