kubernetes · k8s-ci-robot · Feb 26, 2019 · Feb 19, 2019 · mymarche · Feb 25, 2019
diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md
@@ -32,6 +32,7 @@ The following table shows a configuration option's name, type, and the default v
 |[hide-headers](#hide-headers)|string array|empty|
 |[access-log-params](#access-log-params)|string|""|
 |[access-log-path](#access-log-path)|string|"/var/log/nginx/access.log"|
+|[enable-access-log-for-default-backend](#enable-access-log-for-default-backend)|bool|"false"|
 |[error-log-path](#error-log-path)|string|"/var/log/nginx/error.log"|
 |[enable-dynamic-tls-records](#enable-dynamic-tls-records)|bool|"true"|
 |[enable-modsecurity](#enable-modsecurity)|bool|"false"|
@@ -184,6 +185,10 @@ Access log path. Goes to `/var/log/nginx/access.log` by default.
 
 __Note:__ the file `/var/log/nginx/access.log` is a symlink to `/dev/stdout`
 
+## enable-access-log-for-default-backend
+
+Enables logging access to default backend. _**default:**_ is disabled. 
+
 ## error-log-path
 
 Error log path. Goes to `/var/log/nginx/error.log` by default.

diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go
@@ -99,6 +99,10 @@ type Configuration struct {
 	// By default it's empty
 	AccessLogParams string `json:"access-log-params,omitempty"`
 
+	// EnableAccessLogForDefaultBackend enable access_log for default backend
+	// By default this is disabled
+	EnableAccessLogForDefaultBackend bool `json:"enable-access-log-for-default-backend"`
+
 	// AccessLogPath sets the path of the access logs if enabled
 	// http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
 	// By default access logs go to /var/log/nginx/access.log
@@ -595,77 +599,78 @@ func NewDefault() Configuration {
 	defProxyDeadlineDuration := time.Duration(5) * time.Second
 
 	cfg := Configuration{
-		AllowBackendServerHeader:   false,
-		AccessLogPath:              "/var/log/nginx/access.log",
-		AccessLogParams:            "",
-		WorkerCPUAffinity:          "",
-		ErrorLogPath:               "/var/log/nginx/error.log",
-		BlockCIDRs:                 defBlockEntity,
-		BlockUserAgents:            defBlockEntity,
-		BlockReferers:              defBlockEntity,
-		BrotliLevel:                4,
-		BrotliTypes:                brotliTypes,
-		ClientHeaderBufferSize:     "1k",
-		ClientHeaderTimeout:        60,
-		ClientBodyBufferSize:       "8k",
-		ClientBodyTimeout:          60,
-		EnableDynamicTLSRecords:    true,
-		EnableUnderscoresInHeaders: false,
-		ErrorLogLevel:              errorLevel,
-		UseForwardedHeaders:        false,
-		ForwardedForHeader:         "X-Forwarded-For",
-		ComputeFullForwardedFor:    false,
-		ProxyAddOriginalURIHeader:  true,
-		GenerateRequestID:          true,
-		HTTP2MaxFieldSize:          "4k",
-		HTTP2MaxHeaderSize:         "16k",
-		HTTP2MaxRequests:           1000,
-		HTTPRedirectCode:           308,
-		HSTS:                       true,
-		HSTSIncludeSubdomains:      true,
-		HSTSMaxAge:                 hstsMaxAge,
-		HSTSPreload:                false,
-		IgnoreInvalidHeaders:       true,
-		GzipLevel:                  5,
-		GzipTypes:                  gzipTypes,
-		KeepAlive:                  75,
-		KeepAliveRequests:          100,
-		LargeClientHeaderBuffers:   "4 8k",
-		LogFormatEscapeJSON:        false,
-		LogFormatStream:            logFormatStream,
-		LogFormatUpstream:          logFormatUpstream,
-		EnableMultiAccept:          true,
-		MaxWorkerConnections:       16384,
-		MaxWorkerOpenFiles:         0,
-		MapHashBucketSize:          64,
-		NginxStatusIpv4Whitelist:   defNginxStatusIpv4Whitelist,
-		NginxStatusIpv6Whitelist:   defNginxStatusIpv6Whitelist,
-		ProxyRealIPCIDR:            defIPCIDR,
-		ProxyProtocolHeaderTimeout: defProxyDeadlineDuration,
-		ServerNameHashMaxSize:      1024,
-		ProxyHeadersHashMaxSize:    512,
-		ProxyHeadersHashBucketSize: 64,
-		ProxyStreamResponses:       1,
-		ReusePort:                  true,
-		ShowServerTokens:           true,
-		SSLBufferSize:              sslBufferSize,
-		SSLCiphers:                 sslCiphers,
-		SSLECDHCurve:               "auto",
-		SSLProtocols:               sslProtocols,
-		SSLSessionCache:            true,
-		SSLSessionCacheSize:        sslSessionCacheSize,
-		SSLSessionTickets:          true,
-		SSLSessionTimeout:          sslSessionTimeout,
-		EnableBrotli:               false,
-		UseGzip:                    true,
-		UseGeoIP:                   true,
-		UseGeoIP2:                  false,
-		WorkerProcesses:            strconv.Itoa(runtime.NumCPU()),
-		WorkerShutdownTimeout:      "10s",
-		VariablesHashBucketSize:    128,
-		VariablesHashMaxSize:       2048,
-		UseHTTP2:                   true,
-		ProxyStreamTimeout:         "600s",
+		AllowBackendServerHeader:         false,
+		AccessLogPath:                    "/var/log/nginx/access.log",
+		AccessLogParams:                  "",
+		EnableAccessLogForDefaultBackend: false,
+		WorkerCPUAffinity:                "",
+		ErrorLogPath:                     "/var/log/nginx/error.log",
+		BlockCIDRs:                       defBlockEntity,
+		BlockUserAgents:                  defBlockEntity,
+		BlockReferers:                    defBlockEntity,
+		BrotliLevel:                      4,
+		BrotliTypes:                      brotliTypes,
+		ClientHeaderBufferSize:           "1k",
+		ClientHeaderTimeout:              60,
+		ClientBodyBufferSize:             "8k",
+		ClientBodyTimeout:                60,
+		EnableDynamicTLSRecords:          true,
+		EnableUnderscoresInHeaders:       false,
+		ErrorLogLevel:                    errorLevel,
+		UseForwardedHeaders:              false,
+		ForwardedForHeader:               "X-Forwarded-For",
+		ComputeFullForwardedFor:          false,
+		ProxyAddOriginalURIHeader:        true,
+		GenerateRequestID:                true,
+		HTTP2MaxFieldSize:                "4k",
+		HTTP2MaxHeaderSize:               "16k",
+		HTTP2MaxRequests:                 1000,
+		HTTPRedirectCode:                 308,
+		HSTS:                             true,
+		HSTSIncludeSubdomains:            true,
+		HSTSMaxAge:                       hstsMaxAge,
+		HSTSPreload:                      false,
+		IgnoreInvalidHeaders:             true,
+		GzipLevel:                        5,
+		GzipTypes:                        gzipTypes,
+		KeepAlive:                        75,
+		KeepAliveRequests:                100,
+		LargeClientHeaderBuffers:         "4 8k",
+		LogFormatEscapeJSON:              false,
+		LogFormatStream:                  logFormatStream,
+		LogFormatUpstream:                logFormatUpstream,
+		EnableMultiAccept:                true,
+		MaxWorkerConnections:             16384,
+		MaxWorkerOpenFiles:               0,
+		MapHashBucketSize:                64,
+		NginxStatusIpv4Whitelist:         defNginxStatusIpv4Whitelist,
+		NginxStatusIpv6Whitelist:         defNginxStatusIpv6Whitelist,
+		ProxyRealIPCIDR:                  defIPCIDR,
+		ProxyProtocolHeaderTimeout:       defProxyDeadlineDuration,
+		ServerNameHashMaxSize:            1024,
+		ProxyHeadersHashMaxSize:          512,
+		ProxyHeadersHashBucketSize:       64,
+		ProxyStreamResponses:             1,
+		ReusePort:                        true,
+		ShowServerTokens:                 true,
+		SSLBufferSize:                    sslBufferSize,
+		SSLCiphers:                       sslCiphers,
+		SSLECDHCurve:                     "auto",
+		SSLProtocols:                     sslProtocols,
+		SSLSessionCache:                  true,
+		SSLSessionCacheSize:              sslSessionCacheSize,
+		SSLSessionTickets:                true,
+		SSLSessionTimeout:                sslSessionTimeout,
+		EnableBrotli:                     false,
+		UseGzip:                          true,
+		UseGeoIP:                         true,
+		UseGeoIP2:                        false,
+		WorkerProcesses:                  strconv.Itoa(runtime.NumCPU()),
+		WorkerShutdownTimeout:            "10s",
+		VariablesHashBucketSize:          128,
+		VariablesHashMaxSize:             2048,
+		UseHTTP2:                         true,
+		ProxyStreamTimeout:               "600s",
 		Backend: defaults.Backend{
 			ProxyBodySize:          bodySize,
 			ProxyConnectTimeout:    5,

diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go
@@ -18,6 +18,7 @@ package controller
 
 import (
 	"fmt"
+	"k8s.io/ingress-nginx/internal/ingress/annotations/log"
 	"sort"
 	"strconv"
 	"strings"
@@ -928,6 +929,10 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
 				Backend:      du.Name,
 				Proxy:        ngxProxy,
 				Service:      du.Service,
+				Logs: log.Config{
+					Access:  n.store.GetBackendConfiguration().EnableAccessLogForDefaultBackend,
+					Rewrite: false,
+				},
 			},
 		}}
 

diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
@@ -615,6 +615,8 @@ http {
         {{ if $IsIPV6Enabled }}listen [::]:{{ $all.ListenPorts.Default }} default_server {{ if $all.Cfg.ReusePort }}reuseport{{ end }} backlog={{ $all.BacklogSize }};{{ end }}
         set $proxy_upstream_name "internal";
 
+        access_log off;
+
         location / {
           return 404;
         }

diff --git a/test/e2e/defaultbackend/default_backend.go b/test/e2e/defaultbackend/default_backend.go
@@ -98,4 +98,35 @@ var _ = framework.IngressNginxDescribe("Default backend", func() {
 			Expect(resp.StatusCode).Should(Equal(test.Status))
 		}
 	})
+	It("enables access logging for default backend", func() {
+		f.UpdateNginxConfigMapData("enable-access-log-for-default-backend", "true")
+		host := "foo"
+		resp, _, errs := gorequest.New().
+			Get(f.GetURL(framework.HTTP)+"/somethingOne").
+			Set("Host", host).
+			End()
+
+		Expect(len(errs)).Should(Equal(0))
+		Expect(resp.StatusCode).Should(Equal(http.StatusNotFound))
+
+		logs, err := f.NginxLogs()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(logs).To(ContainSubstring("/somethingOne"))
+	})
+
+	It("disables access logging for default backend", func() {
+		f.UpdateNginxConfigMapData("enable-access-log-for-default-backend", "false")
+		host := "bar"
+		resp, _, errs := gorequest.New().
+			Get(f.GetURL(framework.HTTP)+"/somethingTwo").
+			Set("Host", host).
+			End()
+
+		Expect(len(errs)).Should(Equal(0))
+		Expect(resp.StatusCode).Should(Equal(http.StatusNotFound))
+
+		logs, err := f.NginxLogs()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(logs).ToNot(ContainSubstring("/somethingTwo"))
 # backend for when default-backend-service is not configured or it does not have endpoints 
 # backend for when default-backend-service is not configured or it does not have endpoints 
+	})
 })