add support for ipv6

Author: salonichf5

apis/v1alpha1/nginxproxy_types.go

@@ -27,12 +27,31 @@ type NginxProxyList struct {
 	Items           []NginxProxy `json:"items"`
 }
 
+// IPFamilyType specifies the IP family to be used by the server.
+//
+// +kubebuilder:validation:Enum=both;ipv4;ipv6
+type IPFamilyType string
+
+const (
+	// Dual specifies that the server will use both IPv4 and IPv6.
+	Dual IPFamilyType = "dual"
+	// IPv4 specifies that the server will use only IPv4.
+	IPv4 IPFamilyType = "ipv4"
+	// IPv6 specifies that the server will use only IPv6.
+	IPv6 IPFamilyType = "ipv6"
+)
+
 // NginxProxySpec defines the desired state of the NginxProxy.
 type NginxProxySpec struct {
 	// Telemetry specifies the OpenTelemetry configuration.
 	//
 	// +optional
 	Telemetry *Telemetry `json:"telemetry,omitempty"`
+	// IPFamily specifies the IP family to be used by the server.
+	// Default is "both", meaning the server will use both IPv4 and IPv6.
+	//
+	// +optional
+	IPFamily IPFamilyType `json:"ipFamily,omitempty"`
 	// DisableHTTP2 defines if http2 should be disabled for all servers.
 	// Default is false, meaning http2 will be enabled for all servers.
 	//

charts/nginx-gateway-fabric/values.yaml

@@ -84,8 +84,8 @@ nginx:
 
   # -- The configuration for the data plane that is contained in the NginxProxy resource.
   config:
-    {}
     # disableHTTP2: false
+    ipFamily: dual
     # telemetry:
     #   exporter:
     #     endpoint: otel-collector.default.svc:4317

config/crd/bases/gateway.nginx.org_nginxproxies.yaml

@@ -52,6 +52,15 @@ spec:
                   DisableHTTP2 defines if http2 should be disabled for all servers.
                   Default is false, meaning http2 will be enabled for all servers.
                 type: boolean
+              ipFamily:
+                description: |-
+                  IPFamily specifies the IP family to be used by the server.
+                  Default is "both", meaning the server will use both IPv4 and IPv6.
+                enum:
+                - both
+                - ipv4
+                - ipv6
+                type: string
               telemetry:
                 description: Telemetry specifies the OpenTelemetry configuration.
                 properties:

deploy/crds.yaml

@@ -697,6 +697,15 @@ spec:
                   DisableHTTP2 defines if http2 should be disabled for all servers.
                   Default is false, meaning http2 will be enabled for all servers.
                 type: boolean
+              ipFamily:
+                description: |-
+                  IPFamily specifies the IP family to be used by the server.
+                  Default is "both", meaning the server will use both IPv4 and IPv6.
+                enum:
+                - both
+                - ipv4
+                - ipv6
+                type: string
               telemetry:
                 description: Telemetry specifies the OpenTelemetry configuration.
                 properties:

internal/mode/static/nginx/config/http/config.go

@@ -10,6 +10,7 @@ type Server struct {
 	IsDefaultHTTP bool
 	IsDefaultSSL  bool
 	GRPC          bool
+	IPv6Enabled   bool
 }
 
 // Location holds all configuration for an HTTP location.

internal/mode/static/nginx/config/servers.go

@@ -8,6 +8,7 @@ import (
 	"strings"
 	gotemplate "text/template"
 
+	ngfAPI "github.com./nginxinc/nginx-gateway-fabric/apis/v1alpha1"
 	"github.com./nginxinc/nginx-gateway-fabric/internal/framework/helpers"
 	"github.com./nginxinc/nginx-gateway-fabric/internal/mode/static/nginx/config/http"
 	"github.com./nginxinc/nginx-gateway-fabric/internal/mode/static/state/dataplane"
@@ -58,7 +59,8 @@ var grpcBaseHeaders = []http.Header{
 }
 
 func executeServers(conf dataplane.Configuration) []executeResult {
-	servers, httpMatchPairs := createServers(conf.HTTPServers, conf.SSLServers)
+	ipv6Enabled := isIPv6Enabled(conf.BaseHTTPConfig)
+	servers, httpMatchPairs := createServers(conf.HTTPServers, conf.SSLServers, ipv6Enabled)
 
 	serverResult := executeResult{
 		dest: httpConfigFile,
@@ -86,6 +88,14 @@ func executeServers(conf dataplane.Configuration) []executeResult {
 	return allResults
 }
 
+// getIPFamily returns whether or not the configuration is set to use IPv6.
+func isIPv6Enabled(baseHTTPConfig dataplane.BaseHTTPConfig) bool {
+	if baseHTTPConfig.IPFamily == ngfAPI.IPv6 || baseHTTPConfig.IPFamily == ngfAPI.Dual {
+		return true
+	}
+	return false
+}
+
 func createAdditionFileResults(conf dataplane.Configuration) []executeResult {
 	uniqueAdditions := make(map[string][]byte)
 
@@ -141,17 +151,23 @@ func createIncludes(additions []dataplane.Addition) []string {
 	return includes
 }
 
-func createServers(httpServers, sslServers []dataplane.VirtualServer) ([]http.Server, httpMatchPairs) {
+func createServers(
+	httpServers,
+	sslServers []dataplane.VirtualServer,
+	ipv6Enabled bool,
+) ([]http.Server, httpMatchPairs) {
 	servers := make([]http.Server, 0, len(httpServers)+len(sslServers))
 	finalMatchPairs := make(httpMatchPairs)
 
 	for serverID, s := range httpServers {
+		s.IPv6Enabled = ipv6Enabled
 		httpServer, matchPairs := createServer(s, serverID)
 		servers = append(servers, httpServer)
 		maps.Copy(finalMatchPairs, matchPairs)
 	}
 
 	for serverID, s := range sslServers {
+		s.IPv6Enabled = ipv6Enabled
 		sslServer, matchPair := createSSLServer(s, serverID)
 		servers = append(servers, sslServer)
 		maps.Copy(finalMatchPairs, matchPair)
@@ -165,6 +181,7 @@ func createSSLServer(virtualServer dataplane.VirtualServer, serverID int) (http.
 		return http.Server{
 			IsDefaultSSL: true,
 			Port:         virtualServer.Port,
+			IPv6Enabled:  virtualServer.IPv6Enabled,
 		}, nil
 	}
 
@@ -176,10 +193,11 @@ func createSSLServer(virtualServer dataplane.VirtualServer, serverID int) (http.
 			Certificate:    generatePEMFileName(virtualServer.SSL.KeyPairID),
 			CertificateKey: generatePEMFileName(virtualServer.SSL.KeyPairID),
 		},
-		Locations: locs,
-		Port:      virtualServer.Port,
-		GRPC:      grpc,
-		Includes:  createIncludes(virtualServer.Additions),
+		Locations:   locs,
+		Port:        virtualServer.Port,
+		GRPC:        grpc,
+		Includes:    createIncludes(virtualServer.Additions),
+		IPv6Enabled: virtualServer.IPv6Enabled,
 	}, matchPairs
 }
 
@@ -188,17 +206,19 @@ func createServer(virtualServer dataplane.VirtualServer, serverID int) (http.Ser
 		return http.Server{
 			IsDefaultHTTP: true,
 			Port:          virtualServer.Port,
+			IPv6Enabled:   virtualServer.IPv6Enabled,
 		}, nil
 	}
 
 	locs, matchPairs, grpc := createLocations(&virtualServer, serverID)
 
 	return http.Server{
-		ServerName: virtualServer.Hostname,
-		Locations:  locs,
-		Port:       virtualServer.Port,
-		GRPC:       grpc,
-		Includes:   createIncludes(virtualServer.Additions),
+		ServerName:  virtualServer.Hostname,
+		Locations:   locs,
+		Port:        virtualServer.Port,
+		GRPC:        grpc,
+		Includes:    createIncludes(virtualServer.Additions),
+		IPv6Enabled: virtualServer.IPv6Enabled,
 	}, matchPairs
 }
 

internal/mode/static/nginx/config/servers_template.go

@@ -6,12 +6,18 @@ js_preload_object matches from /etc/nginx/conf.d/matches.json;
     {{ if $s.IsDefaultSSL -}}
 server {
     listen {{ $s.Port }} ssl default_server;
+        {{- if $s.IPv6Enabled }}
+    listen [::]:{{ $s.Port }} ssl default_server;
+        {{- end }}
 
     ssl_reject_handshake on;
 }
     {{- else if $s.IsDefaultHTTP }}
 server {
     listen {{ $s.Port }} default_server;
+        {{- if $s.IPv6Enabled }}
+    listen [::]:{{ $s.Port }} default_server;
+        {{- end }}
 
     default_type text/html;
     return 404;
@@ -20,6 +26,9 @@ server {
 server {
         {{- if $s.SSL }}
     listen {{ $s.Port }} ssl;
+        {{- if $s.IPv6Enabled }}
+    listen [::]:{{ $s.Port }} ssl;
+        {{- end }}
     ssl_certificate {{ $s.SSL.Certificate }};
     ssl_certificate_key {{ $s.SSL.CertificateKey }};
 
@@ -28,6 +37,9 @@ server {
     }
         {{- else }}
     listen {{ $s.Port }};
+        {{- if $s.IPv6Enabled }}
+    listen [::]:{{ $s.Port }};
+        {{- end }}
         {{- end }}
 
     server_name {{ $s.ServerName }};
@@ -94,14 +106,14 @@ server {
     {{- end }}
 {{ end }}
 server {
-    listen unix:/var/run/nginx/nginx-502-server.sock;
+    listen unix:/var/lib/nginx/nginx-502-server.sock;
     access_log off;
 
     return 502;
 }
 
 server {
-    listen unix:/var/run/nginx/nginx-500-server.sock;
+    listen unix:/var/lib/nginx/nginx-500-server.sock;
     access_log off;
 
     return 500;

internal/mode/static/nginx/config/servers_test.go

@@ -9,6 +9,7 @@ import (
 	. "github.com./onsi/gomega"
 	"k8s.io/apimachinery/pkg/types"
 
+	ngfAPI "github.com./nginxinc/nginx-gateway-fabric/apis/v1alpha1"
 	"github.com./nginxinc/nginx-gateway-fabric/internal/framework/helpers"
 	"github.com./nginxinc/nginx-gateway-fabric/internal/mode/static/nginx/config/http"
 	"github.com./nginxinc/nginx-gateway-fabric/internal/mode/static/state/dataplane"
@@ -92,13 +93,20 @@ func TestExecuteServers(t *testing.T) {
 				},
 			},
 		},
+		BaseHTTPConfig: dataplane.BaseHTTPConfig{
+			IPFamily: ngfAPI.Dual,
+		},
 	}
 
 	expSubStrings := map[string]int{
 		"listen 8080 default_server;":                              1,
+		"listen [::]:8080 default_server;":                         1,
 		"listen 8080;":                                             2,
+		"listen [::]:8080;":                                        2,
 		"listen 8443 ssl;":                                         2,
+		"listen [::]:8443 ssl;":                                    2,
 		"listen 8443 ssl default_server;":                          1,
+		"listen [::]:8443 ssl default_server;":                     1,
 		"server_name example.com;":                                 2,
 		"server_name cafe.example.com;":                            2,
 		"ssl_certificate /etc/nginx/secrets/test-keypair.pem;":     2,
@@ -621,8 +629,9 @@ func TestCreateServers(t *testing.T) {
 
 	httpServers := []dataplane.VirtualServer{
 		{
-			IsDefault: true,
-			Port:      8080,
+			IsDefault:   true,
+			Port:        8080,
+			IPv6Enabled: true,
 		},
 		{
 			Hostname:  "cafe.example.com",
@@ -638,13 +647,15 @@ func TestCreateServers(t *testing.T) {
 					Identifier: "server-addition-2",
 				},
 			},
+			IPv6Enabled: true,
 		},
 	}
 
 	sslServers := []dataplane.VirtualServer{
 		{
-			IsDefault: true,
-			Port:      8443,
+			IsDefault:   true,
+			Port:        8443,
+			IPv6Enabled: true,
 		},
 		{
 			Hostname:  "cafe.example.com",
@@ -661,6 +672,7 @@ func TestCreateServers(t *testing.T) {
 					Identifier: "server-addition-3",
 				},
 			},
+			IPv6Enabled: true,
 		},
 	}
 
@@ -1025,6 +1037,7 @@ func TestCreateServers(t *testing.T) {
 		{
 			IsDefaultHTTP: true,
 			Port:          8080,
+			IPv6Enabled:   true,
 		},
 		{
 			ServerName: "cafe.example.com",
@@ -1035,10 +1048,12 @@ func TestCreateServers(t *testing.T) {
 				includesFolder + "/server-addition-1.conf",
 				includesFolder + "/server-addition-2.conf",
 			},
+			IPv6Enabled: true,
 		},
 		{
 			IsDefaultSSL: true,
 			Port:         8443,
+			IPv6Enabled:  true,
 		},
 		{
 			ServerName: "cafe.example.com",
@@ -1053,12 +1068,13 @@ func TestCreateServers(t *testing.T) {
 				includesFolder + "/server-addition-1.conf",
 				includesFolder + "/server-addition-3.conf",
 			},
+			IPv6Enabled: true,
 		},
 	}
 
 	g := NewWithT(t)
 
-	result, httpMatchPair := createServers(httpServers, sslServers)
+	result, httpMatchPair := createServers(httpServers, sslServers, true)
 
 	g.Expect(httpMatchPair).To(Equal(allExpMatchPair))
 	g.Expect(helpers.Diff(expectedServers, result)).To(BeEmpty())
@@ -1244,30 +1260,34 @@ func TestCreateServersConflicts(t *testing.T) {
 		t.Run(test.name, func(t *testing.T) {
 			httpServers := []dataplane.VirtualServer{
 				{
-					IsDefault: true,
-					Port:      8080,
+					IsDefault:   true,
+					Port:        8080,
+					IPv6Enabled: true,
 				},
 				{
-					Hostname:  "cafe.example.com",
-					PathRules: test.rules,
-					Port:      8080,
+					Hostname:    "cafe.example.com",
+					PathRules:   test.rules,
+					Port:        8080,
+					IPv6Enabled: true,
 				},
 			}
 			expectedServers := []http.Server{
 				{
 					IsDefaultHTTP: true,
 					Port:          8080,
+					IPv6Enabled:   true,
 				},
 				{
-					ServerName: "cafe.example.com",
-					Locations:  test.expLocs,
-					Port:       8080,
+					ServerName:  "cafe.example.com",
+					Locations:   test.expLocs,
+					Port:        8080,
+					IPv6Enabled: true,
 				},
 			}
 
 			g := NewWithT(t)
 
-			result, _ := createServers(httpServers, []dataplane.VirtualServer{})
+			result, _ := createServers(httpServers, []dataplane.VirtualServer{}, true)
 			g.Expect(helpers.Diff(expectedServers, result)).To(BeEmpty())
 		})
 	}