Skip to content

NLB-7196: Update R36 Directives. #166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kafeelhasan wants to merge 2 commits into
base: main
Choose a base branch
from
Open

NLB-7196: Update R36 Directives. #166

kafeelhasan wants to merge 2 commits into from
+2,967 −5

Conversation

@kafeelhasan
Copy link

@kafeelhasan kafeelhasan commented Dec 8, 2025
edited
Loading

Proposed changes

Manually created the config JSON files by comparing the directives, then used the generator to create the directives.gen.go files.

New Directives Introduced in R36
For Native OIDC Module

  • frontchannel_logout_uri - Enables front-channel logout

  • pkce - Enables Proof Key for Code Exchange (PKCE) for enhanced security

For Tunnel Module (Forward Proxy)
13 new directives for HTTP CONNECT tunnel/forward proxy functionality:

  • tunnel_pass - Configures tunnel upstream

  • tunnel_bind - Binds tunnel connection to specific address

  • tunnel_bind_dynamic - Enables dynamic binding for tunnel connections

  • tunnel_allow_upstream - Allows specific upstream addresses for tunneling

  • tunnel_buffer_size - Sets buffer size for tunnel connections

  • tunnel_connect_timeout - Sets timeout for tunnel connection establishment

  • tunnel_next_upstream - Defines conditions for trying next upstream server

  • tunnel_next_upstream_timeout - Sets timeout for next upstream attempts

  • tunnel_next_upstream_tries - Sets maximum number of upstream tries

  • tunnel_read_timeout - Sets read timeout for tunnel connections

  • tunnel_send_timeout - Sets send timeout for tunnel connections

  • tunnel_send_lowat - Sets low water mark for send operations

  • tunnel_socket_keepalive - Enables TCP keepalive for tunnel connections

For ngx_http_core_module

  • early_hints - Sends 103 Early Hints response

  • add_header_inherit - Controls add_header inheritance behavior

  • add_trailer_inherit - Controls add_trailer inheritance behavior

For ngx_http_map_module and ngx_stream_map_module

  • num_map - Numeric range-based mapping (available in both HTTP and Stream contexts)

For SSL/TLS Modules (HTTP, Stream, Mail)

  • ssl_certificate_compression - Enables certificate compression to reduce TLS handshake size

Dynamic request generation directives

  • proxy_request_dynamic - Enables dynamic request generation for proxy

  • fastcgi_request_dynamic - Enables dynamic request generation for FastCGI

  • scgi_request_dynamic - Enables dynamic request generation for SCGI

  • uwsgi_request_dynamic - Enables dynamic request generation for uWSGI

Dynamic binding directives

  • proxy_bind_dynamic - Enables dynamic binding for proxy (HTTP and Stream)

  • fastcgi_bind_dynamic - Enables dynamic binding for FastCGI

  • scgi_bind_dynamic - Enables dynamic binding for SCGI

  • uwsgi_bind_dynamic - Enables dynamic binding for uWSGI

  • memcached_bind_dynamic - Enables dynamic binding for Memcached

  • grpc_bind_dynamic - Enables dynamic binding for gRPC

Allow upstream directives

  • proxy_allow_upstream - Allows specific upstream addresses for proxy

  • fastcgi_allow_upstream - Allows specific upstream addresses for FastCGI

  • scgi_allow_upstream - Allows specific upstream addresses for SCGI

  • uwsgi_allow_upstream - Allows specific upstream addresses for uWSGI

  • memcached_allow_upstream - Allows specific upstream addresses for Memcached

  • grpc_allow_upstream - Allows specific upstream addresses for gRPC

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING document
  • If applicable, I have added tests that prove my fix is effective or that my feature works
  • If applicable, I have checked that any relevant tests pass after adding my changes
  • I have updated any relevant documentation (README.md)

@kafeelhasan kafeelhasan requested a review from a team as a code owner December 8, 2025 06:34
@codecov
Copy link

codecov bot commented Dec 8, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.20%. Comparing base (eaaaa89) to head (8a58745).
⚠️ Report is 30 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #166      +/-   ##
==========================================
+ Coverage   76.63%   78.20%   +1.56%     
==========================================
  Files          27       31       +4     
  Lines        1164     1179      +15     
==========================================
+ Hits          892      922      +30     
+ Misses        216      202      -14     
+ Partials       56       55       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Naveen-Gopu-F5
Naveen-Gopu-F5 reviewed Dec 9, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Naveen-Gopu-F5 Naveen-Gopu-F5 Naveen-Gopu-F5 approved these changes

@ryepup ryepup Awaiting requested review from ryepup

@xynicole xynicole Awaiting requested review from xynicole

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kafeelhasan @Naveen-Gopu-F5