From ddc24f807065dd2b6be74fdae9595d9f87541c63 Mon Sep 17 00:00:00 2001
From: James Strong <strong.james.e@gmail.com>
Date: Wed, 10 Apr 2024 14:26:26 -0400
Subject: [PATCH 1/2] add njs to nginx build

Signed-off-by: James Strong <strong.james.e@gmail.com>
---
 images/nginx-1.25/rootfs/build.sh    | 11 ++++++++++-
 rootfs/etc/nginx/template/nginx.tmpl |  4 ++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/images/nginx-1.25/rootfs/build.sh b/images/nginx-1.25/rootfs/build.sh
index 3fe6109451a..2c34065c65a 100755
--- a/images/nginx-1.25/rootfs/build.sh
+++ b/images/nginx-1.25/rootfs/build.sh
@@ -109,6 +109,10 @@ export OPENTELEMETRY_CPP_VERSION="v1.11.0"
 # Check on https://github.com/open-telemetry/opentelemetry-proto
 export OPENTELEMETRY_PROTO_VERSION="v1.1.0"
 
+# http://hg.nginx.org/njs
+export NGINX_NJS_VERSION="0.8.3"
+
+
 export BUILD_PATH=/tmp/build
 
 ARCH=$(uname -m)
@@ -282,6 +286,10 @@ get_src 0fb790e394510e73fdba1492e576aaec0b8ee9ef08e3e821ce253a07719cf7ea \
 get_src d74f86ada2329016068bc5a243268f1f555edd620b6a7d6ce89295e7d6cf18da \
         "https://github.com/microsoft/mimalloc/archive/${MIMALOC_VERSION}.tar.gz" "mimalloc"
 
+
+get_src b7afc0e67cf1be8f9ea4b1e6133026e7fb6b8953fafc947d0778ca48a0aa1e64 \
+        "http://hg.nginx.org/njs/archive/${NGINX_NJS_VERSION}.tar.gz"
+
 # improve compilation times
 CORES=$(($(grep -c ^processor /proc/cpuinfo) - 1))
 
@@ -489,7 +497,8 @@ WITH_MODULES=" \
   --add-dynamic-module=$BUILD_PATH/nginx-http-auth-digest \
   --add-dynamic-module=$BUILD_PATH/ModSecurity-nginx \
   --add-dynamic-module=$BUILD_PATH/ngx_http_geoip2_module \
-  --add-dynamic-module=$BUILD_PATH/ngx_brotli"
+  --add-dynamic-module=$BUILD_PATH/ngx_brotli \
+  --add-module=$BUILD_PATH/njs"
 
 ./configure \
   --prefix=/usr/local/nginx \
diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
index 4c0da2eb95d..f3e356993a9 100644
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@@ -33,6 +33,10 @@ load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;
 load_module /etc/nginx/modules/otel_ngx_module.so;
 {{ end }}
 
+{{ if $cfg.EnableNJS }}
+load_module /etc/nginx/modules/ngx_http_js_module.so;
+{{ end }} 
+
 daemon off;
 
 worker_processes {{ $cfg.WorkerProcesses }};

From 4249cefaeaf4f1d67425fb38ef5c534a6c8062ed Mon Sep 17 00:00:00 2001
From: James Strong <strong.james.e@gmail.com>
Date: Wed, 10 Apr 2024 15:17:20 -0400
Subject: [PATCH 2/2] adding config flag to enable

Signed-off-by: James Strong <strong.james.e@gmail.com>
---
 images/nginx-1.25/rootfs/build.sh            | 4 ++--
 internal/ingress/controller/config/config.go | 4 ++++
 pkg/flags/flags.go                           | 2 ++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/images/nginx-1.25/rootfs/build.sh b/images/nginx-1.25/rootfs/build.sh
index 2c34065c65a..091dcd3779d 100755
--- a/images/nginx-1.25/rootfs/build.sh
+++ b/images/nginx-1.25/rootfs/build.sh
@@ -127,7 +127,7 @@ get_src()
 
   echo "Downloading $url"
 
-  curl -sSL "$url" -o "$f"
+  curl --retry 5 -sSL "$url" -o "$f"
   # TODO: Reenable checksum verification but make it smarter
   # echo "$hash  $f" | sha256sum -c - || exit 10
   if [ ! -z "$dest" ]; then
@@ -498,7 +498,7 @@ WITH_MODULES=" \
   --add-dynamic-module=$BUILD_PATH/ModSecurity-nginx \
   --add-dynamic-module=$BUILD_PATH/ngx_http_geoip2_module \
   --add-dynamic-module=$BUILD_PATH/ngx_brotli \
-  --add-module=$BUILD_PATH/njs"
+  --add-module=$BUILD_PATH/njs/nginx"
 
 ./configure \
   --prefix=/usr/local/nginx \
diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go
index 47f2120f169..383d92d9b45 100644
--- a/internal/ingress/controller/config/config.go
+++ b/internal/ingress/controller/config/config.go
@@ -452,6 +452,9 @@ type Configuration struct {
 	// MIME Types that will be compressed on-the-fly using Brotli module
 	BrotliTypes string `json:"brotli-types,omitempty"`
 
+	//Enables NGINX JS
+	EnableNJS bool `json:"enable-njs,omitempty`
+
 	// Enables or disables the HTTP/2 support in secure connections
 	// http://nginx.org/en/docs/http/ngx_http_v2_module.html
 	// Default: true
@@ -790,6 +793,7 @@ func NewDefault() Configuration {
 		BrotliLevel:                      4,
 		BrotliMinLength:                  20,
 		BrotliTypes:                      brotliTypes,
+		EnableNJS:                        false,
 		ClientHeaderBufferSize:           "1k",
 		ClientHeaderTimeout:              60,
 		ClientBodyBufferSize:             "8k",
diff --git a/pkg/flags/flags.go b/pkg/flags/flags.go
index 5891f636b31..e878d654ffc 100644
--- a/pkg/flags/flags.go
+++ b/pkg/flags/flags.go
@@ -228,6 +228,8 @@ Takes the form "<host>:port". If not provided, no admission controller is starte
 		disableSyncEvents = flags.Bool("disable-sync-events", false, "Disables the creation of 'Sync' event resources")
 
 		enableTopologyAwareRouting = flags.Bool("enable-topology-aware-routing", false, "Enable topology aware routing feature, needs service object annotation service.kubernetes.io/topology-mode sets to auto.")
+
+		
 	)
 
 	flags.StringVar(&nginx.MaxmindMirror, "maxmind-mirror", "", `Maxmind mirror url (example: http://geoip.local/databases.`)