[Kimchi-devel] [Wok][RFC] Issue #175: Do not generate nginx conf file on the fly

Mon Oct 31 16:02:09 UTC 2016

On 10/31/2016 01:54 PM, Aline Manera wrote:
> Hi Ramon,
>
> On 10/26/2016 03:27 PM, Ramon Medeiros wrote:
>>
>> Propose:
>>
>> Do not regenerate wok.conf at nginx at startup of wok.
>>
>> Questions:
>>
>> 1) The wok.conf will be generated at make ? And then copied at make rpm?
>
> It will follow the same approach of the logrotate file.
> There will be a nginx/wok.conf on source code that would be copy as-is 
> to /etc/nginx/conf.d on wok installation.
>
> Today, when Wok starts up, the SSL certificate is generated and the 
> path is used by nginx/wok.conf
>
>     ssl_certificate ${cert_pem};
>     ssl_certificate_key ${cert_key};
>
> You will need to have this path set as default and on package 
> installation, probably on post installation section, those 2 files 
> should be generated (or install empty files and let wok generated the 
> certificate on start up ?)
>
> We also need to think when running wokd from source code. The 
> nginx/wok.conf will point to a specific path and on start up the 
> certificate will be generated?
>
>>
>> 2) If using make to generate it, how development run (when running 
>> from git), will work? The developer must copy wok.conf to nginx 
>> directory?
>>
>
> You can identify if wok is running from a installed system or not and 
> if not create a syslink to /etc/nginx/conf.d
>
>> 3) The [server] configuration at wok.conf will be removed? letting to 
>> the user to change parameters?
>
> Most of the [server] configuration will be removed.
>
> We have today is:
>
> [server]
> # Hostname or IP address to listen on
> #host = 0.0.0.0
>
> # Port to listen on
> #port = 8000
>
> # Start an SSL-enabled server on the given port
> #ssl_port = 8001
>
> # Allow user disables HTTP port. In that case, all the connections
> # will be done directly through HTTPS port (values: true|false)
> #https_only = false
>
> # Cherrypy server port
> #cherrypy_port = 8010
>
> # Port for websocket proxy to listen on
> #websockets_port = 64667
>
> # Number of minutes that a session can remain idle before the server
> # terminates it automatically.
> #session_timeout = 10
>
> # The full path to an SSL Certificate or chain of certificates in
> # PEM format. When a chain is used, the server's certificate must be
> # the first certificate in the file with the chain concatenated into
> # the end of that certificate. If left unspecified, Wok will generate
> # a self-signed certificate automatically.
> #ssl_cert =
>
> # The corresponding private key in PEM format for the SSL Certificate 
> supplied
> # above.  If left blank, Wok will generate a self-signed certificate.
> #ssl_key =
>
> # Running environment of the server
> #environment = production
>
> # Max request body size in KB, default value is 4GB
> #max_body_size = 4 * 1024 * 1024
>
> # Wok server root. Set the following variable to configure any 
> relative path to
> # the server. For example, to have Wok pointing to 
> https://localhost:8001/wok/
> # uncomment the following:
> #server_root=/wok
>
> All the red parameters should be removed and keep those in black.
>
> It implies in remove all the occurrences on code about parameters that 
> will be removed.
>

Please, also add a comment on server_root parameter informing user, 
he/she will need to update the nginx/wok.conf file if this value is 
changed too.

And do not forget to update the man page docs/kimchid.8.in

>> -- 
>>
>> Ramon Nunes Medeiros
>> Kimchi Developer
>> Linux Technology Center Brazil
>> IBM Systems & Technology Group
>> Phone : +55 19 2132 7878
>> ramonn at br.ibm.com  
>>
>>
>> _______________________________________________
>> Kimchi-devel mailing list
>> Kimchi-devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>
>
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20161031/7ee9238a/attachment.html>