Hi Ramon,

On 10/26/2016 03:27 PM, Ramon Medeiros wrote:

Propose:

Do not regenerate wok.conf at nginx at startup of wok.

Questions:

1) The wok.conf will be generated at make ? And then copied at make rpm?

It will follow the same approach of the logrotate file.
There will be a nginx/wok.conf on source code that would be copy as-is to /etc/nginx/conf.d on wok installation.

Today, when Wok starts up, the SSL certificate is generated and the path is used by nginx/wok.conf

    ssl_certificate ${cert_pem};                                               
    ssl_certificate_key ${cert_key}; 

You will need to have this path set as default and on package installation, probably on post installation section, those 2 files should be generated (or install empty files and let wok generated the certificate on start up ?)

We also need to think when running wokd from source code. The nginx/wok.conf will point to a specific path and on start up the certificate will be generated?


2) If using make to generate it, how development run (when running from git), will work? The developer must copy wok.conf to nginx directory?


You can identify if wok is running from a installed system or not and if not create a syslink to /etc/nginx/conf.d

3) The [server] configuration at wok.conf will be removed? letting to the user to change parameters?

Most of the [server] configuration will be removed.

We have today is:

[server]
# Hostname or IP address to listen on
#host = 0.0.0.0

# Port to listen on
#port = 8000

# Start an SSL-enabled server on the given port
#ssl_port = 8001

# Allow user disables HTTP port. In that case, all the connections
# will be done directly through HTTPS port (values: true|false)
#https_only = false

# Cherrypy server port
#cherrypy_port = 8010

# Port for websocket proxy to listen on
#websockets_port = 64667

# Number of minutes that a session can remain idle before the server
# terminates it automatically.
#session_timeout = 10

# The full path to an SSL Certificate or chain of certificates in
# PEM format. When a chain is used, the server's certificate must be
# the first certificate in the file with the chain concatenated into
# the end of that certificate. If left unspecified, Wok will generate
# a self-signed certificate automatically.
#ssl_cert =

# The corresponding private key in PEM format for the SSL Certificate supplied
# above.  If left blank, Wok will generate a self-signed certificate.
#ssl_key =


# Running environment of the server
#environment = production

# Max request body size in KB, default value is 4GB
#max_body_size = 4 * 1024 * 1024


# Wok server root. Set the following variable to configure any relative path to
# the server. For example, to have Wok pointing to https://localhost:8001/wok/
# uncomment the following:
#server_root=/wok

All the red parameters should be removed and keep those in black.

It implies in remove all the occurrences on code about parameters that will be removed.

-- 

Ramon Nunes Medeiros
Kimchi Developer
Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
ramonn@br.ibm.com 


_______________________________________________
Kimchi-devel mailing list
Kimchi-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/kimchi-devel