Re: [Kimchi-devel] [PATCH][Wok] Bug fix #175: Do not generate nginx conf file on the fly

Hi Ramon: You also need to update the files below to reflect those changes: - wokd.in - docs/wokd.8.in - src/wok/config.py.in And more comments below: On 11/01/2016 01:33 PM, Ramon Medeiros wrote: > --- > .gitignore | 1 - > Makefile.am | 3 ++ > contrib/wok.spec.fedora.in | 1 - > contrib/wok.spec.suse.in | 1 - > src/nginx/Makefile.am | 7 ++-- > src/nginx/wok.conf | 79 > ++++++++++++++++++++++++++++++++++++++++++++++ > src/nginx/wok.conf.in | 75 > ------------------------------------------- > src/wok.conf.in | 34 -------------------- > src/wok/proxy.py | 45 -------------------------- > 9 files changed, 85 insertions(+), 161 deletions(-) > create mode 100644 src/nginx/wok.conf > delete mode 100644 src/nginx/wok.conf.in > > diff --git a/.gitignore b/.gitignore > index d06f936..10754f9 100644 > --- a/.gitignore > +++ b/.gitignore > @@ -31,7 +31,6 @@ wok-*.tar.gz > wok.spec > src/wokd > src/wok.conf > -src/nginx/wok.conf > src/wok/config.py > tests/run_tests.sh > tests/test_config.py > diff --git a/Makefile.am b/Makefile.am > index 5c8e69d..3754547 100644 > --- a/Makefile.am > +++ b/Makefile.am > @@ -159,6 +159,8 @@ install-data-local: > touch $(DESTDIR)/etc/nginx/conf.d/wok.conf > mkdir -p $(DESTDIR)/etc/logrotate.d/ > $(INSTALL_DATA) $(top_srcdir)/src/wok.logrotate > $(DESTDIR)/etc/logrotate.d/wokd > + mkdir -p $(DESTDIR)/etc/nginx/conf.d > + $(INSTALL_DATA) $(top_srcdir)/src/nginx/wok.conf > $(DESTDIR)/etc/nginx/conf.d/wok.conf > > uninstall-local: > @if test -f $(systemdsystemunitdir)/wokd.service; then \ > @@ -175,6 +177,7 @@ uninstall-local: > $(RM) -rf $(DESTDIR)/etc/wok > $(RM) $(DESTDIR)/etc/nginx/conf.d/wok.conf > $(RM) $(DESTDIR)/etc/logrotate.d/wokd > + $(DESTDIR)/etc/nginx/conf.d/wok.conf The $(RM) is missing

> VERSION: > > - > -# Port to listen on > -#port = 8000 > - > -# Start an SSL-enabled server on the given port > -#ssl_port = 8001 > - The ssl_port is being used by /config API so we will need to keep it there too.

> -# Allow user disables HTTP port. In that case, all the connections > -# will be done directly through HTTPS port (values: true|false) > -#https_only = false > - > # Cherrypy server port > #cherrypy_port = 8010 > -# Port for websocket proxy to listen on > -#websockets_port = 64667 We will need to keep websockets_port as it needed by /config API and to Kimchi knows on which port to launch websocikfy > - > -# Number of minutes that a session can remain idle before the server > -# terminates it automatically. > -#session_timeout = 10 > - > -# The full path to an SSL Certificate or chain of certificates in > -# PEM format. When a chain is used, the server's certificate must be > -# the first certificate in the file with the chain concatenated into > -# the end of that certificate. If left unspecified, Wok will generate > -# a self-signed certificate automatically. > -#ssl_cert = > - > -# The corresponding private key in PEM format for the SSL > Certificate supplied > -# above. If left blank, Wok will generate a self-signed certificate. > -#ssl_key = > - > # Running environment of the server > #environment = production > > -# Max request body size in KB, default value is 4GB > -#max_body_size = 4 * 1024 * 1024 > - > # Wok server root. Set the following variable to configure any > relative path to > # the server. For example, to have Wok pointing to > https://localhost:8001/wok/ > # uncomment the following: > diff --git a/src/wok/proxy.py b/src/wok/proxy.py > index 5f646e4..1c11b9b 100644 > --- a/src/wok/proxy.py > +++ b/src/wok/proxy.py > @@ -25,8 +25,6 @@ > # and configure the Nginx proxy. > > import os > -import pwd > -from string import Template > > from wok import sslcert > from wok.config import paths > @@ -53,17 +51,6 @@ def _create_proxy_config(options): > Arguments: > options - OptionParser object with Wok config options > """ > - # User that will run the worker process of the proxy. Fedora, > - # RHEL and Suse creates an user called 'nginx' when installing > - # the proxy. Ubuntu creates an user 'www-data' for it. > - user_proxy = None > - user_list = ('nginx', 'www-data', 'http') > - sys_users = [p.pw_name for p in pwd.getpwall()] > - common_users = list(set(user_list) & set(sys_users)) > - if len(common_users) == 0: > - raise Exception("No common user found") > - else: > - user_proxy = common_users[0] > config_dir = paths.conf_dir > nginx_config_dir = paths.nginx_conf_dir > cert = options.ssl_cert > @@ -81,38 +68,6 @@ def _create_proxy_config(options): > with open(key, "w") as f: > f.write(ssl_gen.key_pem()) > > - # Setting up Diffie-Hellman group with 2048-bit file > - dhparams_pem = os.path.join(config_dir, "dhparams.pem") > - > - http_config = '' > - if options.https_only == 'false': > - http_config = HTTP_CONFIG % {'host_addr': options.host, > - 'proxy_port': options.port, > - 'proxy_ssl_port': > options.ssl_port, > - 'rel_path': options.server_root} > - > - # Read template file and create a new config file > - # with the specified parameters. > - with open(os.path.join(nginx_config_dir, "wok.conf.in")) as > template: > - data = template.read() > - data = Template(data) > - data = data.safe_substitute(user=user_proxy, > - host_addr=options.host, > - proxy_ssl_port=options.ssl_port, > - http_config=http_config, > - cherrypy_port=options.cherrypy_port, > - websockets_port=options.websockets_port, > - cert_pem=cert, cert_key=key, > - max_body_size=eval(options.max_body_size), > - session_timeout=options.session_timeout, > - dhparams_pem=dhparams_pem, > - server_root=options.server_root) > - > - # Write file to be used for nginx. > - config_file = open(os.path.join(nginx_config_dir, "wok.conf"), "w") > - config_file.write(data) > - config_file.close() > - > # If not running from the installed path (from a cloned and > builded source > # code), create a symbolic link in system's dir to prevent > errors on read > # SSL certifications.