On 11/01/2016 01:43 PM, Aline Manera wrote:
Hi Ramon:

You also need to update the files below to reflect those changes:
- wokd.in
- docs/wokd.8.in
- src/wok/config.py.in

And more comments below:

On 11/01/2016 01:33 PM, Ramon Medeiros wrote:
---
  .gitignore                 |  1 -
  Makefile.am                |  3 ++
  contrib/wok.spec.fedora.in |  1 -
  contrib/wok.spec.suse.in   |  1 -
  src/nginx/Makefile.am      |  7 ++--
  src/nginx/wok.conf         | 79 ++++++++++++++++++++++++++++++++++++++++++++++
  src/nginx/wok.conf.in      | 75 -------------------------------------------
  src/wok.conf.in            | 34 --------------------
  src/wok/proxy.py           | 45 --------------------------
  9 files changed, 85 insertions(+), 161 deletions(-)
  create mode 100644 src/nginx/wok.conf
  delete mode 100644 src/nginx/wok.conf.in

diff --git a/.gitignore b/.gitignore
index d06f936..10754f9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,7 +31,6 @@ wok-*.tar.gz
  wok.spec
  src/wokd
  src/wok.conf
-src/nginx/wok.conf
  src/wok/config.py
  tests/run_tests.sh
  tests/test_config.py
diff --git a/Makefile.am b/Makefile.am
index 5c8e69d..3754547 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -159,6 +159,8 @@ install-data-local:
      touch $(DESTDIR)/etc/nginx/conf.d/wok.conf
      mkdir -p $(DESTDIR)/etc/logrotate.d/
      $(INSTALL_DATA) $(top_srcdir)/src/wok.logrotate $(DESTDIR)/etc/logrotate.d/wokd
+    mkdir -p $(DESTDIR)/etc/nginx/conf.d
+    $(INSTALL_DATA) $(top_srcdir)/src/nginx/wok.conf $(DESTDIR)/etc/nginx/conf.d/wok.conf

  uninstall-local:
      @if test -f $(systemdsystemunitdir)/wokd.service; then \
@@ -175,6 +177,7 @@ uninstall-local:
      $(RM) -rf $(DESTDIR)/etc/wok
      $(RM) $(DESTDIR)/etc/nginx/conf.d/wok.conf
      $(RM) $(DESTDIR)/etc/logrotate.d/wokd

+    $(DESTDIR)/etc/nginx/conf.d/wok.conf

The $(RM) is missing
I did not add RM because it's already exists:

$(RM) $(DESTDIR)/etc/nginx/conf.d/wok.conf  (now wok.conf.in does not exists)


  VERSION:

-
-# Port to listen on
-#port = 8000
-

-# Start an SSL-enabled server on the given port
-#ssl_port = 8001
-

The ssl_port is being used by /config API so we will need to keep it there too.

OK
-# Allow user disables HTTP port. In that case, all the connections
-# will be done directly through HTTPS port (values: true|false)
-#https_only = false
-
  # Cherrypy server port
  #cherrypy_port = 8010

-# Port for websocket proxy to listen on
-#websockets_port = 64667

We will need to keep websockets_port as it needed by /config API and to Kimchi knows on which port to launch websocikfy

-
-# Number of minutes that a session can remain idle before the server
-# terminates it automatically.
-#session_timeout = 10
-
-# The full path to an SSL Certificate or chain of certificates in
-# PEM format. When a chain is used, the server's certificate must be
-# the first certificate in the file with the chain concatenated into
-# the end of that certificate. If left unspecified, Wok will generate
-# a self-signed certificate automatically.
-#ssl_cert =
-
-# The corresponding private key in PEM format for the SSL Certificate supplied
-# above.  If left blank, Wok will generate a self-signed certificate.
-#ssl_key =
-
  # Running environment of the server
  #environment = production

-# Max request body size in KB, default value is 4GB
-#max_body_size = 4 * 1024 * 1024
-
  # Wok server root. Set the following variable to configure any relative path to
  # the server. For example, to have Wok pointing to https://localhost:8001/wok/
  # uncomment the following:
diff --git a/src/wok/proxy.py b/src/wok/proxy.py
index 5f646e4..1c11b9b 100644
--- a/src/wok/proxy.py
+++ b/src/wok/proxy.py
@@ -25,8 +25,6 @@
  # and configure the Nginx proxy.

  import os
-import pwd
-from string import Template

  from wok import sslcert
  from wok.config import paths
@@ -53,17 +51,6 @@ def _create_proxy_config(options):
      Arguments:
      options - OptionParser object with Wok config options
      """
-    # User that will run the worker process of the proxy. Fedora,
-    # RHEL and Suse creates an user called 'nginx' when installing
-    # the proxy. Ubuntu creates an user 'www-data' for it.
-    user_proxy = None
-    user_list = ('nginx', 'www-data', 'http')
-    sys_users = [p.pw_name for p in pwd.getpwall()]
-    common_users = list(set(user_list) & set(sys_users))
-    if len(common_users) == 0:
-        raise Exception("No common user found")
-    else:
-        user_proxy = common_users[0]
      config_dir = paths.conf_dir
      nginx_config_dir = paths.nginx_conf_dir
      cert = options.ssl_cert
@@ -81,38 +68,6 @@ def _create_proxy_config(options):
              with open(key, "w") as f:
                  f.write(ssl_gen.key_pem())

-    # Setting up Diffie-Hellman group with 2048-bit file
-    dhparams_pem = os.path.join(config_dir, "dhparams.pem")
-
-    http_config = ''
-    if options.https_only == 'false':
-        http_config = HTTP_CONFIG % {'host_addr': options.host,
-                                     'proxy_port': options.port,
-                                     'proxy_ssl_port': options.ssl_port,
-                                     'rel_path': options.server_root}
-
-    # Read template file and create a new config file
-    # with the specified parameters.
-    with open(os.path.join(nginx_config_dir, "wok.conf.in")) as template:
-        data = template.read()
-    data = Template(data)
-    data = data.safe_substitute(user=user_proxy,
-                                host_addr=options.host,
-                                proxy_ssl_port=options.ssl_port,
-                                http_config=http_config,
-                                cherrypy_port=options.cherrypy_port,
-                                websockets_port=options.websockets_port,
-                                cert_pem=cert, cert_key=key,
-                                max_body_size=eval(options.max_body_size),
-                                session_timeout=options.session_timeout,
-                                dhparams_pem=dhparams_pem,
-                                server_root=options.server_root)
-
-    # Write file to be used for nginx.
-    config_file = open(os.path.join(nginx_config_dir, "wok.conf"), "w")
-    config_file.write(data)
-    config_file.close()
-
      # If not running from the installed path (from a cloned and builded source
      # code), create a symbolic link in  system's dir to prevent errors on read
      # SSL certifications.


-- 

Ramon Nunes Medeiros
Kimchi Developer
Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
ramonn@br.ibm.com