[Kimchi-devel] [PATCH] Move kimchi nginx config file to nginx default directory.

28 Apr 2015

- Move Kimchi nginx config file to /etc/nginx/conf.d.
 - Rename nginx_kimchi.conf to kimchi.conf.
---
 .gitignore                    |  2 +-
 configure.ac                  |  1 +
 contrib/kimchi.spec.fedora.in |  6 ++--
 contrib/kimchi.spec.suse.in   |  7 ++--
 src/Makefile.am               |  5 ++-
 src/kimchi/config.py.in       |  2 ++
 src/kimchi/proxy.py           | 12 +++----
 src/nginx.conf.in             | 76 -------------------------------------------
 src/nginx/Makefile.am         | 23 +++++++++++++
 src/nginx/kimchi.conf.in      | 76 +++++++++++++++++++++++++++++++++++++++++++
 10 files changed, 119 insertions(+), 91 deletions(-)
 delete mode 100644 src/nginx.conf.in
 create mode 100644 src/nginx/Makefile.am
 create mode 100644 src/nginx/kimchi.conf.in

diff --git a/.gitignore b/.gitignore
index 4abfc0a..a318bd9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,7 +28,7 @@ stamp-po
 kimchi-*.tar.gz
 src/kimchid
 src/kimchi.conf
-src/nginx_kimchi.conf
+src/nginx/kimchi.conf
 src/kimchi/config.py
 tests/run_tests.sh
 tests/test_config.py
diff --git a/configure.ac b/configure.ac
index 1b476c3..5da3240 100644
--- a/configure.ac
+++ b/configure.ac
@@ -80,6 +80,7 @@ AC_CONFIG_FILES([
     docs/Makefile
     src/Makefile
     src/distros.d/Makefile
+    src/nginx/Makefile
     src/kimchi/Makefile
     src/kimchi/control/Makefile
     src/kimchi/control/vm/Makefile
diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
index 750dada..a721a7f 100644
--- a/contrib/kimchi.spec.fedora.in
+++ b/contrib/kimchi.spec.fedora.in
@@ -94,7 +94,7 @@ touch %{buildroot}/%{_localstatedir}/log/kimchi/kimchi-error.log
 
 # create /etc/kimchi structure
 mkdir -p %{buildroot}/%{_sysconfdir}/kimchi/
-touch %{buildroot}/%{_sysconfdir}/kimchi/nginx_kimchi.conf
+touch %{buildroot}/%{_sysconfdir}/nginx/conf.d/kimchi.conf
 
 # Install the systemd scripts
 install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service
@@ -158,14 +158,14 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/kimchi/config/ui/*.xml
 %{_datadir}/kimchi/ui/
 %{_datadir}/kimchi
+%{_sysconfdir}/nginx/conf.d/kimchi.conf.in
+%{_sysconfdir}/nginx/conf.d/kimchi.conf
 %{_sysconfdir}/kimchi/kimchi.conf
-%{_sysconfdir}/kimchi/nginx.conf.in
 %{_sysconfdir}/kimchi/distros.d/debian.json
 %{_sysconfdir}/kimchi/distros.d/fedora.json
 %{_sysconfdir}/kimchi/distros.d/opensuse.json
 %{_sysconfdir}/kimchi/distros.d/ubuntu.json
 %{_sysconfdir}/kimchi/distros.d/gentoo.json
-%{_sysconfdir}/kimchi/nginx_kimchi.conf
 %{_sysconfdir}/kimchi/
 %{_sharedstatedir}/kimchi/debugreports/
 %{_sharedstatedir}/kimchi/screenshots/
diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
index 7e4172d..5673ced 100644
--- a/contrib/kimchi.spec.suse.in
+++ b/contrib/kimchi.spec.suse.in
@@ -63,7 +63,9 @@ touch %{buildroot}/%{_localstatedir}/log/kimchi/kimchi-error.log
 
 # create /etc/kimchi structure
 mkdir -p %{buildroot}/%{_sysconfdir}/kimchi/
-touch %{buildroot}/%{_sysconfdir}/kimchi/nginx_kimchi.conf
+
+# create nginx configuration
+touch %{buildroot}/%{_sysconfdir}/nginx/conf.d/kimchi.conf
 
 # Install the SysV init scripts
 install -Dm 0755 contrib/kimchid.sysvinit %{buildroot}%{_initrddir}/kimchid
@@ -97,13 +99,14 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/kimchi/config/ui/*.xml
 %{_datadir}/kimchi/ui/
 %{_datadir}/kimchi
+%{_sysconfdir}/nginx/conf.d/kimchi.conf.in
+%{_sysconfdir}/nginx/conf.d/kimchi.conf
 %{_sysconfdir}/kimchi/kimchi.conf
 %{_sysconfdir}/kimchi/distros.d/debian.json
 %{_sysconfdir}/kimchi/distros.d/fedora.json
 %{_sysconfdir}/kimchi/distros.d/opensuse.json
 %{_sysconfdir}/kimchi/distros.d/ubuntu.json
 %{_sysconfdir}/kimchi/distros.d/gentoo.json
-%{_sysconfdir}/kimchi/nginx_kimchi.conf
 %{_sysconfdir}/kimchi
 %{_initrddir}/kimchid
 %{_sysconfdir}/kimchi/
diff --git a/src/Makefile.am b/src/Makefile.am
index dfeb24e..edc163e 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -17,18 +17,17 @@
 # License along with this library; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
-SUBDIRS = kimchi distros.d
+SUBDIRS = kimchi distros.d nginx
 
 EXTRA_DIST = kimchid.in \
 	kimchi.conf.in \
-	nginx.conf.in \
 	firewalld.xml \
 	$(NULL)
 
 bin_SCRIPTS = kimchid
 
 confdir = $(sysconfdir)/kimchi
-dist_conf_DATA = kimchi.conf nginx.conf.in
+dist_conf_DATA = kimchi.conf
 
 BUILT_SOURCES = kimchi.conf
 
diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
index f2e1cac..f15d228 100644
--- a/src/kimchi/config.py.in
+++ b/src/kimchi/config.py.in
@@ -112,6 +112,7 @@ class Paths(object):
             self.novnc_dir = '/usr/share/novnc'
 
         if self.installed:
+            self.nginx_conf_dir = '@sysconfdir@/nginx/conf.d'
             self.state_dir = '@localstatedir@/lib/kimchi'
             self.log_dir = '@localstatedir@/log/kimchi'
             self.conf_dir = '@sysconfdir@/kimchi'
@@ -120,6 +121,7 @@ class Paths(object):
             self.mo_dir = '@prefix@/share/locale'
             self.spice_css_file = os.path.join(self.spice_dir, 'spice.css')
         else:
+            self.nginx_conf_dir = self.add_prefix('src/nginx')
             self.state_dir = self.add_prefix('data')
             self.log_dir = self.add_prefix('log')
             self.conf_dir = self.add_prefix('src')
diff --git a/src/kimchi/proxy.py b/src/kimchi/proxy.py
index fafa5bc..1b70d5e 100644
--- a/src/kimchi/proxy.py
+++ b/src/kimchi/proxy.py
@@ -37,8 +37,7 @@ def _create_proxy_config(options):
     To allow flexibility in which port kimchi runs, we need the same
     flexibility with the nginx proxy. This method creates the config
     file dynamically by using 'nginx.conf.in' as a template, creating
-    the file 'nginx_kimchi.config' which will be used to launch the
-    proxy.
+    the file 'kimchi.conf' which will be used to launch the proxy.
 
     Arguments:
     options - OptionParser object with Kimchi config options
@@ -53,6 +52,7 @@ def _create_proxy_config(options):
         user_proxy = 'www-data'
 
     config_dir = paths.conf_dir
+    nginx_config_dir = paths.nginx_conf_dir
     cert = options.ssl_cert
     key = options.ssl_key
 
@@ -70,7 +70,7 @@ def _create_proxy_config(options):
 
     # Read template file and create a new config file
     # with the specified parameters.
-    with open(os.path.join(config_dir, "nginx.conf.in")) as template:
+    with open(os.path.join(nginx_config_dir, "kimchi.conf.in")) as template:
         data = template.read()
     data = Template(data)
     data = data.safe_substitute(user=user_proxy,
@@ -81,7 +81,7 @@ def _create_proxy_config(options):
                                 max_body_size=eval(options.max_body_size))
 
     # Write file to be used for nginx.
-    config_file = open(os.path.join(config_dir, "nginx_kimchi.conf"), "w")
+    config_file = open(os.path.join(nginx_config_dir, "kimchi.conf"), "w")
     config_file.write(data)
     config_file.close()
 
@@ -89,8 +89,8 @@ def _create_proxy_config(options):
 def start_proxy(options):
     """Start nginx reverse proxy."""
     _create_proxy_config(options)
-    config_dir = paths.conf_dir
-    config_file = "%s/nginx_kimchi.conf" % config_dir
+    nginx_config_dir = paths.nginx_conf_dir
+    config_file = "%s/kimchi.conf" % nginx_config_dir
     cmd = ['nginx', '-c', config_file]
     subprocess.call(cmd)
 
diff --git a/src/nginx.conf.in b/src/nginx.conf.in
deleted file mode 100644
index e308152..0000000
--- a/src/nginx.conf.in
+++ /dev/null
@@ -1,76 +0,0 @@
-# Project Kimchi
-#
-# Copyright IBM, Corp. 2014
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-# 02110-1301  USA
-
-# This is a template file to be used to generate a nginx
-# proxy config file at kimchid script.
-
-user  ${user};
-worker_processes  1;
-
-error_log  /var/log/nginx/error.log;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-    sendfile    on;
-
-    client_max_body_size ${max_body_size}k;
-
-    # Timeout set to 10 minutes to avoid the 504 Gateway Timeout
-    # when Kimchi is processing a request.
-    proxy_connect_timeout       600;
-    proxy_send_timeout          600;
-    proxy_read_timeout          600;
-    send_timeout                600;
-
-    server {
-        listen ${proxy_ssl_port} ssl;
-
-        ssl_certificate ${cert_pem};
-        ssl_certificate_key ${cert_key};
-        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-        ssl_ciphers ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL;
-
-        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
-        add_header X-Frame-Options DENY;
-        add_header X-Content-Type-Options nosniff;
-        add_header X-XSS-Protection "1; mode=block";
-
-        location / {
-            proxy_pass http://127.0.0.1:${kimchid_port};
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_redirect http://127.0.0.1:${kimchid_port}/ https://$host:${proxy_ssl_port}/;
-        }
-    }
-
-    server {
-        listen ${proxy_port};
-        rewrite ^/(.*)$ https://$host:${proxy_ssl_port}/$1 redirect;
-    }
-}
diff --git a/src/nginx/Makefile.am b/src/nginx/Makefile.am
new file mode 100644
index 0000000..b240508
--- /dev/null
+++ b/src/nginx/Makefile.am
@@ -0,0 +1,23 @@
+#
+# Kimchi
+#
+# Copyright IBM Corp, 2013
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+EXTRA_DIST = kimchi.conf.in
+
+confdir = $(sysconfdir)/nginx/conf.d
+dist_conf_DATA = kimchi.conf.in
diff --git a/src/nginx/kimchi.conf.in b/src/nginx/kimchi.conf.in
new file mode 100644
index 0000000..e308152
--- /dev/null
+++ b/src/nginx/kimchi.conf.in
@@ -0,0 +1,76 @@
+# Project Kimchi
+#
+# Copyright IBM, Corp. 2014
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301  USA
+
+# This is a template file to be used to generate a nginx
+# proxy config file at kimchid script.
+
+user  ${user};
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+    sendfile    on;
+
+    client_max_body_size ${max_body_size}k;
+
+    # Timeout set to 10 minutes to avoid the 504 Gateway Timeout
+    # when Kimchi is processing a request.
+    proxy_connect_timeout       600;
+    proxy_send_timeout          600;
+    proxy_read_timeout          600;
+    send_timeout                600;
+
+    server {
+        listen ${proxy_ssl_port} ssl;
+
+        ssl_certificate ${cert_pem};
+        ssl_certificate_key ${cert_key};
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL;
+
+        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
+        add_header X-Frame-Options DENY;
+        add_header X-Content-Type-Options nosniff;
+        add_header X-XSS-Protection "1; mode=block";
+
+        location / {
+            proxy_pass http://127.0.0.1:${kimchid_port};
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_redirect http://127.0.0.1:${kimchid_port}/ https://$host:${proxy_ssl_port}/;
+        }
+    }
+
+    server {
+        listen ${proxy_port};
+        rewrite ^/(.*)$ https://$host:${proxy_ssl_port}/$1 redirect;
+    }
+}
-- 
1.9.1

    

[Kimchi-devel] [PATCH] Move kimchi nginx config file to nginx default directory.

Jose Ricardo Ziviani