[Kimchi-devel] [PATCH v5 1/4] Github #329: Proxy module and template file
Daniel Barboza
danielhb at linux.vnet.ibm.com
Wed Apr 16 05:50:59 UTC 2014
From: Daniel Henrique Barboza <danielhb at linux.vnet.ibm.com>
The file src/kimchi/proxy.py is a module that contains all Nginx
related functions - start proxy, terminate proxy and create
proxy config.
src/nginx.conf.in is a template file that is used by the proxy
module to generate a customized proxy configuration.
Signed-off-by: Daniel Henrique Barboza <danielhb at linux.vnet.ibm.com>
---
src/kimchi/proxy.py | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++++
src/nginx.conf.in | 55 +++++++++++++++++++++++++++++++++
2 files changed, 143 insertions(+)
create mode 100644 src/kimchi/proxy.py
create mode 100644 src/nginx.conf.in
diff --git a/src/kimchi/proxy.py b/src/kimchi/proxy.py
new file mode 100644
index 0000000..389136b
--- /dev/null
+++ b/src/kimchi/proxy.py
@@ -0,0 +1,88 @@
+#!/usr/bin/python
+#
+# Project Kimchi
+#
+# Copyright IBM, Corp. 2014
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301 USA
+
+# This module contains functions that the manipulate
+# and configure the Nginx proxy.
+
+import os
+import pwd
+import subprocess
+from string import Template
+
+from kimchi.config import paths
+
+
+def create_proxy_config(p_port, k_port, p_ssl_port):
+ """Create nginx configuration file based on current ports config
+
+ To allow flexibility in which port kimchi runs, we need the same
+ flexibility with the nginx proxy. This method creates the config
+ file dynamically by using 'nginx.conf.in' as a template, creating
+ the file 'nginx_kimchi.config' which will be used to launch the
+ proxy.
+
+ Arguments:
+ p_port - proxy port
+ k_port - kimchid port
+ p_ssl_port - proxy SSL port
+ """
+
+ # User that will run the worker process of the proxy. Fedora,
+ # RHEL and Suse creates an user called 'nginx' when installing
+ # the proxy. Ubuntu creates an user 'www-data' for it.
+ user_proxy = 'nginx'
+ try:
+ pwd.getpwnam(user_proxy)
+ except KeyError:
+ user_proxy = 'www-data'
+
+ # get SSL paths to be used by the proxy
+ config_dir = paths.conf_dir
+ cert = '%s/kimchi-cert.pem' % config_dir
+ key = '%s/kimchi-key.pem' % config_dir
+
+ with open(os.path.join(config_dir, "nginx.conf.in")) as template:
+ data = template.read()
+
+ data = Template(data)
+ data = data.safe_substitute(user=user_proxy,
+ proxy_port=p_port,
+ kimchid_port=k_port,
+ proxy_ssl_port=p_ssl_port,
+ cert_pem=cert, cert_key=key)
+
+ config_file = open(os.path.join(config_dir, "nginx_kimchi.conf"), "w")
+ config_file.write(data)
+ config_file.close()
+
+
+def start_proxy():
+ """Start nginx reverse proxy."""
+ config_dir = paths.conf_dir
+ config_file = "%s/nginx_kimchi.conf" % config_dir
+ cmd = ['nginx', '-c', config_file]
+ subprocess.call(cmd)
+
+
+def terminate_proxy():
+ """Stop nginx process."""
+ term_proxy_cmd = ['nginx', '-s', 'stop']
+ subprocess.call(term_proxy_cmd)
diff --git a/src/nginx.conf.in b/src/nginx.conf.in
new file mode 100644
index 0000000..967b46b
--- /dev/null
+++ b/src/nginx.conf.in
@@ -0,0 +1,55 @@
+# Project Kimchi
+#
+# Copyright IBM, Corp. 2014
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 USA
+
+
+# This is a template file to be used to generate a nginx
+# proxy config file at kimchid script.
+
+user $user;
+worker_processes 1;
+
+error_log /var/log/nginx/error.log;
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+
+ server {
+ listen $proxy_port;
+ listen $proxy_ssl_port ssl;
+ ssl_certificate $cert_pem;
+ ssl_certificate_key $cert_key;
+
+ location / {
+ proxy_pass http://localhost:$kimchid_port;
+ proxy_set_header Host $host;
+ }
+ }
+}
--
1.8.3.1
More information about the Kimchi-devel
mailing list