[Kimchi-devel] [PATCH] Move kimchi nginx config file to nginx default directory.
Aline Manera
alinefm at linux.vnet.ibm.com
Tue Apr 28 14:20:08 UTC 2015
Reviewed-by: Aline Manera <alinefm at linux.vnet.ibm.com>
On 28/04/2015 10:50, Jose Ricardo Ziviani wrote:
> - Move Kimchi nginx config file to /etc/nginx/conf.d.
> - Rename nginx_kimchi.conf to kimchi.conf.
> ---
> .gitignore | 2 +-
> configure.ac | 1 +
> contrib/kimchi.spec.fedora.in | 6 ++--
> contrib/kimchi.spec.suse.in | 7 ++--
> src/Makefile.am | 5 ++-
> src/kimchi/config.py.in | 2 ++
> src/kimchi/proxy.py | 12 +++----
> src/nginx.conf.in | 76 -------------------------------------------
> src/nginx/Makefile.am | 23 +++++++++++++
> src/nginx/kimchi.conf.in | 76 +++++++++++++++++++++++++++++++++++++++++++
> 10 files changed, 119 insertions(+), 91 deletions(-)
> delete mode 100644 src/nginx.conf.in
> create mode 100644 src/nginx/Makefile.am
> create mode 100644 src/nginx/kimchi.conf.in
>
> diff --git a/.gitignore b/.gitignore
> index 4abfc0a..a318bd9 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -28,7 +28,7 @@ stamp-po
> kimchi-*.tar.gz
> src/kimchid
> src/kimchi.conf
> -src/nginx_kimchi.conf
> +src/nginx/kimchi.conf
> src/kimchi/config.py
> tests/run_tests.sh
> tests/test_config.py
> diff --git a/configure.ac b/configure.ac
> index 1b476c3..5da3240 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -80,6 +80,7 @@ AC_CONFIG_FILES([
> docs/Makefile
> src/Makefile
> src/distros.d/Makefile
> + src/nginx/Makefile
> src/kimchi/Makefile
> src/kimchi/control/Makefile
> src/kimchi/control/vm/Makefile
> diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
> index 750dada..a721a7f 100644
> --- a/contrib/kimchi.spec.fedora.in
> +++ b/contrib/kimchi.spec.fedora.in
> @@ -94,7 +94,7 @@ touch %{buildroot}/%{_localstatedir}/log/kimchi/kimchi-error.log
>
> # create /etc/kimchi structure
> mkdir -p %{buildroot}/%{_sysconfdir}/kimchi/
> -touch %{buildroot}/%{_sysconfdir}/kimchi/nginx_kimchi.conf
> +touch %{buildroot}/%{_sysconfdir}/nginx/conf.d/kimchi.conf
>
> # Install the systemd scripts
> install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service
> @@ -158,14 +158,14 @@ rm -rf $RPM_BUILD_ROOT
> %{_datadir}/kimchi/config/ui/*.xml
> %{_datadir}/kimchi/ui/
> %{_datadir}/kimchi
> +%{_sysconfdir}/nginx/conf.d/kimchi.conf.in
> +%{_sysconfdir}/nginx/conf.d/kimchi.conf
> %{_sysconfdir}/kimchi/kimchi.conf
> -%{_sysconfdir}/kimchi/nginx.conf.in
> %{_sysconfdir}/kimchi/distros.d/debian.json
> %{_sysconfdir}/kimchi/distros.d/fedora.json
> %{_sysconfdir}/kimchi/distros.d/opensuse.json
> %{_sysconfdir}/kimchi/distros.d/ubuntu.json
> %{_sysconfdir}/kimchi/distros.d/gentoo.json
> -%{_sysconfdir}/kimchi/nginx_kimchi.conf
> %{_sysconfdir}/kimchi/
> %{_sharedstatedir}/kimchi/debugreports/
> %{_sharedstatedir}/kimchi/screenshots/
> diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
> index 7e4172d..5673ced 100644
> --- a/contrib/kimchi.spec.suse.in
> +++ b/contrib/kimchi.spec.suse.in
> @@ -63,7 +63,9 @@ touch %{buildroot}/%{_localstatedir}/log/kimchi/kimchi-error.log
>
> # create /etc/kimchi structure
> mkdir -p %{buildroot}/%{_sysconfdir}/kimchi/
> -touch %{buildroot}/%{_sysconfdir}/kimchi/nginx_kimchi.conf
> +
> +# create nginx configuration
> +touch %{buildroot}/%{_sysconfdir}/nginx/conf.d/kimchi.conf
>
> # Install the SysV init scripts
> install -Dm 0755 contrib/kimchid.sysvinit %{buildroot}%{_initrddir}/kimchid
> @@ -97,13 +99,14 @@ rm -rf $RPM_BUILD_ROOT
> %{_datadir}/kimchi/config/ui/*.xml
> %{_datadir}/kimchi/ui/
> %{_datadir}/kimchi
> +%{_sysconfdir}/nginx/conf.d/kimchi.conf.in
> +%{_sysconfdir}/nginx/conf.d/kimchi.conf
> %{_sysconfdir}/kimchi/kimchi.conf
> %{_sysconfdir}/kimchi/distros.d/debian.json
> %{_sysconfdir}/kimchi/distros.d/fedora.json
> %{_sysconfdir}/kimchi/distros.d/opensuse.json
> %{_sysconfdir}/kimchi/distros.d/ubuntu.json
> %{_sysconfdir}/kimchi/distros.d/gentoo.json
> -%{_sysconfdir}/kimchi/nginx_kimchi.conf
> %{_sysconfdir}/kimchi
> %{_initrddir}/kimchid
> %{_sysconfdir}/kimchi/
> diff --git a/src/Makefile.am b/src/Makefile.am
> index dfeb24e..edc163e 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -17,18 +17,17 @@
> # License along with this library; if not, write to the Free Software
> # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
>
> -SUBDIRS = kimchi distros.d
> +SUBDIRS = kimchi distros.d nginx
>
> EXTRA_DIST = kimchid.in \
> kimchi.conf.in \
> - nginx.conf.in \
> firewalld.xml \
> $(NULL)
>
> bin_SCRIPTS = kimchid
>
> confdir = $(sysconfdir)/kimchi
> -dist_conf_DATA = kimchi.conf nginx.conf.in
> +dist_conf_DATA = kimchi.conf
>
> BUILT_SOURCES = kimchi.conf
>
> diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
> index f2e1cac..f15d228 100644
> --- a/src/kimchi/config.py.in
> +++ b/src/kimchi/config.py.in
> @@ -112,6 +112,7 @@ class Paths(object):
> self.novnc_dir = '/usr/share/novnc'
>
> if self.installed:
> + self.nginx_conf_dir = '@sysconfdir@/nginx/conf.d'
> self.state_dir = '@localstatedir@/lib/kimchi'
> self.log_dir = '@localstatedir@/log/kimchi'
> self.conf_dir = '@sysconfdir@/kimchi'
> @@ -120,6 +121,7 @@ class Paths(object):
> self.mo_dir = '@prefix@/share/locale'
> self.spice_css_file = os.path.join(self.spice_dir, 'spice.css')
> else:
> + self.nginx_conf_dir = self.add_prefix('src/nginx')
> self.state_dir = self.add_prefix('data')
> self.log_dir = self.add_prefix('log')
> self.conf_dir = self.add_prefix('src')
> diff --git a/src/kimchi/proxy.py b/src/kimchi/proxy.py
> index fafa5bc..1b70d5e 100644
> --- a/src/kimchi/proxy.py
> +++ b/src/kimchi/proxy.py
> @@ -37,8 +37,7 @@ def _create_proxy_config(options):
> To allow flexibility in which port kimchi runs, we need the same
> flexibility with the nginx proxy. This method creates the config
> file dynamically by using 'nginx.conf.in' as a template, creating
> - the file 'nginx_kimchi.config' which will be used to launch the
> - proxy.
> + the file 'kimchi.conf' which will be used to launch the proxy.
>
> Arguments:
> options - OptionParser object with Kimchi config options
> @@ -53,6 +52,7 @@ def _create_proxy_config(options):
> user_proxy = 'www-data'
>
> config_dir = paths.conf_dir
> + nginx_config_dir = paths.nginx_conf_dir
> cert = options.ssl_cert
> key = options.ssl_key
>
> @@ -70,7 +70,7 @@ def _create_proxy_config(options):
>
> # Read template file and create a new config file
> # with the specified parameters.
> - with open(os.path.join(config_dir, "nginx.conf.in")) as template:
> + with open(os.path.join(nginx_config_dir, "kimchi.conf.in")) as template:
> data = template.read()
> data = Template(data)
> data = data.safe_substitute(user=user_proxy,
> @@ -81,7 +81,7 @@ def _create_proxy_config(options):
> max_body_size=eval(options.max_body_size))
>
> # Write file to be used for nginx.
> - config_file = open(os.path.join(config_dir, "nginx_kimchi.conf"), "w")
> + config_file = open(os.path.join(nginx_config_dir, "kimchi.conf"), "w")
> config_file.write(data)
> config_file.close()
>
> @@ -89,8 +89,8 @@ def _create_proxy_config(options):
> def start_proxy(options):
> """Start nginx reverse proxy."""
> _create_proxy_config(options)
> - config_dir = paths.conf_dir
> - config_file = "%s/nginx_kimchi.conf" % config_dir
> + nginx_config_dir = paths.nginx_conf_dir
> + config_file = "%s/kimchi.conf" % nginx_config_dir
> cmd = ['nginx', '-c', config_file]
> subprocess.call(cmd)
>
> diff --git a/src/nginx.conf.in b/src/nginx.conf.in
> deleted file mode 100644
> index e308152..0000000
> --- a/src/nginx.conf.in
> +++ /dev/null
> @@ -1,76 +0,0 @@
> -# Project Kimchi
> -#
> -# Copyright IBM, Corp. 2014
> -#
> -# This library is free software; you can redistribute it and/or
> -# modify it under the terms of the GNU Lesser General Public
> -# License as published by the Free Software Foundation; either
> -# version 2.1 of the License, or (at your option) any later version.
> -#
> -# This library is distributed in the hope that it will be useful,
> -# but WITHOUT ANY WARRANTY; without even the implied warranty of
> -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> -# Lesser General Public License for more details.
> -#
> -# You should have received a copy of the GNU Lesser General Public
> -# License along with this library; if not, write to the Free Software
> -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> -# 02110-1301 USA
> -
> -# This is a template file to be used to generate a nginx
> -# proxy config file at kimchid script.
> -
> -user ${user};
> -worker_processes 1;
> -
> -error_log /var/log/nginx/error.log;
> -
> -events {
> - worker_connections 1024;
> -}
> -
> -http {
> -
> - log_format main '$remote_addr - $remote_user [$time_local] "$request" '
> - '$status $body_bytes_sent "$http_referer" '
> - '"$http_user_agent" "$http_x_forwarded_for"';
> -
> - access_log /var/log/nginx/access.log main;
> - sendfile on;
> -
> - client_max_body_size ${max_body_size}k;
> -
> - # Timeout set to 10 minutes to avoid the 504 Gateway Timeout
> - # when Kimchi is processing a request.
> - proxy_connect_timeout 600;
> - proxy_send_timeout 600;
> - proxy_read_timeout 600;
> - send_timeout 600;
> -
> - server {
> - listen ${proxy_ssl_port} ssl;
> -
> - ssl_certificate ${cert_pem};
> - ssl_certificate_key ${cert_key};
> - ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> - ssl_ciphers ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL;
> -
> - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
> - add_header X-Frame-Options DENY;
> - add_header X-Content-Type-Options nosniff;
> - add_header X-XSS-Protection "1; mode=block";
> -
> - location / {
> - proxy_pass http://127.0.0.1:${kimchid_port};
> - proxy_set_header Host $host;
> - proxy_set_header X-Real-IP $remote_addr;
> - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> - proxy_redirect http://127.0.0.1:${kimchid_port}/ https://$host:${proxy_ssl_port}/;
> - }
> - }
> -
> - server {
> - listen ${proxy_port};
> - rewrite ^/(.*)$ https://$host:${proxy_ssl_port}/$1 redirect;
> - }
> -}
> diff --git a/src/nginx/Makefile.am b/src/nginx/Makefile.am
> new file mode 100644
> index 0000000..b240508
> --- /dev/null
> +++ b/src/nginx/Makefile.am
> @@ -0,0 +1,23 @@
> +#
> +# Kimchi
> +#
> +# Copyright IBM Corp, 2013
> +#
> +# This library is free software; you can redistribute it and/or
> +# modify it under the terms of the GNU Lesser General Public
> +# License as published by the Free Software Foundation; either
> +# version 2.1 of the License, or (at your option) any later version.
> +#
> +# This library is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +# Lesser General Public License for more details.
> +#
> +# You should have received a copy of the GNU Lesser General Public
> +# License along with this library; if not, write to the Free Software
> +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
> +
> +EXTRA_DIST = kimchi.conf.in
> +
> +confdir = $(sysconfdir)/nginx/conf.d
> +dist_conf_DATA = kimchi.conf.in
> diff --git a/src/nginx/kimchi.conf.in b/src/nginx/kimchi.conf.in
> new file mode 100644
> index 0000000..e308152
> --- /dev/null
> +++ b/src/nginx/kimchi.conf.in
> @@ -0,0 +1,76 @@
> +# Project Kimchi
> +#
> +# Copyright IBM, Corp. 2014
> +#
> +# This library is free software; you can redistribute it and/or
> +# modify it under the terms of the GNU Lesser General Public
> +# License as published by the Free Software Foundation; either
> +# version 2.1 of the License, or (at your option) any later version.
> +#
> +# This library is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +# Lesser General Public License for more details.
> +#
> +# You should have received a copy of the GNU Lesser General Public
> +# License along with this library; if not, write to the Free Software
> +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> +# 02110-1301 USA
> +
> +# This is a template file to be used to generate a nginx
> +# proxy config file at kimchid script.
> +
> +user ${user};
> +worker_processes 1;
> +
> +error_log /var/log/nginx/error.log;
> +
> +events {
> + worker_connections 1024;
> +}
> +
> +http {
> +
> + log_format main '$remote_addr - $remote_user [$time_local] "$request" '
> + '$status $body_bytes_sent "$http_referer" '
> + '"$http_user_agent" "$http_x_forwarded_for"';
> +
> + access_log /var/log/nginx/access.log main;
> + sendfile on;
> +
> + client_max_body_size ${max_body_size}k;
> +
> + # Timeout set to 10 minutes to avoid the 504 Gateway Timeout
> + # when Kimchi is processing a request.
> + proxy_connect_timeout 600;
> + proxy_send_timeout 600;
> + proxy_read_timeout 600;
> + send_timeout 600;
> +
> + server {
> + listen ${proxy_ssl_port} ssl;
> +
> + ssl_certificate ${cert_pem};
> + ssl_certificate_key ${cert_key};
> + ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> + ssl_ciphers ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL;
> +
> + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
> + add_header X-Frame-Options DENY;
> + add_header X-Content-Type-Options nosniff;
> + add_header X-XSS-Protection "1; mode=block";
> +
> + location / {
> + proxy_pass http://127.0.0.1:${kimchid_port};
> + proxy_set_header Host $host;
> + proxy_set_header X-Real-IP $remote_addr;
> + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> + proxy_redirect http://127.0.0.1:${kimchid_port}/ https://$host:${proxy_ssl_port}/;
> + }
> + }
> +
> + server {
> + listen ${proxy_port};
> + rewrite ^/(.*)$ https://$host:${proxy_ssl_port}/$1 redirect;
> + }
> +}
More information about the Kimchi-devel
mailing list