[Kimchi-devel] [PATCH] Initial prototype, make nginx proxy optional.

Royce Lv lvroyce at linux.vnet.ibm.com
Wed Feb 4 08:24:03 UTC 2015 

Since apache reverse proxy configuration is included in this patch,
so I suppose you would like to substitute nginx with apache?
Would you pls compare these reverse proxy in a single mail so that we 
can know why we want to choose it?

If we just want to give user another choice of reverse proxy,
I suggest we make "run_proxy" an enum so user can assign it to "apache", 
"nginx" or "none".

To be a completed patch, we may want to include a testcase to test if 
the reverse proxy works.

Some inline comments below:
On 02/03/2015 08:21 PM, Julien Goodwin wrote:
> Also includes an example apache config.
>
> Implements Issue #570
>
> Signed-off-by: Julien Goodwin <jgoodwin at studio442.com.au>
> ---
>   docs/Makefile.am        |  1 +
>   docs/apache.conf.ex     | 35 +++++++++++++++++++++++++++++++++++
>   src/kimchi.conf.in      |  3 +++
>   src/kimchi/config.py.in |  1 +
>   src/kimchi/proxy.py     |  6 ++++++
>   5 files changed, 46 insertions(+)
>   create mode 100644 docs/apache.conf.ex
>
> diff --git a/docs/Makefile.am b/docs/Makefile.am
> index 679aa18..eb8b396 100644
> --- a/docs/Makefile.am
> +++ b/docs/Makefile.am
> @@ -20,6 +20,7 @@
>   docdir = $(datadir)/kimchi/doc
>
>   dist_doc_DATA = \
> +        apache.conf.ex \
I hope we can include a runnable configuration and install it to the 
right place rather than just an example.
>   	API.md \
>   	README.md \
>   	README-federation.md \
> diff --git a/docs/apache.conf.ex b/docs/apache.conf.ex
> new file mode 100644
> index 0000000..cd26907
> --- /dev/null
> +++ b/docs/apache.conf.ex
> @@ -0,0 +1,35 @@
> +# Although not a supported configuration you can use apache to proxy kimchi traffic.
> +# Here is an example of the required configuration.
> +# This requires the following apache modules be enabled:
> +# - mod_proxy
> +# - mod_proxy_http
> +# - mod_ssl
> +# The port 80 redirect also requires mod_redirect
> +# HTTP STS (Strict Transport Security) also requires mod_headers
> +<VirtualHost *:443>
> +        ServerName kimchi
> +
> +        SSLEngine On
> +        SSLCertificateFile /etc/kimchi/kimchi-cert.pem
> +        SSLCertificateKeyFile /etc/kimchi/kimchi-key.pem
> +
> +        ProxyRequests On
Could you explain why we set "ProxyRequests" as "on" here? AFAIK, "off" 
is used to prevent anyone else to use apache as the anonymous proxy.
> +        ProxyPass / http://127.0.0.1:8010/
> +        ProxyPassReverse / http://127.0.0.1:8010/
Hope we can use variable rather than hard code, we may use port other 
than 8010
> +
> +        <Proxy http://127.0.0.1:8010/>
> +                Require all granted
> +        </Proxy>
> +
> +        # HTTP STS
> +        Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
> +</VirtualHost>
> +
> +<VirtualHost *:80>
> +        ServerName kimchi
> +
> +        Redirect / https://kimchi/
> +
> +        # HTTP STS
> +        Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
> +</VirtualHost>
> diff --git a/src/kimchi.conf.in b/src/kimchi.conf.in
> index 9f62ac0..e9e8628 100644
> --- a/src/kimchi.conf.in
> +++ b/src/kimchi.conf.in
> @@ -3,6 +3,9 @@
>   #
>
>   [server]
> +# Start the proxy service?
> +#run_proxy = on
> +
>   # Hostname or IP address to listen on
>   #host = 0.0.0.0
>
> diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
> index f2e1cac..41c5c89 100644
> --- a/src/kimchi/config.py.in
> +++ b/src/kimchi/config.py.in
> @@ -287,6 +287,7 @@ class PluginConfig(dict):
>   def _get_config():
>       config = SafeConfigParser()
>       config.add_section("server")
> +    config.set("server", "run_proxy", "on")
>       config.set("server", "host", "0.0.0.0")
>       config.set("server", "port", "8000")
>       config.set("server", "ssl_port", "8001")
> diff --git a/src/kimchi/proxy.py b/src/kimchi/proxy.py
> index fafa5bc..72497fe 100644
> --- a/src/kimchi/proxy.py
> +++ b/src/kimchi/proxy.py
> @@ -88,6 +88,9 @@ def _create_proxy_config(options):
>
>   def start_proxy(options):
>       """Start nginx reverse proxy."""
> +    if options.run_proxy == 'off':
> +        return
> +
>       _create_proxy_config(options)
>       config_dir = paths.conf_dir
>       config_file = "%s/nginx_kimchi.conf" % config_dir
> @@ -97,5 +100,8 @@ def start_proxy(options):
>
>   def terminate_proxy():
>       """Stop nginx process."""
> +    if options.run_proxy == 'off':
> +        return
> +
>       term_proxy_cmd = ['nginx', '-s', 'stop']
>       subprocess.call(term_proxy_cmd)

More information about the Kimchi-devel mailing list