[Kimchi-devel] [PATCH] Issue #<570: Make nginx proxy optional
Frédéric Bonnard
frediz at linux.vnet.ibm.com
Tue Mar 10 17:39:24 UTC 2015
From: Frederic Bonnard <frediz at linux.vnet.ibm.com>
Hi,
I'm using the patch from Julien for this one : http://lists.ovirt.org/pipermail/kimchi-devel/2015-February/009840.html
and it wasn't taking the option into account, here is some changes that worked for me.
Also, I think that the goal of disabling nginx in this patch is not to use kimchi
directly, but to use another instance of nginx as I did or apache as Julien does.
F.
---
docs/Makefile.am | 1 +
docs/apache.conf.ex | 35 +++++++++++++++++++++++++++++++++++
src/kimchi.conf.in | 3 +++
src/kimchi/config.py.in | 1 +
src/kimchi/proxy.py | 8 +++++++-
5 files changed, 47 insertions(+), 1 deletion(-)
create mode 100644 docs/apache.conf.ex
diff --git a/docs/Makefile.am b/docs/Makefile.am
index 679aa18..09a4fcc 100644
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -20,6 +20,7 @@
docdir = $(datadir)/kimchi/doc
dist_doc_DATA = \
+ apache.conf.ex \
API.md \
README.md \
README-federation.md \
diff --git a/docs/apache.conf.ex b/docs/apache.conf.ex
new file mode 100644
index 0000000..cd26907
--- /dev/null
+++ b/docs/apache.conf.ex
@@ -0,0 +1,35 @@
+# Although not a supported configuration you can use apache to proxy kimchi traffic.
+# Here is an example of the required configuration.
+# This requires the following apache modules be enabled:
+# - mod_proxy
+# - mod_proxy_http
+# - mod_ssl
+# The port 80 redirect also requires mod_redirect
+# HTTP STS (Strict Transport Security) also requires mod_headers
+<VirtualHost *:443>
+ ServerName kimchi
+
+ SSLEngine On
+ SSLCertificateFile /etc/kimchi/kimchi-cert.pem
+ SSLCertificateKeyFile /etc/kimchi/kimchi-key.pem
+
+ ProxyRequests On
+ ProxyPass / http://127.0.0.1:8010/
+ ProxyPassReverse / http://127.0.0.1:8010/
+
+ <Proxy http://127.0.0.1:8010/>
+ Require all granted
+ </Proxy>
+
+ # HTTP STS
+ Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
+</VirtualHost>
+
+<VirtualHost *:80>
+ ServerName kimchi
+
+ Redirect / https://kimchi/
+
+ # HTTP STS
+ Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
+</VirtualHost>
diff --git a/src/kimchi.conf.in b/src/kimchi.conf.in
index 9f62ac0..e9e8628 100644
--- a/src/kimchi.conf.in
+++ b/src/kimchi.conf.in
@@ -3,6 +3,9 @@
#
[server]
+# Start the proxy service?
+#run_proxy = on
+
# Hostname or IP address to listen on
#host = 0.0.0.0
diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
index f2e1cac..41c5c89 100644
--- a/src/kimchi/config.py.in
+++ b/src/kimchi/config.py.in
@@ -287,6 +287,7 @@ class PluginConfig(dict):
def _get_config():
config = SafeConfigParser()
config.add_section("server")
+ config.set("server", "run_proxy", "on")
config.set("server", "host", "0.0.0.0")
config.set("server", "port", "8000")
config.set("server", "ssl_port", "8001")
diff --git a/src/kimchi/proxy.py b/src/kimchi/proxy.py
index fafa5bc..c8085dd 100644
--- a/src/kimchi/proxy.py
+++ b/src/kimchi/proxy.py
@@ -29,7 +29,7 @@ from string import Template
from kimchi import sslcert
from kimchi.config import paths
-
+import kimchi.config as config
def _create_proxy_config(options):
"""Create nginx configuration file based on current ports config
@@ -88,6 +88,9 @@ def _create_proxy_config(options):
def start_proxy(options):
"""Start nginx reverse proxy."""
+ if config.config.get("server", "run_proxy") == 'off':
+ return
+
_create_proxy_config(options)
config_dir = paths.conf_dir
config_file = "%s/nginx_kimchi.conf" % config_dir
@@ -97,5 +100,8 @@ def start_proxy(options):
def terminate_proxy():
"""Stop nginx process."""
+ if config.config.get("server", "run_proxy") == 'off':
+ return
+
term_proxy_cmd = ['nginx', '-s', 'stop']
subprocess.call(term_proxy_cmd)
--
1.9.1
More information about the Kimchi-devel
mailing list