[Kimchi-devel] [Wok][RFC] Issue #175: Do not generate nginx conf file on the fly

Aline Manera alinefm at linux.vnet.ibm.com
Mon Oct 31 15:54:28 UTC 2016


Hi Ramon,

On 10/26/2016 03:27 PM, Ramon Medeiros wrote:
>
> Propose:
>
> Do not regenerate wok.conf at nginx at startup of wok.
>
> Questions:
>
> 1) The wok.conf will be generated at make ? And then copied at make rpm?

It will follow the same approach of the logrotate file.
There will be a nginx/wok.conf on source code that would be copy as-is 
to /etc/nginx/conf.d on wok installation.

Today, when Wok starts up, the SSL certificate is generated and the path 
is used by nginx/wok.conf

     ssl_certificate ${cert_pem};
     ssl_certificate_key ${cert_key};

You will need to have this path set as default and on package 
installation, probably on post installation section, those 2 files 
should be generated (or install empty files and let wok generated the 
certificate on start up ?)

We also need to think when running wokd from source code. The 
nginx/wok.conf will point to a specific path and on start up the 
certificate will be generated?

>
> 2) If using make to generate it, how development run (when running 
> from git), will work? The developer must copy wok.conf to nginx directory?
>

You can identify if wok is running from a installed system or not and if 
not create a syslink to /etc/nginx/conf.d

> 3) The [server] configuration at wok.conf will be removed? letting to 
> the user to change parameters?

Most of the [server] configuration will be removed.

We have today is:

[server]
# Hostname or IP address to listen on
#host = 0.0.0.0

# Port to listen on
#port = 8000

# Start an SSL-enabled server on the given port
#ssl_port = 8001

# Allow user disables HTTP port. In that case, all the connections
# will be done directly through HTTPS port (values: true|false)
#https_only = false

# Cherrypy server port
#cherrypy_port = 8010

# Port for websocket proxy to listen on
#websockets_port = 64667

# Number of minutes that a session can remain idle before the server
# terminates it automatically.
#session_timeout = 10

# The full path to an SSL Certificate or chain of certificates in
# PEM format. When a chain is used, the server's certificate must be
# the first certificate in the file with the chain concatenated into
# the end of that certificate. If left unspecified, Wok will generate
# a self-signed certificate automatically.
#ssl_cert =

# The corresponding private key in PEM format for the SSL Certificate 
supplied
# above.  If left blank, Wok will generate a self-signed certificate.
#ssl_key =

# Running environment of the server
#environment = production

# Max request body size in KB, default value is 4GB
#max_body_size = 4 * 1024 * 1024

# Wok server root. Set the following variable to configure any relative 
path to
# the server. For example, to have Wok pointing to 
https://localhost:8001/wok/
# uncomment the following:
#server_root=/wok

All the red parameters should be removed and keep those in black.

It implies in remove all the occurrences on code about parameters that 
will be removed.

> -- 
>
> Ramon Nunes Medeiros
> Kimchi Developer
> Linux Technology Center Brazil
> IBM Systems & Technology Group
> Phone : +55 19 2132 7878
> ramonn at br.ibm.com  
>
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20161031/8d7511d3/attachment.html>


More information about the Kimchi-devel mailing list