[Kimchi-devel] [Wok][RFC] Issue #175: Do not generate nginx conf file on the fly
Aline Manera
alinefm at linux.vnet.ibm.com
Mon Oct 31 15:54:28 UTC 2016
Hi Ramon,
On 10/26/2016 03:27 PM, Ramon Medeiros wrote:
>
> Propose:
>
> Do not regenerate wok.conf at nginx at startup of wok.
>
> Questions:
>
> 1) The wok.conf will be generated at make ? And then copied at make rpm?
It will follow the same approach of the logrotate file.
There will be a nginx/wok.conf on source code that would be copy as-is
to /etc/nginx/conf.d on wok installation.
Today, when Wok starts up, the SSL certificate is generated and the path
is used by nginx/wok.conf
ssl_certificate ${cert_pem};
ssl_certificate_key ${cert_key};
You will need to have this path set as default and on package
installation, probably on post installation section, those 2 files
should be generated (or install empty files and let wok generated the
certificate on start up ?)
We also need to think when running wokd from source code. The
nginx/wok.conf will point to a specific path and on start up the
certificate will be generated?
>
> 2) If using make to generate it, how development run (when running
> from git), will work? The developer must copy wok.conf to nginx directory?
>
You can identify if wok is running from a installed system or not and if
not create a syslink to /etc/nginx/conf.d
> 3) The [server] configuration at wok.conf will be removed? letting to
> the user to change parameters?
Most of the [server] configuration will be removed.
We have today is:
[server]
# Hostname or IP address to listen on
#host = 0.0.0.0
# Port to listen on
#port = 8000
# Start an SSL-enabled server on the given port
#ssl_port = 8001
# Allow user disables HTTP port. In that case, all the connections
# will be done directly through HTTPS port (values: true|false)
#https_only = false
# Cherrypy server port
#cherrypy_port = 8010
# Port for websocket proxy to listen on
#websockets_port = 64667
# Number of minutes that a session can remain idle before the server
# terminates it automatically.
#session_timeout = 10
# The full path to an SSL Certificate or chain of certificates in
# PEM format. When a chain is used, the server's certificate must be
# the first certificate in the file with the chain concatenated into
# the end of that certificate. If left unspecified, Wok will generate
# a self-signed certificate automatically.
#ssl_cert =
# The corresponding private key in PEM format for the SSL Certificate
supplied
# above. If left blank, Wok will generate a self-signed certificate.
#ssl_key =
# Running environment of the server
#environment = production
# Max request body size in KB, default value is 4GB
#max_body_size = 4 * 1024 * 1024
# Wok server root. Set the following variable to configure any relative
path to
# the server. For example, to have Wok pointing to
https://localhost:8001/wok/
# uncomment the following:
#server_root=/wok
All the red parameters should be removed and keep those in black.
It implies in remove all the occurrences on code about parameters that
will be removed.
> --
>
> Ramon Nunes Medeiros
> Kimchi Developer
> Linux Technology Center Brazil
> IBM Systems & Technology Group
> Phone : +55 19 2132 7878
> ramonn at br.ibm.com
>
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20161031/8d7511d3/attachment.html>
More information about the Kimchi-devel
mailing list