From c289763ebe3a93c64e3ee986bad9a12a036b19c6 Mon Sep 17 00:00:00 2001 From: Lukasz Nowak <luke@nexedi.com> Date: Fri, 15 Jun 2018 08:43:31 +0200 Subject: [PATCH] apache-frontend: Fix Ngnix main configuration jinja2 template is required, as some paramters might come from the network. /reviewed-on https://lab.nexedi.com/nexedi/slapos/merge_requests/345 --- software/apache-frontend/buildout.hash.cfg | 4 +- .../instance-apache-frontend.cfg | 29 +++++++++++--- .../apache-frontend/templates/nginx.cfg.in | 40 +++++++++---------- 3 files changed, 45 insertions(+), 28 deletions(-) diff --git a/software/apache-frontend/buildout.hash.cfg b/software/apache-frontend/buildout.hash.cfg index 461faa58c..328a41c01 100644 --- a/software/apache-frontend/buildout.hash.cfg +++ b/software/apache-frontend/buildout.hash.cfg @@ -18,7 +18,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e [template-apache-frontend] filename = instance-apache-frontend.cfg -md5sum = b6a2c860ea1cd4bc9d185c7108c52d0a +md5sum = d6570c7a7e3c48efa7305677fe7c7ceb [template-apache-replicate] filename = instance-apache-replicate.cfg.in @@ -82,7 +82,7 @@ md5sum = 117238225b3fc3c5b5be381815f44c67 [template-nginx-configuration] filename = templates/nginx.cfg.in -md5sum = 18633ce55e53340efa1ba7693aac4152 +md5sum = f334ef32234771aee69c06f843da1980 [template-nginx-eventsource-slave-virtualhost] filename = templates/nginx-eventsource-slave.conf.in diff --git a/software/apache-frontend/instance-apache-frontend.cfg b/software/apache-frontend/instance-apache-frontend.cfg index e62e2915d..3018f1ef5 100644 --- a/software/apache-frontend/instance-apache-frontend.cfg +++ b/software/apache-frontend/instance-apache-frontend.cfg @@ -676,14 +676,31 @@ curl_path = ${curl:location}/bin/curl # [nginx-frontend] recipe = slapos.cookbook:wrapper -command-line = ${nginx-push-stream:location}/sbin/nginx -c $${nginx-configuration:output} +command-line = ${nginx-push-stream:location}/sbin/nginx -c $${dynamic-nginx-frontend-template:rendered} wrapper-path = $${directory:service}/frontend_nginx -[nginx-configuration] -recipe = slapos.recipe.template -url = ${template-nginx-configuration:output} -output = $${directory:etc}/nginx.cfg +[dynamic-nginx-frontend-template] +< = jinja2-template-base +template = ${template-nginx-configuration:output} +rendered = $${directory:etc}/nginx.cfg mode = 0600 +extra-context = + key ip nginx-configuration:ip + key local_ip nginx-configuration:local_ip + key port nginx-configuration:port + key plain_port nginx-configuration:plain_port + key worker_processes nginx-configuration:worker_processes + key pidfile nginx-configuration:pid-file + key worker_connections nginx-configuration:worker_connections + key error_log nginx-configuration:error_log + key access_log nginx-configuration:access_log + key ssl_certificate ca-frontend:cert-file + key ssl_key ca-frontend:key-file + key varnginx directory:varnginx + key slave_configuration_directory nginx-configuration:slave-configuration-directory + key document_root apache-directory:document-root + +[nginx-configuration] access_log = $${directory:log}/nginx-access.log error_log = $${directory:log}/nginx-error.log ip = $${slap-network-information:global-ipv6} @@ -695,7 +712,7 @@ worker_connections = 1024 slave-configuration-directory = $${apache-directory:nginx-slave-configuration} pid-file = $${directory:run}/nginx.pid nginx-graceful-command = $${:nginx-configuration-verification}; if [ $? -eq 0 ]; then kill -HUP $(cat $${:pid-file}); fi -nginx-configuration-verification = ${nginx-push-stream:location}/sbin/nginx -t -c $${nginx-configuration:output} +nginx-configuration-verification = ${nginx-push-stream:location}/sbin/nginx -t -c $${dynamic-nginx-frontend-template:rendered} [frontend-nginx-graceful] < = jinja2-template-base diff --git a/software/apache-frontend/templates/nginx.cfg.in b/software/apache-frontend/templates/nginx.cfg.in index 1b0c416ac..9dab64a64 100644 --- a/software/apache-frontend/templates/nginx.cfg.in +++ b/software/apache-frontend/templates/nginx.cfg.in @@ -1,14 +1,14 @@ daemon off; # run in the foreground so supervisord can look after it -worker_processes $${nginx-configuration:worker_processes}; -pid $${nginx-configuration:pid-file}; +worker_processes {{ worker_processes }}; +pid {{ pidfile }}; events { - worker_connections $${nginx-configuration:worker_connections}; + worker_connections {{ worker_connections }}; # multi_accept on; } -error_log $${nginx-configuration:error_log}; +error_log {{ error_log }}; http { @@ -23,17 +23,17 @@ http { types_hash_max_size 2048; server_tokens off; - error_log $${nginx-configuration:error_log}; + error_log {{ error_log }}; log_format custom '$remote_addr - $remote_user $time_local $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time'; - access_log $${nginx-configuration:access_log} custom; + access_log {{ access_log }} custom; # server_names_hash_bucket_size 64; # server_name_in_redirect off; default_type application/octet-stream; - ssl_certificate $${ca-frontend:cert-file}; - ssl_certificate_key $${ca-frontend:key-file}; + ssl_certificate {{ ssl_certificate }}; + ssl_certificate_key {{ ssl_key }}; ## # Gzip Settings @@ -53,18 +53,18 @@ http { ## push_stream_shared_memory_size 32m; - fastcgi_temp_path $${directory:varnginx} 1 2; - uwsgi_temp_path $${directory:varnginx} 1 2; - scgi_temp_path $${directory:varnginx} 1 2; + fastcgi_temp_path {{ varnginx }} 1 2; + uwsgi_temp_path {{ varnginx }} 1 2; + scgi_temp_path {{ varnginx }} 1 2; - client_body_temp_path $${directory:varnginx} 1 2; - proxy_temp_path $${directory:varnginx} 1 2; + client_body_temp_path {{ varnginx }} 1 2; + proxy_temp_path {{ varnginx }} 1 2; - include $${nginx-configuration:slave-configuration-directory}/*.conf; + include {{ slave_configuration_directory }}/*.conf; server { - listen [$${nginx-configuration:ip}]:$${nginx-configuration:plain_port}; - listen $${nginx-configuration:local_ip}:$${nginx-configuration:plain_port}; + listen [{{ ip }}]:{{ plain_port }}; + listen {{ local_ip }}:{{ plain_port }}; ## Serve an error 204 (No Content) for favicon.ico @@ -73,14 +73,14 @@ http { } location / { - root $${apache-directory:document-root}; + root {{ document_root }}; index notfound.html; } } server { - listen [$${nginx-configuration:ip}]:$${nginx-configuration:port} ssl; - listen $${nginx-configuration:local_ip}:$${nginx-configuration:port} ssl; + listen [{{ ip }}]:{{ port }} ssl; + listen {{ local_ip }}:{{ port }} ssl; ssl on; @@ -96,7 +96,7 @@ http { } location / { - root $${apache-directory:document-root}; + root {{ document_root }}; index notfound.html; } } -- 2.30.9