Commit 94a47f52 authored by Nicolas Wavrant's avatar Nicolas Wavrant

stak-monitor: nginx server added to provide feed (with ssl)

parent 00360bf0
...@@ -2,8 +2,10 @@ ...@@ -2,8 +2,10 @@
extends = extends =
../../component/dcron/buildout.cfg ../../component/dcron/buildout.cfg
../../component/openssl/buildout.cfg
../../component/nginx/buildout.cfg
parts = parts +=
backup-script-template backup-script-template
collective.recipe.template-egg collective.recipe.template-egg
dcron dcron
...@@ -12,8 +14,10 @@ parts = ...@@ -12,8 +14,10 @@ parts =
make-rss make-rss
monitor-bin monitor-bin
monitor-template monitor-template
nginx
rss-bin rss-bin
slapos-cookbook slapos-cookbook
template-nginx-conf
[collective.recipe.template-egg] [collective.recipe.template-egg]
recipe = zc.recipe.egg recipe = zc.recipe.egg
...@@ -71,12 +75,13 @@ output = $${directory:services}/crond ...@@ -71,12 +75,13 @@ output = $${directory:services}/crond
mode = 0700 mode = 0700
logfile = $${directory:log}/crond.log logfile = $${directory:log}/crond.log
#[status2rss] [template-nginx-conf]
#recipe = slapos.recipe.download recipe = hexagonit.recipe.download
#url = ${:_profile_base_location_}/status2rss.py url = ${:_profile_base_location_}/${:filename}
#md5sum = 916f37f083b1ef391adea2f7a717bf8a download-only = true
#location = ${buildout:parts-directory}/${:_buildout_section_name_}/status2rss.py #md5sum =
#mode = 0644 filename = nginx_rss.conf.in
mode = 0644
[eggs] [eggs]
recipe = z3c.recipe.scripts recipe = z3c.recipe.scripts
......
[slap-parameters]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}
[directory] [directory]
home = $${buildout:directory} home = $${buildout:directory}
etc = $${:home}/etc etc = $${:home}/etc
bin = $${:home}/bin bin = $${:home}/bin
srv = $${:home}/srv
var = $${:home}/var var = $${:home}/var
ca-dir = $${:srv}/ssl
cron-entries = $${:etc}/cron.d cron-entries = $${:etc}/cron.d
crontabs = $${:etc}/crontabs crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps cronstamps = $${:etc}/cronstamps
...@@ -10,6 +21,10 @@ log = $${:var}/log ...@@ -10,6 +21,10 @@ log = $${:var}/log
monitor = $${:etc}/monitor monitor = $${:etc}/monitor
monitor-result = $${:var}/monitor monitor-result = $${:var}/monitor
promise = $${:etc}/promise promise = $${:etc}/promise
run = $${:etc}/run
service = $${:etc}/service/
tmp = $${:home}/tmp
www = $${:var}/www
[cron] [cron]
recipe = slapos.cookbook:cron recipe = slapos.cookbook:cron
...@@ -75,3 +90,73 @@ url = ${make-rss-script:output} ...@@ -75,3 +90,73 @@ url = ${make-rss-script:output}
output = $${directory:bin}/make-rss.sh output = $${directory:bin}/make-rss.sh
#md5sum = #md5sum =
mode = 0744 mode = 0744
[tempdirectory]
recipe = slapos.cookbook:mkdirectory
client_body_temp_path = $${directory:tmp}/client_body_temp_path
proxy_temp_path = $${directory:tmp}/proxy_temp_path
fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path
uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path
scgi_temp_path = $${directory:tmp}/scgi_temp_path
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:service}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}
[ca-nginx]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/nginx_rss.key
cert-file = $${cadirectory:certs}/nginx_rss.crt
executable = $${nginx-parameters:bin_launcher}
wrapper = $${directory:service}/nginx-rss
# Put domain name
name = example.com
[nginx-parameters]
nb_workers = 2
port = 9685
global-ip = $${slap-parameters:ipv6}
# SSL
ssl-certificate = $${ca-nginx:cert-file}
ssl-key = $${ca-nginx:key-file}
# Log
path_pid = $${directory:run}/nginx.pid
path_log = $${directory:log}/nginx.log
path_access_log = $${directory:log}/nginx.access.log
path_error_log = $${directory:log}/nginx.error.log
path_tmp = $${directory:tmp}
# Config files
nginx_conf = $${nginx-conf:rendered}
# Executables
bin_nginx = ${nginx:location}/sbin/nginx
bin_launcher = $${directory:bin}/nginx-launcher
www = $${directory:www}
[nginx-conf]
recipe = slapos.recipe.template:jinja2
template = ${template-nginx-conf:location}/${template-nginx-conf:filename}
rendered = $${directory:etc}/nginx_rss.conf
context =
section param_nginx nginx-parameters
section param_tempdir tempdirectory
[nginx-service]
recipe = slapos.cookbook:wrapper
wrapper-path = $${nginx-parameters:bin_launcher}
command-line = $${nginx-parameters:bin_nginx} -c $${nginx-parameters:nginx_conf}
\ No newline at end of file
worker_processes {{ param_nginx['nb_workers'] }};
pid {{ param_nginx['path_pid'] }};
error_log {{ param_nginx['path_error_log'] }};
daemon off;
events {
worker_connections 1024;
accept_mutex off;
}
http {
default_type application/octet-stream;
access_log {{ param_nginx['path_access_log'] }} combined;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
server {
listen [{{ param_nginx['global-ip'].pop() }}]:{{ param_nginx['port'] }} ssl;
server_name _;
ssl_certificate {{ param_nginx['ssl-certificate'] }};
ssl_certificate_key {{ param_nginx['ssl-key'] }};
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
keepalive_timeout 90s;
client_body_temp_path {{ param_tempdir['client_body_temp_path'] }};
proxy_temp_path {{ param_tempdir['proxy_temp_path'] }};
fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }};
uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }};
scgi_temp_path {{ param_tempdir['scgi_temp_path'] }};
location / {
root {{ param_nginx['www'] }};
}
}
}
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment