diff --git a/container/start_service.sh b/container/start_service.sh index 224b192..27100ec 100755 --- a/container/start_service.sh +++ b/container/start_service.sh @@ -13,11 +13,14 @@ if [[ "${!KOLLA_BOOTSTRAP[*]}" ]]; then exit 0 fi +GENERATOR_ARGS="--output-file /etc/nginx/nginx.conf" if [[ -n "${LISTEN_ADDRESS}" ]]; then - skyline-nginx-generator -o /etc/nginx/nginx.conf --listen-address "${LISTEN_ADDRESS}" -else - skyline-nginx-generator -o /etc/nginx/nginx.conf + GENERATOR_ARGS+=" --listen-address ${LISTEN_ADDRESS}" fi +if [[ -n "${SSL_CERTFILE}" ]] && [[ -n "${SSL_KEYFILE}" ]]; then + GENERATOR_ARGS+=" --ssl-certfile ${SSL_CERTFILE} --ssl-keyfile ${SSL_KEYFILE}" +fi +skyline-nginx-generator ${GENERATOR_ARGS} nginx diff --git a/releasenotes/notes/support-http-as-default-5b723ad51c0995fa.yaml b/releasenotes/notes/support-http-as-default-5b723ad51c0995fa.yaml new file mode 100644 index 0000000..a66ca50 --- /dev/null +++ b/releasenotes/notes/support-http-as-default-5b723ad51c0995fa.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The nginx.conf.j2 support both http and https. By default, if we + do not supply the ssl_certfile and ssl_keyfile, nginx will use http. diff --git a/skyline_apiserver/templates/nginx.conf.j2 b/skyline_apiserver/templates/nginx.conf.j2 index 11f0bbc..ed7e3e5 100644 --- a/skyline_apiserver/templates/nginx.conf.j2 +++ b/skyline_apiserver/templates/nginx.conf.j2 @@ -25,7 +25,7 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - + {% if ssl_certfile and ssl_keyfile %} ## # SSL Settings ## @@ -34,9 +34,9 @@ http { # Self signed certs generated by the ssl-cert package # Don't use them in a production server! - ssl_certificate {{ ssl_certfile | default('/etc/ssl/certs/ssl-cert-snakeoil.pem') }}; - ssl_certificate_key {{ ssl_keyfile | default('/etc/ssl/private/ssl-cert-snakeoil.key') }}; - + ssl_certificate {{ ssl_certfile }}; + ssl_certificate_key {{ ssl_keyfile }}; + {% endif %} ## # Logging Settings ## @@ -69,7 +69,7 @@ http { # Virtual Host Configs ## server { - listen {{ listen_address | default('0.0.0.0:9999') }} ssl http2 default_server; + listen {{ listen_address | default('0.0.0.0:9999') }}{% if ssl_certfile and ssl_keyfile %} ssl http2{% endif %} default_server; root {{ skyline_console_static_path }};