openstack/skyline-apiserver
Code Issues Proposed changes

feat: Support both http and https for nginx.conf.j2 template

Browse Source 
By default, if we do not supply the ssl_certfile and ssl_keyfile,
nginx will use http.

Change-Id: Iba86cd119e1aeec892c2b663c994778b63767e3e
This commit is contained in:
Boxiang Zhu 2022-10-21 13:24:40 +08:00
parent fb1d6d8d4b
commit 1393aea120
3 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
container/start_service.sh
View File

@ -13,11 +13,14 @@ if [[ "${!KOLLA_BOOTSTRAP[*]}" ]]; then
exit 0 exit 0
fi fi
GENERATOR_ARGS="--output-file /etc/nginx/nginx.conf"
if [[ -n "${LISTEN_ADDRESS}" ]]; then if [[ -n "${LISTEN_ADDRESS}" ]]; then
skyline-nginx-generator -o /etc/nginx/nginx.conf --listen-address "${LISTEN_ADDRESS}" GENERATOR_ARGS+=" --listen-address ${LISTEN_ADDRESS}"
else
skyline-nginx-generator -o /etc/nginx/nginx.conf
fi fi
if [[ -n "${SSL_CERTFILE}" ]] && [[ -n "${SSL_KEYFILE}" ]]; then
GENERATOR_ARGS+=" --ssl-certfile ${SSL_CERTFILE} --ssl-keyfile ${SSL_KEYFILE}"
fi
skyline-nginx-generator ${GENERATOR_ARGS}
nginx nginx

5
releasenotes/notes/support-http-as-default-5b723ad51c0995fa.yaml Normal file
View File

@ -0,0 +1,5 @@
---
features:
- |
The nginx.conf.j2 support both http and https. By default, if we
do not supply the ssl_certfile and ssl_keyfile, nginx will use http.

10
skyline_apiserver/templates/nginx.conf.j2
View File

@ -25,7 +25,7 @@ http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
{% if ssl_certfile and ssl_keyfile %}
## ##
# SSL Settings # SSL Settings
## ##
@ -34,9 +34,9 @@ http {
# Self signed certs generated by the ssl-cert package # Self signed certs generated by the ssl-cert package
# Don't use them in a production server! # Don't use them in a production server!
ssl_certificate {{ ssl_certfile | default('/etc/ssl/certs/ssl-cert-snakeoil.pem') }}; ssl_certificate {{ ssl_certfile }};
ssl_certificate_key {{ ssl_keyfile | default('/etc/ssl/private/ssl-cert-snakeoil.key') }}; ssl_certificate_key {{ ssl_keyfile }};
{% endif %}
## ##
# Logging Settings # Logging Settings
## ##
@ -69,7 +69,7 @@ http {
# Virtual Host Configs # Virtual Host Configs
## ##
server { server {
listen {{ listen_address | default('0.0.0.0:9999') }} ssl http2 default_server; listen {{ listen_address | default('0.0.0.0:9999') }}{% if ssl_certfile and ssl_keyfile %} ssl http2{% endif %} default_server;
root {{ skyline_console_static_path }}; root {{ skyline_console_static_path }};