Add support for tuf metadata endpoints

2017-02-13 14:14:44 -05:00 · 2017-02-13 14:14:44 -05:00 · 9affe193db
commit 9affe193db
parent 6436444274
7 changed files with 78 additions and 26 deletions
--- a/conf/nginx/nginx-nossl.conf
+++ b/conf/nginx/nginx-nossl.conf
@ -1,16 +0,0 @@
-# vim: ft=nginx
-
-include root-base.conf;
-
-http {
-    include http-base.conf;
-    include rate-limiting.conf;
-
-    server {
-        include server-base.conf;
-
-        listen 80 default;
-
-        access_log /dev/stdout lb_logs;
-    }
-}
--- a/conf/nginx/nginx.conf.jnj
+++ b/conf/nginx/nginx.conf.jnj
@ -2,6 +2,8 @@

 include root-base.conf;

+{% if use_https %}
+
 http {
    include http-base.conf;
    include hosted-http-base.conf;
@ -48,3 +50,20 @@ http {
        access_log /dev/stdout lb_logs;
    }
 }
+
+{% else %}
+
+http {
+    include http-base.conf;
+    include rate-limiting.conf;
+
+    server {
+        include server-base.conf;
+
+        listen 80 default;
+
+        access_log /dev/stdout lb_logs;
+    }
+}
+
+{% endif %}
--- a/conf/nginx/server-base.conf.jnj
+++ b/conf/nginx/server-base.conf.jnj
@ -79,6 +79,12 @@ location /secscan/ {
    proxy_pass http://jwtproxy_secscan;
 }

+{% if signing_enabled %}
+location ~ ^/v2/(.+)/_trust/tuf/(.*)$ {
+    proxy_pass {{ tuf_server }};
+}
+{% endif %}
+
 location ~ ^/v2 {
    # If we're being accessed via v1.quay.io, pretend we don't support v2.
    if ($host = "v1.quay.io") {