v1 registry flags for nginx server blocks (#3307)
This commit is contained in:
parent
6d5ec4eddf
commit
bae3a47ee2
2 changed files with 48 additions and 29 deletions
|
@ -18,12 +18,18 @@ def write_config(filename, **kwargs):
|
|||
f.write(rendered)
|
||||
|
||||
|
||||
def generate_nginx_config():
|
||||
def generate_nginx_config(config):
|
||||
"""
|
||||
Generates nginx config from the app config
|
||||
"""
|
||||
config = config or {}
|
||||
use_https = os.path.exists(os.path.join(QUAYCONF_DIR, 'stack/ssl.key'))
|
||||
write_config(os.path.join(QUAYCONF_DIR, 'nginx/nginx.conf'), use_https=use_https)
|
||||
use_old_certs = os.path.exists(os.path.join(QUAYCONF_DIR, 'stack/ssl.old.key'))
|
||||
v1_only_domain = config.get('V1_ONLY_DOMAIN', None)
|
||||
|
||||
write_config(os.path.join(QUAYCONF_DIR, 'nginx/nginx.conf'), use_https=use_https,
|
||||
use_old_certs=use_old_certs,
|
||||
v1_only_domain=v1_only_domain)
|
||||
|
||||
|
||||
def generate_server_config(config):
|
||||
|
@ -48,4 +54,4 @@ if __name__ == "__main__":
|
|||
else:
|
||||
config = None
|
||||
generate_server_config(config)
|
||||
generate_nginx_config()
|
||||
generate_nginx_config(config)
|
||||
|
|
|
@ -44,24 +44,6 @@ http {
|
|||
access_log /dev/stdout lb_logs;
|
||||
}
|
||||
|
||||
server {
|
||||
include server-base.conf;
|
||||
|
||||
server_name v1-staging.quay.io;
|
||||
|
||||
ssl_certificate ../stack/ssl.old.cert;
|
||||
ssl_certificate_key ../stack/ssl.old.key;
|
||||
|
||||
listen 443 ssl;
|
||||
|
||||
ssl on;
|
||||
|
||||
# This header must be set only for HTTPS
|
||||
add_header Strict-Transport-Security "max-age=63072000; preload";
|
||||
|
||||
access_log /dev/stdout lb_logs;
|
||||
}
|
||||
|
||||
server {
|
||||
server_name _;
|
||||
|
||||
|
@ -82,10 +64,47 @@ http {
|
|||
}
|
||||
|
||||
server {
|
||||
server_name v1.quay.io;
|
||||
include vhost-traffic-status.conf;
|
||||
|
||||
listen 9080 default;
|
||||
|
||||
access_log /dev/stdout lb_logs;
|
||||
}
|
||||
|
||||
{% if v1_only_domain %}
|
||||
server {
|
||||
include server-base.conf;
|
||||
|
||||
server_name {{ v1_only_domain }};
|
||||
|
||||
{% if use_old_certs %}
|
||||
ssl_certificate ../stack/ssl.old.cert;
|
||||
ssl_certificate_key ../stack/ssl.old.key;
|
||||
{% else %}
|
||||
ssl_certificate ../stack/ssl.cert;
|
||||
ssl_certificate_key ../stack/ssl.key;
|
||||
{% endif %}
|
||||
|
||||
listen 443 ssl;
|
||||
|
||||
ssl on;
|
||||
|
||||
# This header must be set only for HTTPS
|
||||
add_header Strict-Transport-Security "max-age=63072000; preload";
|
||||
|
||||
access_log /dev/stdout lb_logs;
|
||||
}
|
||||
|
||||
server {
|
||||
server_name {{ v1_only_domain }};
|
||||
|
||||
{% if use_old_certs %}
|
||||
ssl_certificate ../stack/ssl.old.cert;
|
||||
ssl_certificate_key ../stack/ssl.old.key;
|
||||
{% else %}
|
||||
ssl_certificate ../stack/ssl.cert;
|
||||
ssl_certificate_key ../stack/ssl.key;
|
||||
{% endif %}
|
||||
|
||||
include server-base.conf;
|
||||
|
||||
|
@ -99,14 +118,8 @@ http {
|
|||
|
||||
access_log /dev/stdout lb_logs;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
server {
|
||||
include vhost-traffic-status.conf;
|
||||
|
||||
listen 9080 default;
|
||||
|
||||
access_log /dev/stdout lb_logs;
|
||||
}
|
||||
}
|
||||
|
||||
{% else %}
|
||||
|
|
Reference in a new issue