v1 registry flags for nginx server blocks (#3307)

This commit is contained in:
Kenny Lee Sin Cheong 2019-01-15 15:22:59 -05:00 committed by GitHub
parent 6d5ec4eddf
commit bae3a47ee2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 48 additions and 29 deletions

View file

@ -18,12 +18,18 @@ def write_config(filename, **kwargs):
f.write(rendered)
def generate_nginx_config():
def generate_nginx_config(config):
"""
Generates nginx config from the app config
"""
config = config or {}
use_https = os.path.exists(os.path.join(QUAYCONF_DIR, 'stack/ssl.key'))
write_config(os.path.join(QUAYCONF_DIR, 'nginx/nginx.conf'), use_https=use_https)
use_old_certs = os.path.exists(os.path.join(QUAYCONF_DIR, 'stack/ssl.old.key'))
v1_only_domain = config.get('V1_ONLY_DOMAIN', None)
write_config(os.path.join(QUAYCONF_DIR, 'nginx/nginx.conf'), use_https=use_https,
use_old_certs=use_old_certs,
v1_only_domain=v1_only_domain)
def generate_server_config(config):
@ -48,4 +54,4 @@ if __name__ == "__main__":
else:
config = None
generate_server_config(config)
generate_nginx_config()
generate_nginx_config(config)

View file

@ -44,24 +44,6 @@ http {
access_log /dev/stdout lb_logs;
}
server {
include server-base.conf;
server_name v1-staging.quay.io;
ssl_certificate ../stack/ssl.old.cert;
ssl_certificate_key ../stack/ssl.old.key;
listen 443 ssl;
ssl on;
# This header must be set only for HTTPS
add_header Strict-Transport-Security "max-age=63072000; preload";
access_log /dev/stdout lb_logs;
}
server {
server_name _;
@ -82,10 +64,47 @@ http {
}
server {
server_name v1.quay.io;
include vhost-traffic-status.conf;
listen 9080 default;
access_log /dev/stdout lb_logs;
}
{% if v1_only_domain %}
server {
include server-base.conf;
server_name {{ v1_only_domain }};
{% if use_old_certs %}
ssl_certificate ../stack/ssl.old.cert;
ssl_certificate_key ../stack/ssl.old.key;
{% else %}
ssl_certificate ../stack/ssl.cert;
ssl_certificate_key ../stack/ssl.key;
{% endif %}
listen 443 ssl;
ssl on;
# This header must be set only for HTTPS
add_header Strict-Transport-Security "max-age=63072000; preload";
access_log /dev/stdout lb_logs;
}
server {
server_name {{ v1_only_domain }};
{% if use_old_certs %}
ssl_certificate ../stack/ssl.old.cert;
ssl_certificate_key ../stack/ssl.old.key;
{% else %}
ssl_certificate ../stack/ssl.cert;
ssl_certificate_key ../stack/ssl.key;
{% endif %}
include server-base.conf;
@ -99,14 +118,8 @@ http {
access_log /dev/stdout lb_logs;
}
{% endif %}
server {
include vhost-traffic-status.conf;
listen 9080 default;
access_log /dev/stdout lb_logs;
}
}
{% else %}