diff --git a/conf/init/nginx_conf_create.py b/conf/init/nginx_conf_create.py index 9937c53b0..b76e1a9df 100644 --- a/conf/init/nginx_conf_create.py +++ b/conf/init/nginx_conf_create.py @@ -18,12 +18,18 @@ def write_config(filename, **kwargs): f.write(rendered) -def generate_nginx_config(): +def generate_nginx_config(config): """ Generates nginx config from the app config """ + config = config or {} use_https = os.path.exists(os.path.join(QUAYCONF_DIR, 'stack/ssl.key')) - write_config(os.path.join(QUAYCONF_DIR, 'nginx/nginx.conf'), use_https=use_https) + use_old_certs = os.path.exists(os.path.join(QUAYCONF_DIR, 'stack/ssl.old.key')) + v1_only_domain = config.get('V1_ONLY_DOMAIN', None) + + write_config(os.path.join(QUAYCONF_DIR, 'nginx/nginx.conf'), use_https=use_https, + use_old_certs=use_old_certs, + v1_only_domain=v1_only_domain) def generate_server_config(config): @@ -48,4 +54,4 @@ if __name__ == "__main__": else: config = None generate_server_config(config) - generate_nginx_config() + generate_nginx_config(config) diff --git a/conf/nginx/nginx.conf.jnj b/conf/nginx/nginx.conf.jnj index 67d3374bb..95ae21ff9 100644 --- a/conf/nginx/nginx.conf.jnj +++ b/conf/nginx/nginx.conf.jnj @@ -44,24 +44,6 @@ http { access_log /dev/stdout lb_logs; } - server { - include server-base.conf; - - server_name v1-staging.quay.io; - - ssl_certificate ../stack/ssl.old.cert; - ssl_certificate_key ../stack/ssl.old.key; - - listen 443 ssl; - - ssl on; - - # This header must be set only for HTTPS - add_header Strict-Transport-Security "max-age=63072000; preload"; - - access_log /dev/stdout lb_logs; - } - server { server_name _; @@ -82,10 +64,47 @@ http { } server { - server_name v1.quay.io; + include vhost-traffic-status.conf; + listen 9080 default; + + access_log /dev/stdout lb_logs; + } + +{% if v1_only_domain %} + server { + include server-base.conf; + + server_name {{ v1_only_domain }}; + +{% if use_old_certs %} ssl_certificate ../stack/ssl.old.cert; ssl_certificate_key ../stack/ssl.old.key; +{% else %} + ssl_certificate ../stack/ssl.cert; + ssl_certificate_key ../stack/ssl.key; +{% endif %} + + listen 443 ssl; + + ssl on; + + # This header must be set only for HTTPS + add_header Strict-Transport-Security "max-age=63072000; preload"; + + access_log /dev/stdout lb_logs; + } + + server { + server_name {{ v1_only_domain }}; + +{% if use_old_certs %} + ssl_certificate ../stack/ssl.old.cert; + ssl_certificate_key ../stack/ssl.old.key; +{% else %} + ssl_certificate ../stack/ssl.cert; + ssl_certificate_key ../stack/ssl.key; +{% endif %} include server-base.conf; @@ -99,14 +118,8 @@ http { access_log /dev/stdout lb_logs; } +{% endif %} - server { - include vhost-traffic-status.conf; - - listen 9080 default; - - access_log /dev/stdout lb_logs; - } } {% else %}