Configure jwtproxy from stack/conf yaml

2016-04-21 11:40:16 -05:00 · 2016-04-21 11:40:16 -05:00 · da0a988650
commit da0a988650
parent adc86456b5
4 changed files with 29 additions and 6 deletions
--- a/conf/http-base.conf
+++ b/conf/http-base.conf
@ -37,8 +37,8 @@ map $http_x_forwarded_proto $proper_scheme {
 upstream web_app_server {
    server unix:/tmp/gunicorn_web.sock fail_timeout=0;
 }
-upstream jwtproxy {
-    server unix:/tmp/jwtproxy.sock fail_timeout=0;
+upstream jwtproxy_secscan {
+    server unix:/tmp/jwtproxy_secscan.sock fail_timeout=0;
 }
 upstream verbs_app_server {
    server unix:/tmp/gunicorn_verbs.sock fail_timeout=0;
--- a/conf/jwtproxy_conf.yaml.jnj
+++ b/conf/jwtproxy_conf.yaml.jnj
@ -3,11 +3,11 @@ jwtproxy:
    enabled: false
  verifier_proxy:
    enabled: true
-    listen_addr: unix:/tmp/jwtproxy.sock
+    listen_addr: unix:/tmp/jwtproxy_secscan.sock
    verifier:
      upstream: unix:/tmp/gunicorn_web.sock 
-      audience: quay
+      audience: {{ audience }}
      key_server:
        type: keyregistry
        options:
-          registry: unix:/tmp/gunicorn_web.sock 
+          registry: {{ registry }} 
--- a/conf/server-base.conf
+++ b/conf/server-base.conf
@ -50,7 +50,7 @@ location ~ ^/(v1/repositories|v2/auth)/ {
 }

 location /secscan/ {
-    proxy_pass http://jwtproxy;
+    proxy_pass http://jwtproxy_secscan;
 }

 location ~ ^/v2 {