fixing nginx template with SSL keys and certs
Project: http://git-wip-us.apache.org/repos/asf/stratos/repo Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/6911c914 Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/6911c914 Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/6911c914 Branch: refs/heads/stratos-4.1.x Commit: 6911c914fc03333e3d2ce0ee2612d1d63119b4a0 Parents: 9051bdd Author: reka <[email protected]> Authored: Mon Oct 5 11:50:24 2015 +0530 Committer: reka <[email protected]> Committed: Mon Oct 5 11:50:24 2015 +0530 ---------------------------------------------------------------------- .../nginx/extension/NginxConfigWriter.java | 125 ++----------------- .../src/main/templates/nginx.cfg.template | 7 +- 2 files changed, 13 insertions(+), 119 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/stratos/blob/6911c914/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java ---------------------------------------------------------------------- diff --git a/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java b/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java index 8617d13..1ffd434 100644 --- a/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java +++ b/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java @@ -31,7 +31,6 @@ import java.io.BufferedWriter; import java.io.FileWriter; import java.io.IOException; import java.io.StringWriter; -import java.lang.reflect.Array; import java.util.*; /** @@ -121,7 +120,7 @@ public class NginxConfigWriter { for (Service service : topology.getServices()) { for (Cluster cluster : service.getClusters()) { Map<String, List> existingHostNameToServerMap = hostnameToPortMap. - get(String.valueOf(availPort.getProxy())); + get(String.valueOf(availPort.getProxy())); if(existingHostNameToServerMap == null) { existingHostNameToServerMap = new HashMap<String, List>(); } @@ -213,127 +212,19 @@ public class NginxConfigWriter { List<String> serverList = new ArrayList<String>(); existingHostNameToServerMap.put(hostname, serverList); } - // Start upstream server block - existingHostNameToServerMap.get(hostname).add(member.getHostName() + ":" + - selectedPort.getValue()); + // Adding member to hostname map against specific port + // that should contain this particular member + List<String> ipPortMapping = existingHostNameToServerMap.get(hostname); + String server = member.getHostName() + ":" + selectedPort.getValue(); - } - } - } - } - } - - /** - * Generate configuration for a cluster with the following format: - * <p/> - * <transport> { - * upstream <cluster-hostname> { - * server <hostname>:<port>; - * server <hostname>:<port>; - * } - * server { - * listen <proxy-port>; - * server_name <cluster-hostname>; - * location / { - * proxy_pass http://<cluster-hostname> - * } - * location /nginx_status { - * stub_status on; - * access_log off; - * allow 127.0.0.1; - * deny all; - * } - * } - * } - * - * @param cluster - * @param availPort - * @param text - */ - private void generateConfigurationForCluster(Cluster cluster, Port availPort, StringBuilder text) { - - for (String hostname : cluster.getHostNames()) { - boolean memberFound = false; - //Checking whether at-least one member is available to create - // the upstream and server blocks - for (Member member : cluster.getMembers()) { - Collection<Port> ports = member.getPorts(); - for (Port port : ports) { - if ((port.getProtocol().equals(availPort.getProtocol())) && - (port.getProxy() == availPort.getProxy())) { - memberFound = true; - break; - } - } - if(memberFound) { - break; - } - } - if(memberFound) { - // Start upstream block - text.append(TAB).append("upstream ").append(hostname).append(" {").append(NEW_LINE); - for (Member member : cluster.getMembers()) { - Port selectedPort = null; - Collection<Port> ports = member.getPorts(); - for (Port port : ports) { - if ((port.getProtocol().equals(availPort.getProtocol())) && - (port.getProxy() == availPort.getProxy())) { - selectedPort = port; - break; + if(!ipPortMapping.contains(server)) { + ipPortMapping.add(server); } - } - if (selectedPort != null) { - if (log.isDebugEnabled()) { - log.debug("The selected Port for cluster: " + cluster.getClusterId() - + " is " + selectedPort.getValue() + " " + - selectedPort.getProtocol() + " " + selectedPort.getProxy()); - } - // Start upstream server block - text.append(TAB).append(TAB).append("server ").append(member.getHostName()).append(":") - .append(selectedPort.getValue()).append(";").append(NEW_LINE); - // End upstream server block } } - text.append(TAB).append("}").append(NEW_LINE); - // End upstream block - - // Start server block - text.append(NEW_LINE); - text.append(TAB).append("server {").append(NEW_LINE); - if (availPort.getProtocol().equals("https")) { - text.append(TAB).append(TAB).append("listen ").append(availPort.getProxy()).append(" ssl;").append(NEW_LINE); - } else { - text.append(TAB).append(TAB).append("listen ").append(availPort.getProxy()).append(";").append(NEW_LINE); - } - text.append(TAB).append(TAB).append("server_name ").append(hostname).append(";").append(NEW_LINE); - - text.append(TAB).append(TAB).append("location / {").append(NEW_LINE); - if (availPort.getProtocol().equals("https")) { - text.append(TAB).append(TAB).append(TAB).append("proxy_pass").append(TAB) - .append("https://";).append(hostname).append(";").append(NEW_LINE); - } else { - text.append(TAB).append(TAB).append(TAB).append("proxy_pass").append(TAB) - .append("http://";).append(hostname).append(";").append(NEW_LINE); - } - text.append(TAB).append(TAB).append("}").append(NEW_LINE); - - text.append(TAB).append(TAB).append("location /nginx_status {").append(NEW_LINE); - text.append(TAB).append(TAB).append(TAB).append("stub_status on;").append(NEW_LINE); - text.append(TAB).append(TAB).append(TAB).append("access_log off;").append(NEW_LINE); - text.append(TAB).append(TAB).append(TAB).append("allow 127.0.0.1;").append(NEW_LINE); - text.append(TAB).append(TAB).append(TAB).append("deny all;").append(NEW_LINE); - text.append(TAB).append(TAB).append("}").append(NEW_LINE); - - if (availPort.getProtocol().equals("https")) { - text.append(TAB).append(TAB).append("ssl on;").append(NEW_LINE); - text.append(TAB).append(TAB).append("ssl_certificate ").append(System.getProperty("nginx.cert.path")).append(";").append(NEW_LINE); - text.append(TAB).append(TAB).append("ssl_certificate_key ").append(System.getProperty("nginx.key.path")).append(";").append(NEW_LINE); - } - - text.append(TAB).append("}").append(NEW_LINE); - // End server block } } } + } http://git-wip-us.apache.org/repos/asf/stratos/blob/6911c914/extensions/load-balancer/modules/nginx-extension/src/main/templates/nginx.cfg.template ---------------------------------------------------------------------- diff --git a/extensions/load-balancer/modules/nginx-extension/src/main/templates/nginx.cfg.template b/extensions/load-balancer/modules/nginx-extension/src/main/templates/nginx.cfg.template index 3d4bbd7..a26467e 100644 --- a/extensions/load-balancer/modules/nginx-extension/src/main/templates/nginx.cfg.template +++ b/extensions/load-balancer/modules/nginx-extension/src/main/templates/nginx.cfg.template @@ -32,7 +32,11 @@ http { proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; + #if ($port.protocol == "https") + proxy_pass https://$hostname; + #else proxy_pass http://$hostname; + #end } location /nginx_status { stub_status on; @@ -44,9 +48,8 @@ http { ssl on; ssl_certificate /etc/nginx/ssl/server.cert; ssl_certificate_key /etc/nginx/ssl/server.key; - #end + } #end } #end -
