MIRRORS/layerindex-web
1
0
Fork 0
mirror of git://git.yoctoproject.org/layerindex-web.git synced 2025-07-05 13:14:46 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

dockersetup: update nginx-ssl.conf in update mode

Browse Source 
If the base SSL configuration has been updated, and we then run
dockersetup.py -u then we want the configuration changes to be reflected
in the web server configuration, however that was not happening because
unlike how the other configuration files are handled, nginx-ssl.conf
gets copied and then we modify the copy due to the nature of the edits
made. To fix it, when in update mode, read in the old values from the
modified configuration file and then copy and modify the base
configuration using those values.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
This commit is contained in:
Paul Eggleton 2019-05-01 13:47:32 +12:00
parent 6647131689
commit c0b85ba29c
1 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
dockersetup.py
View File

@ -252,6 +252,32 @@ def edit_dockercompose(hostname, dbpassword, dbapassword, secretkey, rmqpassword
writefile("docker-compose.yml", ''.join(newlines)) writefile("docker-compose.yml", ''.join(newlines))
def read_nginx_ssl_conf(certdir):
hostname = None
https_port = None
certdir = None
certfile = None
keyfile = None
with open('docker/nginx-ssl-edited.conf', 'r') as f:
for line in f:
if 'ssl_certificate ' in line:
certdir, certfile = os.path.split(line.split('ssl_certificate', 1)[1].strip().rstrip(';'))
elif 'ssl_certificate_key ' in line:
keyfile = os.path.basename(line.split('ssl_certificate_key', 1)[1].strip().rstrip(';'))
elif 'server_name ' in line:
sname = line.split('server_name', 1)[1].strip().rstrip(';')
if sname != '_':
hostname = sname
elif 'return 301 https://' in line:
res = re.search(':([0-9]+)', line)
if res:
https_port = res.groups()[0]
ret = (hostname, https_port, certdir, certfile, keyfile)
if None in ret:
sys.stderr.write('Failed to read SSL configuration from nginx-ssl-edited.conf')
sys.exit(1)
return ret
def edit_nginx_ssl_conf(hostname, https_port, certdir, certfile, keyfile): def edit_nginx_ssl_conf(hostname, https_port, certdir, certfile, keyfile):
filedata = readfile('docker/nginx-ssl.conf') filedata = readfile('docker/nginx-ssl.conf')
newlines = [] newlines = []
@ -298,6 +324,17 @@ def edit_settings_py(emailaddr):
writefile("docker/settings.py", ''.join(newlines)) writefile("docker/settings.py", ''.join(newlines))
def read_dockerfile_web():
no_https = True
with open('Dockerfile.web', 'r') as f:
for line in f:
if line.startswith('COPY ') and line.rstrip().endswith('/etc/nginx/nginx.conf'):
if 'nginx-ssl' in line:
no_https = False
break
return no_https
def edit_dockerfile_web(hostname, no_https): def edit_dockerfile_web(hostname, no_https):
filedata = readfile('Dockerfile.web') filedata = readfile('Dockerfile.web')
newlines = [] newlines = []
@ -522,7 +559,13 @@ if not updatemode:
if reinstmode: if reinstmode:
return_code = subprocess.call(['docker-compose', 'down', '-v'], shell=False) return_code = subprocess.call(['docker-compose', 'down', '-v'], shell=False)
if not updatemode: if updatemode:
no_https = read_dockerfile_web()
if not no_https:
container_cert_dir = '/opt/cert'
hostname, https_port, certdir, certfile, keyfile = read_nginx_ssl_conf(container_cert_dir)
edit_nginx_ssl_conf(hostname, https_port, certdir, certfile, keyfile)
else:
if http_proxy: if http_proxy:
edit_gitproxy(proxymod, port) edit_gitproxy(proxymod, port)
if http_proxy or https_proxy: if http_proxy or https_proxy: