You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by an...@apache.org on 2015/02/03 12:41:38 UTC

[07/17] incubator-brooklyn git commit: nginx support for upstream https, disable SSLv3

nginx support for upstream https, disable SSLv3

Make the template config closer to the NginxDefaultConfigGenerator, support non-domain config.


Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/80429aaa
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/80429aaa
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/80429aaa

Branch: refs/heads/master
Commit: 80429aaa1dd22fdc9ebb083804d6ed60b9fa9f9b
Parents: b08572f
Author: Svetoslav Neykov <sv...@cloudsoftcorp.com>
Authored: Tue Jan 27 21:58:44 2015 +0200
Committer: Andrea Turli <an...@gmail.com>
Committed: Tue Feb 3 11:25:06 2015 +0100

----------------------------------------------------------------------
 .../entity/proxy/nginx/NginxDefaultConfigGenerator.java        | 2 ++
 .../entity/proxy/nginx/NginxTemplateConfigGenerator.java       | 3 +--
 .../src/main/resources/brooklyn/entity/proxy/nginx/server.conf | 6 +++++-
 3 files changed, 8 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/80429aaa/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxDefaultConfigGenerator.java
----------------------------------------------------------------------
diff --git a/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxDefaultConfigGenerator.java b/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxDefaultConfigGenerator.java
index 7ba069e..1ed7e49 100644
--- a/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxDefaultConfigGenerator.java
+++ b/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxDefaultConfigGenerator.java
@@ -249,6 +249,8 @@ public class NginxDefaultConfigGenerator implements NginxConfigFileGenerator {
                 out.append(prefix);
                 out.append("ssl_certificate_key " + key + ";\n");
             }
+
+            out.append("ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n");
         }
         return true;
     }

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/80429aaa/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxTemplateConfigGenerator.java
----------------------------------------------------------------------
diff --git a/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxTemplateConfigGenerator.java b/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxTemplateConfigGenerator.java
index d141ecf..faab7a9 100644
--- a/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxTemplateConfigGenerator.java
+++ b/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxTemplateConfigGenerator.java
@@ -26,7 +26,6 @@ import brooklyn.entity.basic.ConfigKeys;
 import brooklyn.entity.proxy.ProxySslConfig;
 import brooklyn.util.ResourceUtils;
 import brooklyn.util.collections.MutableMap;
-import brooklyn.util.flags.SetFromFlag;
 import brooklyn.util.text.Strings;
 import brooklyn.util.text.TemplateProcessor;
 
@@ -39,7 +38,7 @@ import com.google.common.collect.Multimap;
 public class NginxTemplateConfigGenerator implements NginxConfigFileGenerator {
 
     public static final ConfigKey<String> SERVER_CONF_TEMPLATE_URL = ConfigKeys.newStringConfigKey(
-            "nginx.config.templateUrl", "The server.conf configuration file URL (FreeMarker template)");
+            "nginx.config.templateUrl", "The server.conf configuration file URL (FreeMarker template)", "classpath://brooklyn/entity/proxy/nginx/server.conf");
 
     public NginxTemplateConfigGenerator() { }
 

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/80429aaa/software/webapp/src/main/resources/brooklyn/entity/proxy/nginx/server.conf
----------------------------------------------------------------------
diff --git a/software/webapp/src/main/resources/brooklyn/entity/proxy/nginx/server.conf b/software/webapp/src/main/resources/brooklyn/entity/proxy/nginx/server.conf
index 72f38e6..eb34ddb 100644
--- a/software/webapp/src/main/resources/brooklyn/entity/proxy/nginx/server.conf
+++ b/software/webapp/src/main/resources/brooklyn/entity/proxy/nginx/server.conf
@@ -41,13 +41,16 @@ http {
     default_type                    application/octet-stream;
 
     server {
+        [#if entity.domain?has_content]
         server_name                 ${entity.domain};
+        [/#if]
 
         [#if entity.ssl]
         # HTTPS setup
         listen                      ${entity.port?c} default ssl;
         ssl_certificate             ${driver.runDir}/conf/global.crt;
         ssl_certificate_key         ${driver.runDir}/conf/global.key;
+        ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
         [#else]
         # HTTP setup
         listen                      ${entity.port?c};
@@ -60,7 +63,8 @@ http {
 
         [#if entity.serverPoolAddresses?has_content]
         location / {
-            proxy_pass              http://${entity.id};
+            server_tokens off;
+            proxy_pass              http[#if entity.portNumberSensor.name == "https.port"]s[/#if]://${entity.id};
             proxy_set_header        X-Real-IP [#noparse]$remote_addr[/#noparse];
             proxy_set_header        X-Forwarded-For [#noparse]$proxy_add_x_forwarded_for[/#noparse];
             proxy_set_header        Host [#noparse]$http_host[/#noparse];