You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by an...@apache.org on 2015/02/03 12:41:38 UTC
[07/17] incubator-brooklyn git commit: nginx support for upstream
https, disable SSLv3
nginx support for upstream https, disable SSLv3
Make the template config closer to the NginxDefaultConfigGenerator, support non-domain config.
Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/80429aaa
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/80429aaa
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/80429aaa
Branch: refs/heads/master
Commit: 80429aaa1dd22fdc9ebb083804d6ed60b9fa9f9b
Parents: b08572f
Author: Svetoslav Neykov <sv...@cloudsoftcorp.com>
Authored: Tue Jan 27 21:58:44 2015 +0200
Committer: Andrea Turli <an...@gmail.com>
Committed: Tue Feb 3 11:25:06 2015 +0100
----------------------------------------------------------------------
.../entity/proxy/nginx/NginxDefaultConfigGenerator.java | 2 ++
.../entity/proxy/nginx/NginxTemplateConfigGenerator.java | 3 +--
.../src/main/resources/brooklyn/entity/proxy/nginx/server.conf | 6 +++++-
3 files changed, 8 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/80429aaa/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxDefaultConfigGenerator.java
----------------------------------------------------------------------
diff --git a/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxDefaultConfigGenerator.java b/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxDefaultConfigGenerator.java
index 7ba069e..1ed7e49 100644
--- a/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxDefaultConfigGenerator.java
+++ b/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxDefaultConfigGenerator.java
@@ -249,6 +249,8 @@ public class NginxDefaultConfigGenerator implements NginxConfigFileGenerator {
out.append(prefix);
out.append("ssl_certificate_key " + key + ";\n");
}
+
+ out.append("ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n");
}
return true;
}
http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/80429aaa/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxTemplateConfigGenerator.java
----------------------------------------------------------------------
diff --git a/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxTemplateConfigGenerator.java b/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxTemplateConfigGenerator.java
index d141ecf..faab7a9 100644
--- a/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxTemplateConfigGenerator.java
+++ b/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxTemplateConfigGenerator.java
@@ -26,7 +26,6 @@ import brooklyn.entity.basic.ConfigKeys;
import brooklyn.entity.proxy.ProxySslConfig;
import brooklyn.util.ResourceUtils;
import brooklyn.util.collections.MutableMap;
-import brooklyn.util.flags.SetFromFlag;
import brooklyn.util.text.Strings;
import brooklyn.util.text.TemplateProcessor;
@@ -39,7 +38,7 @@ import com.google.common.collect.Multimap;
public class NginxTemplateConfigGenerator implements NginxConfigFileGenerator {
public static final ConfigKey<String> SERVER_CONF_TEMPLATE_URL = ConfigKeys.newStringConfigKey(
- "nginx.config.templateUrl", "The server.conf configuration file URL (FreeMarker template)");
+ "nginx.config.templateUrl", "The server.conf configuration file URL (FreeMarker template)", "classpath://brooklyn/entity/proxy/nginx/server.conf");
public NginxTemplateConfigGenerator() { }
http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/80429aaa/software/webapp/src/main/resources/brooklyn/entity/proxy/nginx/server.conf
----------------------------------------------------------------------
diff --git a/software/webapp/src/main/resources/brooklyn/entity/proxy/nginx/server.conf b/software/webapp/src/main/resources/brooklyn/entity/proxy/nginx/server.conf
index 72f38e6..eb34ddb 100644
--- a/software/webapp/src/main/resources/brooklyn/entity/proxy/nginx/server.conf
+++ b/software/webapp/src/main/resources/brooklyn/entity/proxy/nginx/server.conf
@@ -41,13 +41,16 @@ http {
default_type application/octet-stream;
server {
+ [#if entity.domain?has_content]
server_name ${entity.domain};
+ [/#if]
[#if entity.ssl]
# HTTPS setup
listen ${entity.port?c} default ssl;
ssl_certificate ${driver.runDir}/conf/global.crt;
ssl_certificate_key ${driver.runDir}/conf/global.key;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
[#else]
# HTTP setup
listen ${entity.port?c};
@@ -60,7 +63,8 @@ http {
[#if entity.serverPoolAddresses?has_content]
location / {
- proxy_pass http://${entity.id};
+ server_tokens off;
+ proxy_pass http[#if entity.portNumberSensor.name == "https.port"]s[/#if]://${entity.id};
proxy_set_header X-Real-IP [#noparse]$remote_addr[/#noparse];
proxy_set_header X-Forwarded-For [#noparse]$proxy_add_x_forwarded_for[/#noparse];
proxy_set_header Host [#noparse]$http_host[/#noparse];