You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@stratos.apache.org by re...@apache.org on 2015/09/03 08:54:32 UTC
[5/8] stratos git commit: fixing nginx SSL handling issue
fixing nginx SSL handling issue
Project: http://git-wip-us.apache.org/repos/asf/stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/c0fdd4ac
Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/c0fdd4ac
Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/c0fdd4ac
Branch: refs/heads/master
Commit: c0fdd4ac9aec897c4899a468271ad52102486397
Parents: 702bcf1
Author: reka <rt...@gmail.com>
Authored: Wed Sep 2 13:11:46 2015 +0530
Committer: reka <rt...@gmail.com>
Committed: Wed Sep 2 13:15:44 2015 +0530
----------------------------------------------------------------------
.../src/main/bin/nginx-extension.sh | 3 +
.../nginx/extension/NginxConfigWriter.java | 143 +++++++++++++------
2 files changed, 101 insertions(+), 45 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0fdd4ac/extensions/load-balancer/modules/nginx-extension/src/main/bin/nginx-extension.sh
----------------------------------------------------------------------
diff --git a/extensions/load-balancer/modules/nginx-extension/src/main/bin/nginx-extension.sh b/extensions/load-balancer/modules/nginx-extension/src/main/bin/nginx-extension.sh
index 5deb433..cf9c820 100755
--- a/extensions/load-balancer/modules/nginx-extension/src/main/bin/nginx-extension.sh
+++ b/extensions/load-balancer/modules/nginx-extension/src/main/bin/nginx-extension.sh
@@ -30,6 +30,9 @@ properties="-Dnginx.private.ip=127.0.0.1
-Dtemplates.path=${script_path}/../templates
-Dtemplates.name=nginx.cfg.template
-Dscripts.path=${script_path}/../scripts
+ -Dnginx.cert.path=/etc/nginx/ssl/server.cert
+ -Dnginx.key.path=/etc/nginx/ssl/server.key
+ -Dnginx.server.names.hash.bucket.size=128
-Dconf.file.path=/tmp/nginx.cfg
-Dstats.socket.file.path=/tmp/nginx-stats.socket
-Dlog4j.properties.file.path=${script_path}/../conf/log4j.properties
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0fdd4ac/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java
----------------------------------------------------------------------
diff --git a/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java b/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java
index 6f6a77c..6efc474 100644
--- a/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java
+++ b/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java
@@ -31,7 +31,9 @@ import java.io.BufferedWriter;
import java.io.FileWriter;
import java.io.IOException;
import java.io.StringWriter;
+import java.util.ArrayList;
import java.util.Collection;
+import java.util.List;
/**
* Nginx load balancer configuration writer.
@@ -60,11 +62,61 @@ public class NginxConfigWriter {
StringBuilder configurationBuilder = new StringBuilder();
+ List<String> availableProtocols = new ArrayList<>();
+
for (Service service : topology.getServices()) {
for (Cluster cluster : service.getClusters()) {
- generateConfigurationForCluster(cluster, configurationBuilder);
+ if ((service.getPorts() == null) || (service.getPorts().size() == 0)) {
+ throw new RuntimeException(String.format("No ports found in service: %s", service.getServiceName()));
+ }
+ for(Port port : service.getPorts()) {
+ if(!availableProtocols.contains(port.getProtocol())) {
+ availableProtocols.add(port.getProtocol());
+ }
+ }
}
}
+ for(String protocol1 : availableProtocols) {
+ if(log.isDebugEnabled()) {
+ log.debug("Available protocols : " + protocol1 + "\n");
+ }
+ }
+ for(String protocol : availableProtocols) {
+ // Start transport block
+ configurationBuilder.append("http").append(" {").append(NEW_LINE);
+ configurationBuilder.append(TAB).append("server_names_hash_bucket_size ").
+ append(System.getProperty("nginx.server.names.hash.bucket.size")).
+ append(";").append(NEW_LINE);
+ for (Service service : topology.getServices()) {
+ for (Cluster cluster : service.getClusters()) {
+ if ((service.getPorts() == null) || (service.getPorts().size() == 0)) {
+ throw new RuntimeException(String.format("No ports found in service: %s",
+ service.getServiceName()));
+ }
+ Port selectedPort = null;
+ for(Port port : service.getPorts()) {
+ if(port.getProtocol().equals(protocol)) {
+ selectedPort = port;
+ }
+ }
+
+ if(selectedPort != null) {
+ if(log.isDebugEnabled()) {
+ log.debug("The selected Port for cluster: " + cluster.getClusterId()
+ + " is " + selectedPort.getValue() + " " +
+ selectedPort.getProtocol() + " " + selectedPort.getProxy());
+ }
+ generateConfigurationForCluster(cluster, selectedPort, configurationBuilder);
+ }
+ }
+ }
+ configurationBuilder.append("}").append(NEW_LINE);
+ if(log.isDebugEnabled()) {
+ log.debug("The generated niginx.conf is: \n" + configurationBuilder.toString());
+ }
+ // End transport block
+ }
+
// Start velocity engine
VelocityEngine ve = new VelocityEngine();
@@ -124,58 +176,59 @@ public class NginxConfigWriter {
* }
* }
* @param cluster
+ * @param port
* @param text
*/
- private void generateConfigurationForCluster(Cluster cluster, StringBuilder text) {
-
- if((cluster.getMembers() == null) || (cluster.getMembers().size() == 0)) {
- return;
- }
-
- // Find port mappings
- Member firstMember = (Member) cluster.getMembers().toArray()[0];
- Collection<Port> ports = firstMember.getPorts();
-
- for (Port port : ports) {
- for (String hostname : cluster.getHostNames()) {
- // Start transport block
- text.append(port.getProtocol()).append(" {").append(NEW_LINE);
-
- // Start upstream block
- text.append(TAB).append("upstream ").append(hostname).append(" {").append(NEW_LINE);
- for (Member member : cluster.getMembers()) {
- // Start upstream server block
- text.append(TAB).append(TAB).append("server ").append(member.getHostName()).append(":")
- .append(port.getValue()).append(";").append(NEW_LINE);
- // End upstream server block
- }
- text.append(TAB).append("}").append(NEW_LINE);
- // End upstream block
-
- // Start server block
- text.append(NEW_LINE);
- text.append(TAB).append("server {").append(NEW_LINE);
+ private void generateConfigurationForCluster(Cluster cluster, Port port, StringBuilder text) {
+
+ for (String hostname : cluster.getHostNames()) {
+ // Start upstream block
+ text.append(TAB).append("upstream ").append(hostname).append(" {").append(NEW_LINE);
+ for (Member member : cluster.getMembers()) {
+ // Start upstream server block
+ text.append(TAB).append(TAB).append("server ").append(member.getHostName()).append(":")
+ .append(port.getValue()).append(";").append(NEW_LINE);
+ // End upstream server block
+ }
+ text.append(TAB).append("}").append(NEW_LINE);
+ // End upstream block
+
+ // Start server block
+ text.append(NEW_LINE);
+ text.append(TAB).append("server {").append(NEW_LINE);
+ if(port.getProtocol().equals("https")) {
+ text.append(TAB).append(TAB).append("listen ").append(port.getProxy()).append(" ssl;").append(NEW_LINE);
+ } else {
text.append(TAB).append(TAB).append("listen ").append(port.getProxy()).append(";").append(NEW_LINE);
- text.append(TAB).append(TAB).append("server_name ").append(hostname).append(";").append(NEW_LINE);
+ }
+ text.append(TAB).append(TAB).append("server_name ").append(hostname).append(";").append(NEW_LINE);
- text.append(TAB).append(TAB).append("location / {").append(NEW_LINE);
+ text.append(TAB).append(TAB).append("location / {").append(NEW_LINE);
+ if(port.getProtocol().equals("https")) {
+ text.append(TAB).append(TAB).append(TAB).append("proxy_pass").append(TAB)
+ .append("https://").append(hostname).append(";").append(NEW_LINE);
+ } else {
text.append(TAB).append(TAB).append(TAB).append("proxy_pass").append(TAB)
.append("http://").append(hostname).append(";").append(NEW_LINE);
- text.append(TAB).append(TAB).append("}").append(NEW_LINE);
-
- text.append(TAB).append(TAB).append("location /nginx_status {").append(NEW_LINE);
- text.append(TAB).append(TAB).append(TAB).append("stub_status on;").append(NEW_LINE);
- text.append(TAB).append(TAB).append(TAB).append("access_log off;").append(NEW_LINE);
- text.append(TAB).append(TAB).append(TAB).append("allow 127.0.0.1;").append(NEW_LINE);
- text.append(TAB).append(TAB).append(TAB).append("deny all;").append(NEW_LINE);
- text.append(TAB).append(TAB).append("}").append(NEW_LINE);
+ }
+ text.append(TAB).append(TAB).append("}").append(NEW_LINE);
+
+ text.append(TAB).append(TAB).append("location /nginx_status {").append(NEW_LINE);
+ text.append(TAB).append(TAB).append(TAB).append("stub_status on;").append(NEW_LINE);
+ text.append(TAB).append(TAB).append(TAB).append("access_log off;").append(NEW_LINE);
+ text.append(TAB).append(TAB).append(TAB).append("allow 127.0.0.1;").append(NEW_LINE);
+ text.append(TAB).append(TAB).append(TAB).append("deny all;").append(NEW_LINE);
+ text.append(TAB).append(TAB).append("}").append(NEW_LINE);
+
+ if(port.getProtocol().equals("https")) {
+ text.append(TAB).append(TAB).append("ssl on;").append(NEW_LINE);
+ text.append(TAB).append(TAB).append("ssl_certificate ").append(System.getProperty("nginx.cert.path")).append (";").append(NEW_LINE);
+ text.append(TAB).append(TAB).append("ssl_certificate_key ").append(System.getProperty("nginx.key.path")).append (";").append(NEW_LINE);
+ }
- text.append(TAB).append("}").append(NEW_LINE);
- // End server block
+ text.append(TAB).append("}").append(NEW_LINE);
+ // End server block
- text.append("}").append(NEW_LINE);
- // End transport block
- }
}
}
}