On Wed, Aug 25, 2021 at 04:55:28PM +0800, Lu Weitao wrote:
[Why] Some clients(chrome|firefox bowser) can't access srv-http like: http://api.compass-ci.openeuler.org/pub because the url will be change as:(it's default behavior of bowser) https://api.compass-ci.openeuler.org/pub
so srv-http need support https access
[How] with start container/srv-http:
check current server exists?: /etc/ssl/certs/web-backend.crt /etc/ssl/certs/web-backend.key | | v v yes no config nginx.conf like: config /nginx.conf like: ... ... listen $port ssl: listen $port; ... | v start nginx in container
Signed-off-by: Lu Weitao luweitaobe@163.com
container/srv-http/docker_run.sh | 9 +++++++++ container/srv-http/root/sbin/entrypoint.sh | 13 ++++++++++++- container/srv-http/start-cci | 2 ++ container/srv-http/start-git | 2 ++ container/srv-http/start-initrd | 2 ++ container/srv-http/start-os | 2 ++ container/srv-http/start-pub | 2 ++ container/srv-http/start-result | 2 ++ container/srv-http/start-rpm | 2 ++ 9 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 container/srv-http/docker_run.sh
diff --git a/container/srv-http/docker_run.sh b/container/srv-http/docker_run.sh new file mode 100644 index 00000000..fcd9083d --- /dev/null +++ b/container/srv-http/docker_run.sh @@ -0,0 +1,9 @@ +#!/bin/bash +# SPDX-License-Identifier: MulanPSL-2.0+ +# Copyright (c) 2020 Huawei Technologies Co., Ltd. All rights reserved.
+mount_ssl(){
- if [ -f "/etc/ssl/certs/web-backend.key" ] && [ -f "/etc/ssl/certs/web-backend.crt" ]; then
echo "-v /etc/ssl/certs:/opt/cert"- fi
defined var: ssl_path="/etc/ssl/certs/" , avoid long contents;
+} diff --git a/container/srv-http/root/sbin/entrypoint.sh b/container/srv-http/root/sbin/entrypoint.sh index ced6eda5..d0d354c2 100755 --- a/container/srv-http/root/sbin/entrypoint.sh +++ b/container/srv-http/root/sbin/entrypoint.sh @@ -1,6 +1,17 @@ #!/bin/sh
-sed -i "s/listen 11300;/listen $LISTEN_PORT;/g" /etc/nginx/conf.d/default.conf +ssl_conf="\ ssl_certificate /opt/cert/web-backend.crt;\n\
- ssl_certificate_key /opt/cert/web-backend.key;\n\
- ssl_session_timeout 5m;\n\
- ssl_ciphers BCDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;\n\
- ssl_prefer_server_ciphers on;\n"
+if [ -f "/opt/cert/web-backend.key" ] && [ -f "/opt/cert/web-backend.crt" ]; then
- sed -i "s/listen 11300;/listen $LISTEN_PORT ssl;/g" /etc/nginx/conf.d/default.conf
- sed -i "/server_name/a $ssl_conf" /etc/nginx/conf.d/default.conf
+else
- sed -i "s/listen 11300;/listen $LISTEN_PORT;/g" /etc/nginx/conf.d/default.conf
+fi
perhaps modify like this:
listen="$LISTEN_PORT"
if [ -f "/opt/cert/web-backend.key" ] && [ -f "/opt/cert/web-backend.crt" ]; then listen="$listen ssl" sed -i "/server_name/a $ssl_conf" /etc/nginx/conf.d/default.conf fi
sed -i "s/listen 11300;/listen $listen;/g" /etc/nginx/conf.d/default.conf
Thanks, Liushaofei
nginx /usr/sbin/php-fpm7 diff --git a/container/srv-http/start-cci b/container/srv-http/start-cci index aa539d20..1f160f44 100755 --- a/container/srv-http/start-cci +++ b/container/srv-http/start-cci @@ -3,6 +3,7 @@ # Copyright (c) 2020 Huawei Technologies Co., Ltd. All rights reserved.
. $CCI_SRC/container/defconfig.sh +. ./docker_run.sh docker_rm srv-http-cci
cmd=( @@ -13,6 +14,7 @@ cmd=( -p 20011:20011 -v /srv/cci/libvirt-xml:/srv/cci/libvirt-xml:ro -v /etc/localtime:/etc/localtime:ro
- $(mount_ssl) -d srv-http
) diff --git a/container/srv-http/start-git b/container/srv-http/start-git index 0b0ff477..5851af6f 100755 --- a/container/srv-http/start-git +++ b/container/srv-http/start-git @@ -3,6 +3,7 @@ # Copyright (c) 2020 Huawei Technologies Co., Ltd. All rights reserved.
. $CCI_SRC/container/defconfig.sh +. ./docker_run.sh docker_rm srv-http-git
cmd=( @@ -13,6 +14,7 @@ cmd=( -p 20010:20010 -v /srv/git/archlinux:/srv/git/archlinux:ro -v /etc/localtime:/etc/localtime:ro
- $(mount_ssl) -d srv-http
) diff --git a/container/srv-http/start-initrd b/container/srv-http/start-initrd index 41958da2..c8e7eded 100755 --- a/container/srv-http/start-initrd +++ b/container/srv-http/start-initrd @@ -3,6 +3,7 @@ # Copyright (c) 2020 Huawei Technologies Co., Ltd. All rights reserved.
. $CCI_SRC/container/defconfig.sh +. ./docker_run.sh docker_rm srv-http-initrd
cmd=( @@ -17,6 +18,7 @@ cmd=( -v /srv/initrd/osimage:/srv/initrd/osimage:ro -v /srv/initrd/deps:/srv/initrd/deps:ro -v /etc/localtime:/etc/localtime:ro
- $(mount_ssl) -d srv-http
) diff --git a/container/srv-http/start-os b/container/srv-http/start-os index 5b63902e..c2012397 100755 --- a/container/srv-http/start-os +++ b/container/srv-http/start-os @@ -3,6 +3,7 @@ # Copyright (c) 2020 Huawei Technologies Co., Ltd. All rights reserved.
. $CCI_SRC/container/defconfig.sh +. ./docker_run.sh docker_rm srv-http-os
cmd=( @@ -13,6 +14,7 @@ cmd=( -p 20009:20009 -v /srv/os:/srv/os:ro -v /etc/localtime:/etc/localtime:ro
- $(mount_ssl) -d srv-http
) diff --git a/container/srv-http/start-pub b/container/srv-http/start-pub index 6dfd5a44..2224737e 100755 --- a/container/srv-http/start-pub +++ b/container/srv-http/start-pub @@ -3,6 +3,7 @@ # Copyright (c) 2020 Huawei Technologies Co., Ltd. All rights reserved.
. $CCI_SRC/container/defconfig.sh +. ./docker_run.sh docker_rm srv-http-pub
cmd=( @@ -13,6 +14,7 @@ cmd=( -p 20006:20006 -v /srv/pub:/srv/pub:ro -v /etc/localtime:/etc/localtime:ro
- $(mount_ssl) -d srv-http
) diff --git a/container/srv-http/start-result b/container/srv-http/start-result index 32bdf7df..c9e0eac2 100755 --- a/container/srv-http/start-result +++ b/container/srv-http/start-result @@ -3,6 +3,7 @@ # Copyright (c) 2020 Huawei Technologies Co., Ltd. All rights reserved.
. $CCI_SRC/container/defconfig.sh +. ./docker_run.sh docker_rm srv-http-result
cmd=( @@ -13,6 +14,7 @@ cmd=( -p 20007:20007 -v /srv/result:/srv/result:ro -v /etc/localtime:/etc/localtime:ro
- $(mount_ssl) -d srv-http
) diff --git a/container/srv-http/start-rpm b/container/srv-http/start-rpm index 2d38298c..62fb1385 100755 --- a/container/srv-http/start-rpm +++ b/container/srv-http/start-rpm @@ -3,6 +3,7 @@ # Copyright (c) 2020 Huawei Technologies Co., Ltd. All rights reserved.
. $CCI_SRC/container/defconfig.sh +. ./docker_run.sh docker_rm srv-http-rpm
cmd=( @@ -13,6 +14,7 @@ cmd=( -p 20012:20012 -v /srv/rpm/pub:/srv/rpm/pub:ro -v /etc/localtime:/etc/localtime:ro
- $(mount_ssl) -d srv-http
)
2.23.0
-
Liu Shaofei