From a4c9ad75d30dc450b1e01df833cadb541297d3f3 Mon Sep 17 00:00:00 2001 From: Andy Witter Date: Thu, 20 Jul 2017 14:17:59 -0400 Subject: [PATCH] Add support for nginx proxy --- GenaSYS.sh | 12 ++++++-- templates/apache2/eg.conf | 14 +++++----- templates/nginx/osrf-ws-http-proxy | 56 ++++++++++++++++++++++++++++++++++++++ templates/setup-head.sh | 19 +++++++++++++ 4 files changed, 92 insertions(+), 9 deletions(-) create mode 100644 templates/nginx/osrf-ws-http-proxy diff --git a/GenaSYS.sh b/GenaSYS.sh index c04c180..f7c5c91 100755 --- a/GenaSYS.sh +++ b/GenaSYS.sh @@ -25,8 +25,8 @@ PURPOSE_="Generate config files needed for Evergreen-ILS Cluster" SYNOPSIS_="$NAME_" REQUIRES_="standard GNU commands, apt, dpkg" - VERSION_="1.78" - DATE_="2010-11-23; last update: 2017-06-13" + VERSION_="1.79" + DATE_="2010-11-23; last update: 2017-06-20" AUTHOR_="Andy Witter " URL_="http://evergreen-ils.org" CATEGORY_="devel" @@ -1892,6 +1892,8 @@ for BRICK in $(seq $BRICKCOUNT) eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/sites-enabled eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/mods-available eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/ssl + eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/nginx/sites-available + eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/nginx/sites-enabled eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/init.d eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/munin eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/var/run/evergreen @@ -1926,6 +1928,7 @@ for BRICK in $(seq $BRICKCOUNT) eval sed -i "s^Priv_IP^$(eval echo \$BRICKHOSTNAME${BRICK}_HEAD_IP)^g" ${OUTDIR}/$(eval echo \$BRICKHOSTNAME${BRICK})/$(eval echo \$BRICKHOSTNAME${BRICK})-head/openils/conf/.oils_brick.cfg eval printf 'export\ DRONES\=\(' >> ${OUTDIR}/$(eval echo \$BRICKHOSTNAME${BRICK})/$(eval echo \$BRICKHOSTNAME${BRICK})-head/openils/conf/.oils_brick.cfg eval cp -f $TEMPLATEDIR/apache2/eg.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/sites-available + eval cp -f $TEMPLATEDIR/nginx/osrf-ws-http-proxy ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/nginx/sites-available #eval cp -f $TEMPLATEDIR/apache2/eg_vhost.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2 # no longer configuring mpm_prefork in apache2.conf, has its own config file #eval cp -f $TEMPLATEDIR/apache2/apache2.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2 @@ -1933,6 +1936,7 @@ for BRICK in $(seq $BRICKCOUNT) #eval cp -f $TEMPLATEDIR/apache2/eg_startup ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2 eval cd ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/sites-enabled && ln -s ../sites-available/eg.conf . && \ cd $WD + eval cd ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/nginx/sites-enabled && ln -s ../sites-available/osrf-ws-http-proxy . && cd $WD eval cp -f $TEMPLATEDIR/interfaces ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/network eval cp -f $TMPFOLDER/ntp.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/ eval cp -f $TMPFOLDER/resolv.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/ @@ -2049,6 +2053,8 @@ for BRICK in $(seq $BRICKCOUNT) eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/sites-enabled eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/mods-available eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/ssl + eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/nginx/sites-available + eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/nginx/sites-enabled eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/init.d eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/munin eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/var/run/evergreen @@ -2082,6 +2088,7 @@ for BRICK in $(seq $BRICKCOUNT) eval sed -i "s^Priv_IP^$(eval echo \$BRICKHOSTNAME${BRICK}_HEAD_IP)^g" ${OUTDIR}/$(eval echo \$BRICKHOSTNAME${BRICK})/$(eval echo \$BRICKHOSTNAME${BRICK})-head/openils/conf/.oils_brick.cfg eval printf 'export\ DRONES\=\(' >> ${OUTDIR}/$(eval echo \$BRICKHOSTNAME${BRICK})/$(eval echo \$BRICKHOSTNAME${BRICK})-head/openils/conf/.oils_brick.cfg eval cp -f $TEMPLATEDIR/apache2/eg.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/sites-available + eval cp -f $TEMPLATEDIR/nginx/osrf-ws-http-proxy ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/nginx/sites-available #eval cp -f $TEMPLATEDIR/apache2/eg_vhost.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2 # no longer configuring mpm_prefork in apache2.conf, has its own config file #eval cp -f $TEMPLATEDIR/apache2/apache2.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2 @@ -2089,6 +2096,7 @@ for BRICK in $(seq $BRICKCOUNT) #eval cp -f $TEMPLATEDIR/apache2/eg_startup ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2 eval cd ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/sites-enabled && ln -s ../sites-available/eg.conf . && \ cd $WD + eval cd ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/nginx/sites-enabled && ln -s ../sites-available/osrf-ws-http-proxy . && cd $WD eval cp -f $TEMPLATEDIR/interfaces ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/network eval cp -f $TMPFOLDER/ntp.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/ eval cp -f $TMPFOLDER/resolv.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/ diff --git a/templates/apache2/eg.conf b/templates/apache2/eg.conf index f4c47cd..b0d133d 100755 --- a/templates/apache2/eg.conf +++ b/templates/apache2/eg.conf @@ -100,11 +100,11 @@ ExpiresByType text/css "access plus 50 minutes" # ---------------------------------------------------------------------------------- # Set up our SSL virtual host # ---------------------------------------------------------------------------------- -#Listen 443 - +#Listen 7443 + DocumentRoot "/openils/var/web" - ServerName localhost:443 - ServerAlias 127.0.0.1:443 + ServerName localhost:7443 + ServerAlias 127.0.0.1:7443 SSLEngine on SSLProxyEngine on # required for ErrorDocument 404 on SSL connections SSLHonorCipherOrder On @@ -137,9 +137,9 @@ SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+EC # errors, per http://wiki.apache.org/httpd/InternalDummyConnection # ---------------------------------------------------------------------------------- - - ServerName localhost:80 - ServerAlias 127.0.0.1:80 + + ServerName localhost:7080 + ServerAlias 127.0.0.1:7080 DocumentRoot /openils/var/web/ DirectoryIndex index.html index.xhtml # - absorb the shared virtual host settings diff --git a/templates/nginx/osrf-ws-http-proxy b/templates/nginx/osrf-ws-http-proxy new file mode 100644 index 0000000..d079230 --- /dev/null +++ b/templates/nginx/osrf-ws-http-proxy @@ -0,0 +1,56 @@ +# File /etc/nginx/sites-available/osrf-ws-http-proxy +# +# $ ln -s /etc/nginx/sites-available/osrf-ws-http-proxy \ +# /etc/nginx/sites-enabled/osrf-ws-http-proxy +# $ sudo service nginx restart +# +# Assumes Apache is listening on HTTP=7080 and HTTPS=7443 + +server { + listen 80; + + location / { + proxy_pass http://localhost:7080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +server { + listen 443; + ssl on; + + # Use the same SSL certificate as Apache. + ssl_certificate /etc/apache2/ssl/server.crt; + ssl_certificate_key /etc/apache2/ssl/server.key; + + location / { + proxy_pass https://localhost:7443; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /osrf-websocket-translator { + proxy_pass https://localhost:7682; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Needed for websockets proxying. + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Raise the default nginx proxy timeout values to an arbitrarily + # high value so that we can leverage osrf-websocket-translator's + # timeout settings. + proxy_connect_timeout 5m; + proxy_send_timeout 1h; + proxy_read_timeout 1h; + } +} + + diff --git a/templates/setup-head.sh b/templates/setup-head.sh index fc452b8..6e53c59 100755 --- a/templates/setup-head.sh +++ b/templates/setup-head.sh @@ -148,6 +148,10 @@ a2enmod xmlent a2enmod idlchunk a2disconf serve-cgi-bin +### Move ports to avoid conflict with Nginx +sed -i 's/Listen 80/Listen 7080/g' /etc/apache2/ports.conf +sed -i 's/Listen 443/Listen 7443/g' /etc/apache2/ports.conf + if [ -e /etc/apache2/sites-enabled/000-default.conf ] then a2dissite 000-default.conf @@ -156,6 +160,21 @@ fi ### Configure apache to run as user opensrf. sed -i 's/APACHE_RUN_USER=www-data/APACHE_RUN_USER=opensrf/g' /etc/apache2/envvars +### shutdown apache2 +echo;echo "Stopping apache2 to setup nginx...";sleep 3 +service apache2 stop + +### Install nginx +$APT_TOOL install nginx + +### Setup nginx +if [ -e /etc/nginx/sites-enabled/000-default.conf ] +then + rm -f /etc/nginx/sites-enabled/default +fi + +echo;echo "Starting apache2 after setting up nginx...";sleep 3 +service apache2 start ### Setup database schema... We do this from the head of the first brick. if cat /etc/hostname|grep -q brick01-head then -- 2.11.0