Unix socket for the nginx and gunicorn communication (#3411)

npalaska · web-flow · commit 87822ef7b254 · 2023-05-02T09:49:28.000-04:00
* Unix socket for the nginx and gunicorn communication

To avoid employing SSL certificates in NGINX and gunicorn
we need to make them communicate over unix socket and not
over TCP port.

PBENCH-1139
diff --git a/lib/pbench/cli/server/shell.py b/lib/pbench/cli/server/shell.py
@@ -53,8 +53,6 @@ def run_gunicorn(server_config: PbenchServerConfig, logger: Logger) -> int:
     if site.ENABLE_USER_SITE:
         find_the_unicorn(logger)
     try:
-        host = server_config.get("pbench-server", "bind_host")
-        port = str(server_config.get("pbench-server", "bind_port"))
         db_uri = server_config.get("database", "uri")
         db_wait_timeout = int(server_config.get("database", "wait_timeout"))
         es_uri = server_config.get("Indexing", "uri")
@@ -158,7 +156,7 @@ def run_gunicorn(server_config: PbenchServerConfig, logger: Logger) -> int:
         "--pid",
         "/run/pbench-server/gunicorn.pid",
         "--bind",
-        f"{host}:{port}",
+        "unix:/run/pbench-server/pbench-server.sock",
         "--log-syslog",
         "--log-syslog-prefix",
         "pbench-server",
diff --git a/lib/pbench/test/unit/server/test_shell_cli.py b/lib/pbench/test/unit/server/test_shell_cli.py
@@ -138,7 +138,7 @@ def run(args, cwd: Optional[str] = None) -> subprocess.CompletedProcess:
             "--pid",
             "/run/pbench-server/gunicorn.pid",
             "--bind",
-            "0.0.0.0:8001",
+            "unix:/run/pbench-server/pbench-server.sock",
             "--log-syslog",
             "--log-syslog-prefix",
             "pbench-server",
@@ -311,8 +311,6 @@ def get_server_config() -> PbenchServerConfig:
     @pytest.mark.parametrize(
         "option",
         [
-            "bind_host",
-            "bind_port",
             "uri",
             "wait_timeout",
             "workers",
diff --git a/server/lib/config/nginx.conf b/server/lib/config/nginx.conf
@@ -105,7 +105,7 @@ http {
                 return 597;
             }
 
-            proxy_pass               http://127.0.0.1:8001;
+            proxy_pass               http://unix:/run/pbench-server/pbench-server.sock;
             proxy_redirect           off;
             proxy_connect_timeout    20s;
             proxy_read_timeout       120s;
diff --git a/server/lib/config/pbench-server-default.cfg b/server/lib/config/pbench-server-default.cfg
@@ -53,8 +53,6 @@ pbench-local-dir = %(pbench-top-dir)s
 pbench-tmp-dir = %(pbench-local-dir)s/tmp
 
 # pbench-server rest api variables
-bind_host = 0.0.0.0
-bind_port = 8001
 rest_version = 1
 rest_uri = /api/v%(rest_version)s
 

Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ http {`
`105`	`105`	`return 597;`
`106`	`106`	`}`
`107`	`107`
`108`		`- proxy_pass http://127.0.0.1:8001;`
	`108`	`+ proxy_pass http://unix:/run/pbench-server/pbench-server.sock;`
`109`	`109`	`proxy_redirect off;`
`110`	`110`	`proxy_connect_timeout 20s;`
`111`	`111`	`proxy_read_timeout 120s;`