tls edge support

Rajat Chopra · Rajat Chopra · commit 98b11b090958 · 2017-08-28T19:53:34.000-04:00
add nginx to build local images script
diff --git a/hack/build-local-images.py b/hack/build-local-images.py
@@ -96,6 +96,15 @@
         },
         "files": {}
     },
+    "nginx-router": {
+        "directory": "router/nginx",
+        "binaries": {
+            "openshift": "/usr/bin/openshift"
+        },
+        "files": {
+            ".": "/var/lib/nginx"
+        }
+    },
     "haproxy-router": {
         "directory": "router/haproxy",
         "binaries": {
diff --git a/images/router/nginx/conf/nginx-config.template b/images/router/nginx/conf/nginx-config.template
@@ -4,6 +4,7 @@
     					backend for a route and contains all the endpoints for the service
 */}}
 {{- define "/var/lib/nginx/conf/nginx.config" -}}
+{{- $workingDir := .WorkingDir }}
 #user       www www;  ## Default: nobody
 worker_processes  5;  ## Default: 1
 error_log  /var/lib/nginx/logs/error.log;
@@ -32,10 +33,8 @@ http {
 
 
 {{- range $cfgIdx, $cfg := .State }}
- {{- if (eq $cfg.TLSTermination "") }}
 
-# Plain http backend
-  upstream be_http_{{$cfgIdx}} {
+  upstream be_{{$cfg.Namespace}}_{{$cfg.Name}} {
     {{- range $serviceUnitName, $weight := $cfg.ServiceUnitNames }}
       {{- with $serviceUnit := index $.ServiceUnits $serviceUnitName }}
         {{- range $idx, $endpoint := endpointsForAlias $cfg $serviceUnit }}
@@ -46,15 +45,26 @@ http {
   }
 
   server { # simple load balancing
+ {{- if (eq $cfg.TLSTermination "") }}
     listen          80;
+ {{- else }}
+    listen          443;
+ {{ end -}}
+
     server_name     {{$cfg.Host}};
-    access_log      /var/lib/nginx/logs/be_http_{{$cfgIdx}}.log main;
+ {{- if and (ne $cfg.Host "") (or (eq $cfg.TLSTermination "edge") (eq $cfg.TLSTermination "reencrypt")) -}}
+  {{ $cert := index $cfg.Certificates $cfg.Host -}}
+  {{ if ne $cert.Contents "" }}
+    ssl_certificate     {{$workingDir}}/certs/{{$cfgIdx}}.pem;
+    ssl_certificate_key {{$workingDir}}/certs/{{$cfgIdx}}.pem;
+  {{ end -}}
+ {{ end -}}
+    access_log      /var/lib/nginx/logs/be_{{$cfgIdx}}.log main;
 
     location / {
-      proxy_pass      http://be_http_{{$cfgIdx}};
+      proxy_pass      http://be_{{$cfg.Namespace}}_{{$cfg.Name}};
     }
   }
-  {{ end -}}{{/* end if plain http */}}
 {{ end -}}{{/* end all routes */}}
 }
 {{ end -}}{{/* end config file */}}
diff --git a/images/router/nginx/reload-nginx b/images/router/nginx/reload-nginx
@@ -3,11 +3,8 @@
 set -o nounset
 
 config_file=/var/lib/nginx/conf/nginx.config
-old_pids=$(ps -A -opid,args | grep nginx | egrep -v -e 'grep|reload-nginx' | awk '{print $1}' | tr '\n' ' ')
-
-reload_status=0
-if [ -n "$old_pids" ]; then
-  /usr/sbin/nginx -c ${config_file} -s reload
+if [ -f /var/lib/nginx/logs/nginx.pid ]; then
+/usr/sbin/nginx -c ${config_file} -s reload
   reload_status=$?
 else
   /usr/sbin/nginx -c ${config_file}
