diff options
author | Milo Casagrande <milo.casagrande@linaro.org> | 2015-05-13 15:10:41 +0200 |
---|---|---|
committer | Milo Casagrande <milo.casagrande@linaro.org> | 2015-05-13 15:10:41 +0200 |
commit | 8deea6d900624a3555ea4c273b8e2c1530a68b24 (patch) | |
tree | fbaa696359dea09d9130ebb6f0231e836365bee6 | |
parent | 80a8bd071fac122b9c41f1a2487a1c52156c1ce2 (diff) |
ansible: Fix problem with nginx configuration.
* When trying to access the json schema resources, the nginx
configuration was serving those files through the backend
proxy, resulting in 404 errors.
* Treat the /upload API as a different location, since it cannot
be limited to some sort of files, and treat the other API
resources in a dedicated location (where we exclude files like
html, json, css...).
* Create custom nginx configuration snippets to be imported where
necessary.
5 files changed, 76 insertions, 26 deletions
diff --git a/ansible/roles/configure-nginx/files/backend-maintenance.conf b/ansible/roles/configure-nginx/files/backend-maintenance.conf new file mode 100644 index 0000000..9bd7065 --- /dev/null +++ b/ansible/roles/configure-nginx/files/backend-maintenance.conf @@ -0,0 +1,4 @@ +if (-f $document_root/maintenance.html) { + more_set_headers "Content-Type: application/json; charset=UTF-8"; + return 503 '{"code": 503, "reason": "Service maintenance"}'; +} diff --git a/ansible/roles/configure-nginx/files/backend-proxy-cache.conf b/ansible/roles/configure-nginx/files/backend-proxy-cache.conf new file mode 100644 index 0000000..1b6e31f --- /dev/null +++ b/ansible/roles/configure-nginx/files/backend-proxy-cache.conf @@ -0,0 +1,6 @@ +# Proxy cache, disabled for now. +# proxy_cache BACKEND; +# proxy_cache_key $proxy_host$uri$is_args$args; +# proxy_cache_lock on; +# proxy_cache_lock_timeout 2s; +# proxy_cache_valid 3h; diff --git a/ansible/roles/configure-nginx/files/backend-proxy.conf b/ansible/roles/configure-nginx/files/backend-proxy.conf new file mode 100644 index 0000000..6acd1fe --- /dev/null +++ b/ansible/roles/configure-nginx/files/backend-proxy.conf @@ -0,0 +1,13 @@ +proxy_buffers 32 8k; +proxy_buffer_size 8k; +proxy_busy_buffers_size 64k; +proxy_pass_header Server; +proxy_set_header Host $http_host; +proxy_redirect off; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Scheme $scheme; +proxy_connect_timeout 9s; +proxy_send_timeout 9s; +proxy_read_timeout 9s; +proxy_pass http://backends; diff --git a/ansible/roles/configure-nginx/tasks/main.yml b/ansible/roles/configure-nginx/tasks/main.yml index 38a1e2e..78b0668 100644 --- a/ansible/roles/configure-nginx/tasks/main.yml +++ b/ansible/roles/configure-nginx/tasks/main.yml @@ -98,3 +98,46 @@ - reload-nginx tags: - web-server + +- name: Does the nginx custom directory exists? + file: path=/etc/nginx/custom/ + state=directory + owner=root + group=root + notify: + - reload-nginx + tags: + - web-server + +- name: Copy backend maintenance configuration + copy: src=backend-maintenance.conf + dest=/etc/nginx/custom/backend-maintenance.conf + owner=root + group=root + mode=0644 + notify: + - reload-nginx + tags: + - web-server + +- name: Copy backend proxy cache configuration + copy: src=backend-proxy-cache.conf + dest=/etc/nginx/custom/backend-proxy-cache.conf + owner=root + group=root + mode=0644 + notify: + - reload-nginx + tags: + - web-server + +- name: Copy backend proxy configuration + copy: src=backend-proxy.conf + dest=/etc/nginx/custom/backend-proxy.conf + owner=root + group=root + mode=0644 + notify: + - reload-nginx + tags: + - web-server diff --git a/ansible/roles/configure-nginx/templates/backend-nginx.conf b/ansible/roles/configure-nginx/templates/backend-nginx.conf index 9504de4..36ea1c7 100644 --- a/ansible/roles/configure-nginx/templates/backend-nginx.conf +++ b/ansible/roles/configure-nginx/templates/backend-nginx.conf @@ -49,35 +49,19 @@ server { add_header Cache-Control "public"; } - location ~* /(?:(count|jobs?|defconfigs?|boots?|tokens?|batch|bisect|labs?|version|reports?|send|upload|tests?|trigger)(.*)(?!(\.(html?|json|css|js|png|jpe?g|ico|svg))))$ { + location ~ ^/(?:upload)(.*)$ { + client_max_body_size 501m; - if (-f $document_root/maintenance.html) { - more_set_headers "Content-Type: application/json; charset=UTF-8"; - return 503 '{"code": 503, "reason": "Service maintenance"}'; - } + include /etc/nginx/custom/backend-maintenance.conf; + include /etc/nginx/custom/backend-proxy.conf; + } - client_max_body_size 501m; + location ~ ^/(?:count|jobs?|defconfigs?|boots?|tokens?|batch|bisect|labs?|version|reports?|send|tests?|trigger)(?!(\.(html?|json|css|js|png|jpe?g|ico|svg)))$ { + client_max_body_size 10m; expires 30m; - # Proxy cache, disabled for now. - # proxy_cache BACKEND; - # proxy_cache_key $proxy_host$uri$is_args$args; - # proxy_cache_lock on; - # proxy_cache_lock_timeout 2s; - # proxy_cache_valid 3h; - - proxy_buffers 32 8k; - proxy_buffer_size 8k; - proxy_busy_buffers_size 64k; - proxy_pass_header Server; - proxy_set_header Host $http_host; - proxy_redirect off; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 9s; - proxy_send_timeout 9s; - proxy_read_timeout 9s; - proxy_pass http://backends; + include /etc/nginx/custom/backend-maintenance.conf; + include /etc/nginx/custom/backend-proxy-cache.conf; + include /etc/nginx/custom/backend-proxy.conf; } } |