diff --git a/stack/monitor/buildout.cfg b/stack/monitor/buildout.cfg index 6cd24b63b7ba5a5ea067bd251a94610242372fb9..9dd57a72f4e67b56542d56db10c80e9107696518 100644 --- a/stack/monitor/buildout.cfg +++ b/stack/monitor/buildout.cfg @@ -2,8 +2,10 @@ extends = ../../component/dcron/buildout.cfg + ../../component/openssl/buildout.cfg + ../../component/nginx/buildout.cfg -parts = +parts += backup-script-template collective.recipe.template-egg dcron @@ -12,8 +14,10 @@ parts = make-rss monitor-bin monitor-template + nginx rss-bin slapos-cookbook + template-nginx-conf [collective.recipe.template-egg] recipe = zc.recipe.egg @@ -71,12 +75,13 @@ output = $${directory:services}/crond mode = 0700 logfile = $${directory:log}/crond.log -#[status2rss] -#recipe = slapos.recipe.download -#url = ${:_profile_base_location_}/status2rss.py -#md5sum = 916f37f083b1ef391adea2f7a717bf8a -#location = ${buildout:parts-directory}/${:_buildout_section_name_}/status2rss.py -#mode = 0644 +[template-nginx-conf] +recipe = hexagonit.recipe.download +url = ${:_profile_base_location_}/${:filename} +download-only = true +#md5sum = +filename = nginx_rss.conf.in +mode = 0644 [eggs] recipe = z3c.recipe.scripts diff --git a/stack/monitor/monitor.cfg.in b/stack/monitor/monitor.cfg.in index 4cef1bbb9bae2c5d09782f56023e16ff475423d3..27af492574d523d7f9a2aeebd0c2192819475d1d 100644 --- a/stack/monitor/monitor.cfg.in +++ b/stack/monitor/monitor.cfg.in @@ -1,8 +1,19 @@ +[slap-parameters] +recipe = slapos.cookbook:slapconfiguration +computer = $${slap-connection:computer-id} +partition = $${slap-connection:partition-id} +url = $${slap-connection:server-url} +key = $${slap-connection:key-file} +cert = $${slap-connection:cert-file} + [directory] home = $${buildout:directory} etc = $${:home}/etc bin = $${:home}/bin +srv = $${:home}/srv + var = $${:home}/var +ca-dir = $${:srv}/ssl cron-entries = $${:etc}/cron.d crontabs = $${:etc}/crontabs cronstamps = $${:etc}/cronstamps @@ -10,6 +21,10 @@ log = $${:var}/log monitor = $${:etc}/monitor monitor-result = $${:var}/monitor promise = $${:etc}/promise +run = $${:etc}/run +service = $${:etc}/service/ +tmp = $${:home}/tmp +www = $${:var}/www [cron] recipe = slapos.cookbook:cron @@ -74,4 +89,74 @@ recipe = slapos.recipe.template url = ${make-rss-script:output} output = $${directory:bin}/make-rss.sh #md5sum = -mode = 0744 \ No newline at end of file +mode = 0744 + +[tempdirectory] +recipe = slapos.cookbook:mkdirectory +client_body_temp_path = $${directory:tmp}/client_body_temp_path +proxy_temp_path = $${directory:tmp}/proxy_temp_path +fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path +uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path +scgi_temp_path = $${directory:tmp}/scgi_temp_path + +[cadirectory] +recipe = slapos.cookbook:mkdirectory +requests = $${directory:ca-dir}/requests/ +private = $${directory:ca-dir}/private/ +certs = $${directory:ca-dir}/certs/ +newcerts = $${directory:ca-dir}/newcerts/ +crl = $${directory:ca-dir}/crl/ + +[certificate-authority] +recipe = slapos.cookbook:certificate_authority +openssl-binary = ${openssl:location}/bin/openssl +ca-dir = $${directory:ca-dir} +requests-directory = $${cadirectory:requests} +wrapper = $${directory:service}/certificate_authority +ca-private = $${cadirectory:private} +ca-certs = $${cadirectory:certs} +ca-newcerts = $${cadirectory:newcerts} +ca-crl = $${cadirectory:crl} + +[ca-nginx] +<= certificate-authority +recipe = slapos.cookbook:certificate_authority.request +key-file = $${cadirectory:certs}/nginx_rss.key +cert-file = $${cadirectory:certs}/nginx_rss.crt +executable = $${nginx-parameters:bin_launcher} +wrapper = $${directory:service}/nginx-rss +# Put domain name +name = example.com + +[nginx-parameters] +nb_workers = 2 +port = 9685 +global-ip = $${slap-parameters:ipv6} +# SSL +ssl-certificate = $${ca-nginx:cert-file} +ssl-key = $${ca-nginx:key-file} +# Log +path_pid = $${directory:run}/nginx.pid +path_log = $${directory:log}/nginx.log +path_access_log = $${directory:log}/nginx.access.log +path_error_log = $${directory:log}/nginx.error.log +path_tmp = $${directory:tmp} +# Config files +nginx_conf = $${nginx-conf:rendered} +# Executables +bin_nginx = ${nginx:location}/sbin/nginx +bin_launcher = $${directory:bin}/nginx-launcher +www = $${directory:www} + +[nginx-conf] +recipe = slapos.recipe.template:jinja2 +template = ${template-nginx-conf:location}/${template-nginx-conf:filename} +rendered = $${directory:etc}/nginx_rss.conf +context = + section param_nginx nginx-parameters + section param_tempdir tempdirectory + +[nginx-service] +recipe = slapos.cookbook:wrapper +wrapper-path = $${nginx-parameters:bin_launcher} +command-line = $${nginx-parameters:bin_nginx} -c $${nginx-parameters:nginx_conf} \ No newline at end of file diff --git a/stack/monitor/nginx_rss.conf.in b/stack/monitor/nginx_rss.conf.in new file mode 100644 index 0000000000000000000000000000000000000000..98c539b24f9f40f1eda6ee96e2e224541cea5b3f --- /dev/null +++ b/stack/monitor/nginx_rss.conf.in @@ -0,0 +1,49 @@ +worker_processes {{ param_nginx['nb_workers'] }}; + +pid {{ param_nginx['path_pid'] }}; +error_log {{ param_nginx['path_error_log'] }}; + +daemon off; + +events { + worker_connections 1024; + accept_mutex off; +} + +http { + default_type application/octet-stream; + access_log {{ param_nginx['path_access_log'] }} combined; + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + gzip on; + gzip_disable "msie6"; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; + + server { + listen [{{ param_nginx['global-ip'].pop() }}]:{{ param_nginx['port'] }} ssl; + server_name _; + ssl_certificate {{ param_nginx['ssl-certificate'] }}; + ssl_certificate_key {{ param_nginx['ssl-key'] }}; + ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + + keepalive_timeout 90s; + client_body_temp_path {{ param_tempdir['client_body_temp_path'] }}; + proxy_temp_path {{ param_tempdir['proxy_temp_path'] }}; + fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }}; + uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }}; + scgi_temp_path {{ param_tempdir['scgi_temp_path'] }}; + + location / { + root {{ param_nginx['www'] }}; + } + } +} \ No newline at end of file