Move phosphor-gevent to http and enable nginx on 443
phosphor-gevent will be moved to internal http,
nginx will be the front end web server, and will
redirect all traffic internally to gevent.
test cases passed with...
tox -e palmetto -- tests/test_rest_interfaces.robot
Testing:
- Before testing suite completed in 1:18
After nginx control 443 suite finished in 0:45 seconds
- Also verified web interface still loads when going
to system name in web browser (http and https)
- Verified code update with full 20MB image still works
- Verified dump can be generated and retrieved
- Verified that when the same IP requests 2 image uploads
at same time, Nginx serializes them
Change-Id: Ifcd61cf22bd8f6ea0536fe706eba8e45ec85e7c3
Signed-Off-by: Chris Austen <austenc@us.ibm.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/recipes-httpd/nginx/files/nginx.conf b/recipes-httpd/nginx/files/nginx.conf
index 516973c..d788fd2 100644
--- a/recipes-httpd/nginx/files/nginx.conf
+++ b/recipes-httpd/nginx/files/nginx.conf
@@ -42,8 +42,16 @@
client_header_buffer_size 1k;
large_client_header_buffers 4 8k;
+ # redirect all http traffic to https
server {
- listen 8081 ssl;
+ listen 80 default_server;
+ listen [::]:80 default_server;
+ server_name _;
+ return 301 https://$host$request_uri;
+ }
+
+ server {
+ listen 443 ssl;
server_name 127.0.0.1;
ssl on;
@@ -61,7 +69,7 @@
# is not listening on. This generates an error msg to
# the journal. Nginx then uses the 127.0.0.1 and everything
# works fine but want to avoid the error msg to the log.
- proxy_pass https://127.0.0.1:443/;
+ proxy_pass http://127.0.0.1:8081/;
}
location ~ (/org/openbmc/control/flash/bmc/action/update|/upload/image|/download/dump) {
# Marked as 32MB to allow for firmware image updating and dump
@@ -71,7 +79,7 @@
# Only 1 connection at a time here from an IP
limit_conn addr 1;
- proxy_pass https://127.0.0.1:443;
+ proxy_pass http://127.0.0.1:8081;
}
include /etc/nginx/sites-enabled/443_*.conf;
diff --git a/recipes-httpd/nginx/files/nginx.service b/recipes-httpd/nginx/files/nginx.service
index 5873491..3f9dd3d 100644
--- a/recipes-httpd/nginx/files/nginx.service
+++ b/recipes-httpd/nginx/files/nginx.service
@@ -4,6 +4,7 @@
[Service]
Type=forking
+SyslogIdentifier=nginx
ExecStartPre=/usr/bin/env gen-cert.sh
ExecStartPre=-/usr/bin/env mkdir /var/volatile/nginx/
ExecStartPre=/usr/bin/env nginx -t -p /var/volatile/nginx
@@ -11,6 +12,9 @@
ExecReload=/usr/bin/env kill -s HUP $MAINPID
ExecStop=/usr/bin/env kill -s QUIT $MAINPID
PrivateTmp=true
+# First time on system takes longer for initial setup so
+# give double normal timeout
+TimeoutStartSec=180
[Install]
WantedBy={SYSTEMD_DEFAULT_TARGET}
diff --git a/recipes-phosphor/phosphor-gevent/phosphor-gevent.bbappend b/recipes-phosphor/phosphor-gevent/phosphor-gevent.bbappend
new file mode 100644
index 0000000..6dd263b
--- /dev/null
+++ b/recipes-phosphor/phosphor-gevent/phosphor-gevent.bbappend
@@ -0,0 +1,4 @@
+SUMMARY = "Modifications to support Nginx"
+
+# override service and socket file to use nginx
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
diff --git a/recipes-phosphor/phosphor-gevent/phosphor-gevent/phosphor-gevent.service b/recipes-phosphor/phosphor-gevent/phosphor-gevent/phosphor-gevent.service
new file mode 100644
index 0000000..6b4e77f
--- /dev/null
+++ b/recipes-phosphor/phosphor-gevent/phosphor-gevent/phosphor-gevent.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Phosphor REST Server
+After=network.target
+After=obmc-webserver-pre.target
+
+[Service]
+Restart=always
+ExecStart=/usr/bin/env phosphor-gevent $APPLICATION --no-ssl
+SyslogIdentifier=phosphor-gevent
+Environment="PYTHONUNBUFFERED=1"
+EnvironmentFile={envfiledir}/obmc/wsgi_app
diff --git a/recipes-phosphor/phosphor-gevent/phosphor-gevent/phosphor-gevent.socket b/recipes-phosphor/phosphor-gevent/phosphor-gevent/phosphor-gevent.socket
new file mode 100644
index 0000000..f7fde31
--- /dev/null
+++ b/recipes-phosphor/phosphor-gevent/phosphor-gevent/phosphor-gevent.socket
@@ -0,0 +1,8 @@
+[Unit]
+Description=Phosphor Webserver socket
+
+[Socket]
+ListenStream=127.0.0.1:8081
+
+[Install]
+WantedBy=sockets.target