openfrontier · s-friedman · Feb 28, 2016
diff --git a/.gitignore b/.gitignore
@@ -1 +1,3 @@
 proxy.conf
+cert.key
+cert.crt
diff --git a/createNginx.sh b/createNginx.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -x
 set -e
 GERRIT_NAME=${GERRIT_NAME:-gerrit}
 JENKINS_NAME=${JENKINS_NAME:-jenkins}
@@ -9,40 +9,42 @@ NGINX_IMAGE_NAME=${NGINX_IMAGE_NAME:-nginx}
 NGINX_NAME=${NGINX_NAME:-proxy}
 NGINX_MAX_UPLOAD_SIZE=${NGINX_MAX_UPLOAD_SIZE:-200m}
 
+NGINX_USE_HTTPS=${NGINX_USE_HTTPS:-1}
+
+if [ ${NGINX_USE_HTTPS} -eq 1 ]; then
+    if [ ! -e ~/nginx-docker/cert.key ]; then
+        openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout cert.key -out cert.crt
+    fi
+fi
+
 PROXY_CONF=proxy.conf
 
 # Setup proxy URI
+
+~/nginx-docker/proxyconf.sh > ~/nginx-docker/${PROXY_CONF}
+
+args=( run \
+      --name ${NGINX_NAME} \
+      --link ${GERRIT_NAME}:${GERRIT_NAME} \
+      --link ${JENKINS_NAME}:${JENKINS_NAME} \
+      --link ${REDMINE_NAME}:${REDMINE_NAME} )
+
 if [ ${#NEXUS_WEBURL} -eq 0 ]; then
-    sed "s/{{HOST_URL}}/${HOST_NAME}/g" ~/nginx-docker/${PROXY_CONF}.nexus.template > ~/nginx-docker/${PROXY_CONF}
+    args+=( --link ${NEXUS_NAME}:${NEXUS_NAME} \
+            -v ~/nginx-docker/directory.nexus.html:/usr/share/nginx/html/directory.html:ro )
 else
-    sed "s/{{HOST_URL}}/${HOST_NAME}/g" ~/nginx-docker/${PROXY_CONF}.template > ~/nginx-docker/${PROXY_CONF}
+    args+=( -v ~/nginx-docker/directory.html:/usr/share/nginx/html/directory.html:ro )
 fi
-sed -i "s/{GERRIT_URI}/${GERRIT_NAME}/g" ~/nginx-docker/${PROXY_CONF}
-sed -i "s/{JENKINS_URI}/${JENKINS_NAME}/g" ~/nginx-docker/${PROXY_CONF}
-sed -i "s/{REDMINE_URI}/${REDMINE_NAME}/g" ~/nginx-docker/${PROXY_CONF}
-sed -i "s/{NEXUS_URI}/${NEXUS_NAME}/g" ~/nginx-docker/${PROXY_CONF}
-sed -i "s/{{NGINX_MAX_UPLOAD_SIZE}}/${NGINX_MAX_UPLOAD_SIZE}/g" ~/nginx-docker/${PROXY_CONF}
-
-# Start proxy
-if [ ${#NEXUS_WEBURL} -eq 0 ]; then #proxy nexus
-    docker run \
-    --name ${NGINX_NAME} \
-    --link ${GERRIT_NAME}:${GERRIT_NAME} \
-    --link ${JENKINS_NAME}:${JENKINS_NAME} \
-    --link ${REDMINE_NAME}:${REDMINE_NAME} \
-    --link ${NEXUS_NAME}:${NEXUS_NAME} \
-    -p 80:80 \
-    -v ~/nginx-docker/${PROXY_CONF}:/etc/nginx/conf.d/default.conf:ro \
-    -v ~/nginx-docker/directory.nexus.html:/usr/share/nginx/html/directory.html:ro \
-    -d ${NGINX_IMAGE_NAME}
-else #without nexus
-    docker run \
-    --name ${NGINX_NAME} \
-    --link ${GERRIT_NAME}:${GERRIT_NAME} \
-    --link ${JENKINS_NAME}:${JENKINS_NAME} \
-    --link ${REDMINE_NAME}:${REDMINE_NAME} \
-    -p 80:80 \
-    -v ~/nginx-docker/${PROXY_CONF}:/etc/nginx/conf.d/default.conf:ro \
-    -v ~/nginx-docker/directory.html:/usr/share/nginx/html/directory.html:ro \
-    -d ${NGINX_IMAGE_NAME}
+
+if [ ${NGINX_USE_HTTPS} -eq 1 ]; then
+    args+=( -v ~/nginx-docker/cert.crt:/etc/nginx/cert.crt:ro \
+            -v ~/nginx-docker/cert.key:/etc/nginx/cert.key:ro \
+            -p 443:443 )
 fi
+
+args+=( -p 80:80 \
+        -v ~/nginx-docker/${PROXY_CONF}:/etc/nginx/conf.d/default.conf:ro )
+args+=( -d ${NGINX_IMAGE_NAME} )
+
+docker ${args[@]}
+
diff --git a/proxy.conf.nexus.template b/proxy.conf.nexus.template
diff --git a/proxy.conf.template b/proxy.conf.template
diff --git a/proxyconf.sh b/proxyconf.sh
@@ -0,0 +1,112 @@
+#! /bin/bash
+
+set -e
+
+source ~/ci/config
+source ~/ci/config.default
+
+set -u
+
+GERRIT_NAME=${GERRIT_NAME:-gerrit}
+JENKINS_NAME=${JENKINS_NAME:-jenkins}
+REDMINE_NAME=${REDMINE_NAME:-redmine}
+NEXUS_NAME=${NEXUS_NAME:-nexus}
+NEXUS_WEBURL=${NEXUS_WEBURL:-}
+
+NGINX_IMAGE_NAME=${NGINX_IMAGE_NAME:-nginx}
+NGINX_NAME=${NGINX_NAME:-proxy}
+NGINX_MAX_UPLOAD_SIZE=${NGINX_MAX_UPLOAD_SIZE:-200m}
+
+if [ -e ~/nginx-docker/cert.key ]; then
+
+  cat << EOF
+  server {
+    listen 80;
+    return 301 https://\$host\$request_uri;
+}
+
+server {
+
+    listen 443;
+    server_name ${HOST_NAME};
+
+    ssl_certificate           /etc/nginx/cert.crt;
+    ssl_certificate_key       /etc/nginx/cert.key;
+
+    ssl on;
+    ssl_session_cache  builtin:1000  shared:SSL:10m;
+    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
+    ssl_prefer_server_ciphers on;
+EOF
+
+else
+
+  cat << EOF
+server {
+    listen       80;
+    server_name  ${HOST_NAME};
+EOF
+
+fi
+
+cat << EOF
+    client_max_body_size ${NGINX_MAX_UPLOAD_SIZE};
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  directory.html;
+    }
+
+    location /${GERRIT_NAME}/ {
+        proxy_pass    http://${GERRIT_NAME}:8080;
+        proxy_set_header    X-Forwarded-For \$remote_addr;
+        proxy_set_header    Host \$host;
+    }
+
+    location /${JENKINS_NAME} {
+        proxy_pass    http://${JENKINS_NAME}:8080;
+        proxy_set_header    X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header    X-Real-IP \$remote_addr;
+        proxy_set_header    Host \$host;
+    }
+
+    location /${REDMINE_NAME} {
+        proxy_pass    http://${REDMINE_NAME};
+        proxy_set_header    X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header    X-Real-IP \$remote_addr;
+        proxy_set_header    Host \$host;
+    }
+EOF
+
+
+if [ ${#NEXUS_WEBURL} -eq 0 ]; then
+  cat << EOF
+    location /${NEXUS_NAME} {
+        proxy_pass    http://${NEXUS_NAME}:8081;
+        proxy_set_header    X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header    X-Real-IP \$remote_addr;
+        proxy_set_header    Host \$host;
+        proxy_send_timeout 300;
+        proxy_read_timeout 300;
+        keepalive_timeout  300;
+        send_timeout       300;
+    }
+EOF
+fi
+
+cat << EOF
+    error_page  404              /directory.html;
+    location = /directory.html {
+        root   /usr/share/nginx/html;
+    }
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}
+EOF
+