Improved nginx config: Provide template and includes

Packaging is done via %config(noreplace) as this should make the life easier for the operator. See https://www.cl.cam.ac.uk/~jw35/docs/rpm_config.html
os-autoinst · Jul 4, 2023 · 68eef2e · 68eef2e
1 parent 1f46d94
commit 68eef2e
Show file tree

Hide file tree

Showing 6 changed files with 90 additions and 82 deletions.
diff --git a/Makefile b/Makefile
@@ -83,7 +83,10 @@ install-generic:
 		install -m 644 etc/apache2/vhosts.d/$$i "$(DESTDIR)"/etc/apache2/vhosts.d ;\
 	done
 
-	install -D -m 644 etc/nginx/vhosts.d/openqa.conf "$(DESTDIR)"/etc/nginx/vhosts.d/openqa.conf
+	install -d -m 755 "$(DESTDIR)"/etc/nginx/vhosts.d
+	for i in openqa-locations.inc openqa-upstreams.inc openqa.conf.template; do \
+		install -m 644 etc/nginx/vhosts.d/$$i "$(DESTDIR)"/etc/nginx/vhosts.d ;\
+	done
 
 	install -D -m 640 etc/openqa/client.conf "$(DESTDIR)"/etc/openqa/client.conf
 	install -D -m 644 etc/openqa/workers.ini "$(DESTDIR)"/etc/openqa/workers.ini

diff --git a/dist/rpm/openQA.spec b/dist/rpm/openQA.spec
@@ -461,7 +461,7 @@ fi
 
 if [ $1 -eq 1 ]; then
     echo "### copy and edit %{_sysconfdir}/apache2/vhosts.d/openqa.conf.template if using apache!"
-    echo "### see %{_sysconfdir}/nginx/vhosts.d/openqa.conf if using nginx!"
+    echo "### copy and edit %{_sysconfdir}/nginx/vhosts.d/openqa.conf.template if using nginx!"
     echo "### run sudo %{_datadir}/openqa/script/fetchneedles"
 else
     if [ -d "%{_localstatedir}/lib/openqa/share/testresults" ]; then
@@ -553,12 +553,14 @@ fi
 %dir %{_sysconfdir}/apache2
 %dir %{_sysconfdir}/apache2/vhosts.d
 %config %{_sysconfdir}/apache2/vhosts.d/openqa.conf.template
-%config %{_sysconfdir}/apache2/vhosts.d/openqa-common.inc
+%config(noreplace) %{_sysconfdir}/apache2/vhosts.d/openqa-common.inc
 %config %{_sysconfdir}/apache2/vhosts.d/openqa-ssl.conf.template
 # nginx vhost
 %dir %{_sysconfdir}/nginx
 %dir %{_sysconfdir}/nginx/vhosts.d
-%config %{_sysconfdir}/nginx/vhosts.d/openqa.conf
+%config %{_sysconfdir}/nginx/vhosts.d/openqa.conf.template
+%config(noreplace) %{_sysconfdir}/nginx/vhosts.d/openqa-locations.inc
+%config(noreplace) %{_sysconfdir}/nginx/vhosts.d/openqa-upstreams.inc
 # apparmor profile
 %dir %{_sysconfdir}/apparmor.d
 %config %{_sysconfdir}/apparmor.d/usr.share.openqa.script.openqa

diff --git a/etc/nginx/vhosts.d/openqa-locations.inc b/etc/nginx/vhosts.d/openqa-locations.inc
@@ -0,0 +1,58 @@
+root /usr/share/openqa/public;
+
+client_max_body_size 0;
+
+# The "client_body_buffer_size" value should usually be larger
+# than the UPLOAD_CHUNK_SIZE used by openQA workers, so there is
+# no excessive buffering to disk
+client_body_buffer_size 2m;
+
+# Default is exact which would need an exact match of Last-Modified
+if_modified_since before;
+
+## Optional faster assets downloads for large deployments
+#location /assets {
+#    alias /var/lib/openqa/share/factory;
+#    tcp_nopush         on;
+#    sendfile           on;
+#    sendfile_max_chunk 1m;
+#}
+#
+## Optional faster image downloads for large deployments
+#location /image {
+#    alias /var/lib/openqa/images;
+#    tcp_nopush         on;
+#    sendfile           on;
+#    sendfile_max_chunk 1m;
+#}
+
+location /api/v1/ws/ {
+    proxy_pass http://websocket;
+    proxy_http_version 1.1;
+    proxy_read_timeout 3600;
+    proxy_send_timeout 3600;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host $host;
+}
+
+location /liveviewhandler/ {
+    proxy_pass http://livehandler;
+    proxy_http_version 1.1;
+    proxy_read_timeout 3600;
+    proxy_send_timeout 3600;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host $host;
+}
+
+location / {
+    proxy_pass "http://webui";
+    tcp_nodelay        on;
+    proxy_read_timeout 900;
+    proxy_send_timeout 900;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Host $host:$server_port;
+    proxy_set_header X-Forwarded-Server $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+}
diff --git a/etc/nginx/vhosts.d/openqa-upstreams.inc b/etc/nginx/vhosts.d/openqa-upstreams.inc
@@ -0,0 +1,14 @@
+# The "max_conns" value should be identical to the maximum number of
+# connections the webui is configured to handle concurrently
+upstream webui {
+    zone upstream_webui 64k;
+    server [::1]:9526 max_conns=30;
+}
+
+upstream websocket {
+    server [::1]:9527;
+}
+
+upstream livehandler {
+    server [::1]:9528;
+}
diff --git a/etc/nginx/vhosts.d/openqa.conf b/etc/nginx/vhosts.d/openqa.conf
diff --git a/etc/nginx/vhosts.d/openqa.conf.template b/etc/nginx/vhosts.d/openqa.conf.template
@@ -0,0 +1,9 @@
+include vhosts.d/openqa-upstreams.inc;
+
+server {
+    listen       80 default_server;
+    listen       [::1]:80 default_server;
+    server_name  openqa.example.com;
+
+    include vhosts.d/openqa-locations.inc;
+}