fixes #1818

2025-01-03 14:37:44 +01:00 · 2017-03-28 10:11:13 +08:00 · 2017-03-28 10:11:13 +08:00 · 715d87dc80
commit 715d87dc80
parent 411b43bf0c
2 changed files with 12 additions and 8 deletions
--- a/make/common/templates/nginx/notary.server.conf
+++ b/make/common/templates/nginx/notary.server.conf
@ -2,8 +2,8 @@
    listen 4443 ssl;

    # ssl
-    ssl_certificate /etc/nginx/cert/server.crt;
-    ssl_certificate_key /etc/nginx/cert/server.key;
+    ssl_certificate $ssl_cert;
+    ssl_certificate_key $ssl_cert_key;
  
    # recommendations from https://raymii.org/s/tutorials/strong_ssl_security_on_nginx.html
    ssl_protocols tlsv1.1 tlsv1.2;
@ -19,12 +19,12 @@

    location /v2/ {
      proxy_pass http://notary-server/v2/;
-      proxy_set_header Host $http_host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header Host $$http_host;
+      proxy_set_header X-Real-IP $$remote_addr;
+      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;

      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Forwarded-Proto $$scheme;

      proxy_buffering off;
      proxy_request_buffering off;
--- a/make/prepare
+++ b/make/prepare
@ -57,7 +57,7 @@ def _get_secret(folder, filename, length=16):
            print("loaded secret from file: %s" % key_file)
        return key
    if not os.path.isdir(folder):
-        os.makedirs(path, mode=0600)
+        os.makedirs(folder, mode=0600)
    key = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(length))  
    with open(key_file, 'w') as f:
        f.write(key)
@ -349,7 +349,11 @@ if args.notary_mode:

    print("Copying nginx configuration file for notary")
    shutil.copy2(os.path.join(templates_dir, "nginx", "notary.upstream.conf"), nginx_conf_d)
-    shutil.copy2(os.path.join(templates_dir, "nginx", "notary.server.conf"), nginx_conf_d)
+    render(os.path.join(templates_dir, "nginx", "notary.server.conf"), 
+            os.path.join(nginx_conf_d, "notary.server.conf"), 
+            ssl_cert = os.path.join("/etc/nginx/cert", os.path.basename(target_cert_path)),
+            ssl_cert_key = os.path.join("/etc/nginx/cert", os.path.basename(target_cert_key_path)))
+

    default_alias = get_alias(secretkey_path)
    render(os.path.join(notary_temp_dir, "signer_env"), os.path.join(notary_config_dir, "signer_env"), alias = default_alias)