From 9d87279152ac46e742dc8199d04da48b12d794b9 Mon Sep 17 00:00:00 2001
From: Tan Jiang <jiangd@vmware.com>
Date: Thu, 16 Mar 2017 16:09:05 +0800
Subject: [PATCH] fix #1570, #1628

---
 make/common/templates/nginx/nginx.https.conf    | 17 +++--------------
 .../common/templates/nginx/notary.location.conf | 12 ++++++++++++
 .../{nginx.notary.conf => notary.upstream.conf} |  0
 make/prepare                                    | 14 +++++++++-----
 4 files changed, 24 insertions(+), 19 deletions(-)
 create mode 100644 make/common/templates/nginx/notary.location.conf
 rename make/common/templates/nginx/{nginx.notary.conf => notary.upstream.conf} (100%)

diff --git a/make/common/templates/nginx/nginx.https.conf b/make/common/templates/nginx/nginx.https.conf
index 90fe55705..46cbc0e07 100644
--- a/make/common/templates/nginx/nginx.https.conf
+++ b/make/common/templates/nginx/nginx.https.conf
@@ -8,7 +8,7 @@ events {
 
 http {
   tcp_nodelay on;
-  include /etc/nginx/conf.d/*.conf;
+  include /etc/nginx/conf.d/*.upstream.conf;
 
   # this is necessary for us to be able to disable request buffering in all cases
   proxy_http_version 1.1;
@@ -42,6 +42,8 @@ http {
     # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
     chunked_transfer_encoding on;
 
+    include /etc/nginx/conf.d/*.location.conf;
+
     location / {
       proxy_pass http://ui/;
       proxy_set_header Host $$http_host;
@@ -62,19 +64,6 @@ http {
       return 404;
     }
 
-    location /notary/v2/ {
-      proxy_pass http://notary-server/v2/;
-      proxy_set_header Host $$http_host;
-      proxy_set_header X-Real-IP $$remote_addr;
-      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-    
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $$scheme;
-
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
     location /v2/ {
       proxy_pass http://registry/v2/;
       proxy_set_header Host $$http_host;
diff --git a/make/common/templates/nginx/notary.location.conf b/make/common/templates/nginx/notary.location.conf
new file mode 100644
index 000000000..66d5fa304
--- /dev/null
+++ b/make/common/templates/nginx/notary.location.conf
@@ -0,0 +1,12 @@
+location /notary/v2/ {
+  proxy_pass http://notary-server/v2/;
+  proxy_set_header Host $$http_host;
+  proxy_set_header X-Real-IP $$remote_addr;
+  proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
+
+  # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
+  proxy_set_header X-Forwarded-Proto $$scheme;
+
+  proxy_buffering off;
+  proxy_request_buffering off;
+}
diff --git a/make/common/templates/nginx/nginx.notary.conf b/make/common/templates/nginx/notary.upstream.conf
similarity index 100%
rename from make/common/templates/nginx/nginx.notary.conf
rename to make/common/templates/nginx/notary.upstream.conf
diff --git a/make/prepare b/make/prepare
index 8f47bd96f..2d0ddc67a 100755
--- a/make/prepare
+++ b/make/prepare
@@ -147,7 +147,10 @@ token_expiration = rcp.get("configuration", "token_expiration")
 verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
 proj_cre_restriction = rcp.get("configuration", "project_creation_restriction")
 secretkey_path = rcp.get("configuration", "secretkey_path")
-admiral_url = rcp.get("configuration", "admiral_url")
+if rcp.has_option("configuration", "admiral_url"):
+    admiral_url = rcp.get("configuration", "admiral_url")
+else:
+    admiral_url = ""
 secret_key = get_secret_key(secretkey_path)
 ########
 
@@ -313,20 +316,21 @@ if args.notary_mode:
         shutil.rmtree(os.path.join(notary_config_dir, "mysql-initdb.d"))
     shutil.copytree(os.path.join(notary_temp_dir, "mysql-initdb.d"), os.path.join(notary_config_dir, "mysql-initdb.d")) 
     #TODO:generate certs?
-    print ("Copying certs for notary signer")
+    print("Copying certs for notary signer")
     shutil.copy2(os.path.join(notary_temp_dir, "notary-signer.crt"), notary_config_dir)
     shutil.copy2(os.path.join(notary_temp_dir, "notary-signer.key"), notary_config_dir)
     shutil.copy2(os.path.join(notary_temp_dir, "root-ca.crt"), notary_config_dir)
 
     shutil.copy2(os.path.join(registry_config_dir, "root.crt"), notary_config_dir)
-    print ("Copying notary signer configuration file")
+    print("Copying notary signer configuration file")
     shutil.copy2(os.path.join(notary_temp_dir, "signer-config.json"), notary_config_dir)
     render(os.path.join(notary_temp_dir, "server-config.json"),
         os.path.join(notary_config_dir, "server-config.json"),
         token_endpoint=ui_url)
 
-    print ("Copying nginx configuration file for notary")
-    shutil.copy2(os.path.join(templates_dir, "nginx", "nginx.notary.conf"), nginx_conf_d)
+    print("Copying nginx configuration file for notary")
+    shutil.copy2(os.path.join(templates_dir, "nginx", "notary.upstream.conf"), nginx_conf_d)
+    shutil.copy2(os.path.join(templates_dir, "nginx", "notary.location.conf"), nginx_conf_d)
 
     default_alias = ''.join(random.choice(string.ascii_letters) for i in range(8))
     render(os.path.join(notary_temp_dir, "signer_env"), os.path.join(notary_config_dir, "signer_env"), alias = default_alias)