diff options
| author | Chris Austen <austenc@us.ibm.com> | 2017-09-29 18:30:03 -0500 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-05-04 02:54:40 +0000 |
| commit | 7584d4373bd46d7c391f499808fba730796c7d33 (patch) | |
| tree | c802572ad29c6a4cd0bfd1f7d0e8c0070ff695cd /meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd | |
| parent | 13cd0ca77e25735c1188bba55b3c7f5d735951fb (diff) | |
| download | talos-openbmc-7584d4373bd46d7c391f499808fba730796c7d33.tar.gz talos-openbmc-7584d4373bd46d7c391f499808fba730796c7d33.zip | |
Move phosphor-gevent to http and enable nginx on 443
phosphor-gevent will be moved to internal http,
nginx will be the front end web server, and will
redirect all traffic internally to gevent.
test cases passed with...
tox -e palmetto -- tests/test_rest_interfaces.robot
Testing:
- Before testing suite completed in 1:18
After nginx control 443 suite finished in 0:45 seconds
- Also verified web interface still loads when going
to system name in web browser (http and https)
- Verified code update with full 20MB image still works
- Verified dump can be generated and retrieved
- Verified that when the same IP requests 2 image uploads
at same time, Nginx serializes them
Change-Id: Ifcd61cf22bd8f6ea0536fe706eba8e45ec85e7c3
Signed-Off-by: Chris Austen <austenc@us.ibm.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd')
| -rw-r--r-- | meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.conf | 14 | ||||
| -rw-r--r-- | meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.service | 4 |
2 files changed, 15 insertions, 3 deletions
diff --git a/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.conf b/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.conf index 516973c12..d788fd2ec 100644 --- a/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.conf +++ b/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.conf @@ -42,8 +42,16 @@ http { client_header_buffer_size 1k; large_client_header_buffers 4 8k; + # redirect all http traffic to https server { - listen 8081 ssl; + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl; server_name 127.0.0.1; ssl on; @@ -61,7 +69,7 @@ http { # is not listening on. This generates an error msg to # the journal. Nginx then uses the 127.0.0.1 and everything # works fine but want to avoid the error msg to the log. - proxy_pass https://127.0.0.1:443/; + proxy_pass http://127.0.0.1:8081/; } location ~ (/org/openbmc/control/flash/bmc/action/update|/upload/image|/download/dump) { # Marked as 32MB to allow for firmware image updating and dump @@ -71,7 +79,7 @@ http { # Only 1 connection at a time here from an IP limit_conn addr 1; - proxy_pass https://127.0.0.1:443; + proxy_pass http://127.0.0.1:8081; } include /etc/nginx/sites-enabled/443_*.conf; diff --git a/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.service b/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.service index 587349127..3f9dd3de6 100644 --- a/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.service +++ b/meta-openbmc-machines/meta-openpower/meta-ibm/recipes-httpd/nginx/files/nginx.service @@ -4,6 +4,7 @@ After=network.target [Service] Type=forking +SyslogIdentifier=nginx ExecStartPre=/usr/bin/env gen-cert.sh ExecStartPre=-/usr/bin/env mkdir /var/volatile/nginx/ ExecStartPre=/usr/bin/env nginx -t -p /var/volatile/nginx @@ -11,6 +12,9 @@ ExecStart=/usr/bin/env nginx -p /var/volatile/nginx ExecReload=/usr/bin/env kill -s HUP $MAINPID ExecStop=/usr/bin/env kill -s QUIT $MAINPID PrivateTmp=true +# First time on system takes longer for initial setup so +# give double normal timeout +TimeoutStartSec=180 [Install] WantedBy={SYSTEMD_DEFAULT_TARGET} |
