17495: document the deduplication report. Fix example invocation in the
[arvados.git] / lib / boot / nginx.go
index 2d5c74594e4c6cd0873f2df37ebbd2e99595502d..0f105d6b6ca3ad8b835f90c626060edd454aa513 100644 (file)
@@ -8,6 +8,7 @@ import (
        "context"
        "fmt"
        "io/ioutil"
+       "net"
        "os"
        "os/exec"
        "path/filepath"
@@ -25,15 +26,18 @@ func (runNginx) String() string {
 }
 
 func (runNginx) Run(ctx context.Context, fail func(error), super *Supervisor) error {
+       err := super.wait(ctx, createCertificates{})
+       if err != nil {
+               return err
+       }
        vars := map[string]string{
                "LISTENHOST": super.ListenHost,
-               "SSLCERT":    filepath.Join(super.SourcePath, "services", "api", "tmp", "self-signed.pem"), // TODO: root ca
-               "SSLKEY":     filepath.Join(super.SourcePath, "services", "api", "tmp", "self-signed.key"), // TODO: root ca
+               "SSLCERT":    filepath.Join(super.tempdir, "server.crt"),
+               "SSLKEY":     filepath.Join(super.tempdir, "server.key"),
                "ACCESSLOG":  filepath.Join(super.tempdir, "nginx_access.log"),
                "ERRORLOG":   filepath.Join(super.tempdir, "nginx_error.log"),
                "TMPDIR":     super.tempdir,
        }
-       var err error
        for _, cmpt := range []struct {
                varname string
                svc     arvados.Service
@@ -43,17 +47,27 @@ func (runNginx) Run(ctx context.Context, fail func(error), super *Supervisor) er
                {"KEEPWEBDL", super.cluster.Services.WebDAVDownload},
                {"KEEPPROXY", super.cluster.Services.Keepproxy},
                {"GIT", super.cluster.Services.GitHTTP},
+               {"HEALTH", super.cluster.Services.Health},
                {"WORKBENCH1", super.cluster.Services.Workbench1},
                {"WS", super.cluster.Services.Websocket},
        } {
-               vars[cmpt.varname+"PORT"], err = internalPort(cmpt.svc)
+               port, err := internalPort(cmpt.svc)
                if err != nil {
                        return fmt.Errorf("%s internal port: %s (%v)", cmpt.varname, err, cmpt.svc)
                }
-               vars[cmpt.varname+"SSLPORT"], err = externalPort(cmpt.svc)
+               if ok, err := addrIsLocal(net.JoinHostPort(super.ListenHost, port)); !ok || err != nil {
+                       return fmt.Errorf("urlIsLocal() failed for host %q port %q: %v", super.ListenHost, port, err)
+               }
+               vars[cmpt.varname+"PORT"] = port
+
+               port, err = externalPort(cmpt.svc)
                if err != nil {
                        return fmt.Errorf("%s external port: %s (%v)", cmpt.varname, err, cmpt.svc)
                }
+               if ok, err := addrIsLocal(net.JoinHostPort(super.ListenHost, port)); !ok || err != nil {
+                       return fmt.Errorf("urlIsLocal() failed for host %q port %q: %v", super.ListenHost, port, err)
+               }
+               vars[cmpt.varname+"SSLPORT"] = port
        }
        tmpl, err := ioutil.ReadFile(filepath.Join(super.SourcePath, "sdk", "python", "tests", "nginx.conf"))
        if err != nil {