Chef 2424/configure nginx and unicorn (#7899)

* remove thin and add unicorn in ocid runhook Signed-off-by: ayush-billore <ayush.billore@progress.com> * nginx configuration for ocid in cs-nginx * automate-load-balancer configuration for ocid Signed-off-by: ayush-billore <ayush.billore@progress.com> * unexpose port 9090 Signed-off-by: ayush-billore <ayush.billore@progress.com> * pick port from toml file Signed-off-by: ayush-billore <ayush.billore@progress.com> * fix nesting in default.toml of ocid Signed-off-by: ayush-billore <ayush.billore@progress.com> * fix health check of automate cs ocid use http instead of https Signed-off-by: ayush-billore <ayush.billore@progress.com> --------- Signed-off-by: ayush-billore <ayush.billore@progress.com>
chef · May 30, 2023 · 488cd93 · 488cd93
1 parent f7cfed7
commit 488cd93
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 5 deletions.
diff --git a/.envrc b/.envrc
@@ -15,7 +15,6 @@ ports_to_export=(
  4222 # NATS external facing port
  10109 # automate-prometheus
  3334 # chef-ui-library
- 9090 # automate-cs-ocid
 )
 for p in "${ports_to_export[@]}"
 do

diff --git a/components/automate-cs-nginx/habitat/config/ocid-external.conf b/components/automate-cs-nginx/habitat/config/ocid-external.conf
@@ -1,11 +1,10 @@
-## TODO: remove this or turn on oc_id
 rewrite ^/id$ /id/ permanent;
 
 location ~ "^/id/.*$" {
  allow 127.0.0.1;
  allow ::1;
  deny all;
- proxy_pass https://automate-cs-ocid;
+ proxy_pass http://automate-cs-ocid;
 
  proxy_ssl_certificate {{pkg.svc_config_path}}/service.crt;
  proxy_ssl_certificate_key {{pkg.svc_config_path}}/service.key;

diff --git a/components/automate-cs-ocid/habitat/hooks/health-check b/components/automate-cs-ocid/habitat/hooks/health-check
@@ -7,7 +7,7 @@ curlOpts="$curlOpts --cacert {{pkg.svc_config_path}}/root_ca.crt"
 curlOpts="$curlOpts --resolve automate-cs-ocid:{{cfg.network.port}}:127.0.0.1"
 curlOpts="$curlOpts --noproxy automate-cs-ocid"
 # shellcheck disable=SC2086
-output=$({{pkgPathFor "core/curl"}}/bin/curl $curlOpts "https://automate-cs-ocid:{{cfg.network.port}}/id/signin")
+output=$({{pkgPathFor "core/curl"}}/bin/curl $curlOpts "http://automate-cs-ocid:{{cfg.network.port}}/id/signin")
 res=$?
 if [ "0" != "$res" ]; then
  echo "health check curl command returned exit code ${res}:"

diff --git a/components/automate-cs-ocid/habitat/hooks/run b/components/automate-cs-ocid/habitat/hooks/run
@@ -27,6 +27,6 @@ export CHEF_SECRETS_DATA=$(cat config/private-chef-secrets.json)
 
 bundle exec bin/rake db:create
 bundle exec bin/rake db:migrate
-bundle exec bin/thin start -p 9090 --ssl --ssl-key-file {{pkg.svc_config_path}}/service.key --ssl-cert-file {{pkg.svc_config_path}}/service.crt
+bundle exec bin/unicorn -p "{{cfg.network.port}}"
 
 secrets-helper generate oc_id.superuser_id 32 --if-not-exists
diff --git a/components/automate-load-balancer/habitat/config/automate-cs-nginx-location.conf b/components/automate-load-balancer/habitat/config/automate-cs-nginx-location.conf
@@ -63,3 +63,19 @@ location ~ ^/(_status|compliance/organizations|organizations|users|authenticate_
  proxy_http_version 1.1;
  proxy_set_header Connection "";
 }
+
+rewrite ^/id$ /id/ permanent;
+location ~ "^/id/.*$" {
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_ssl_verify off;
+ proxy_pass https://cs-nginx;
+ proxy_redirect https://cs-nginx /;
+
+ # Required to make persistent connections happen
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+}