feat(router): add optional TLS support

Matthew Fisher · Matthew Fisher · commit fd54071f89f0 · 2014-10-26T23:54:16.000-07:00
diff --git a/deisctl/units/deis-router.service b/deisctl/units/deis-router.service
@@ -6,7 +6,7 @@ EnvironmentFile=/etc/environment
 TimeoutStartSec=20m
 ExecStartPre=/bin/sh -c "IMAGE=`/run/deis/bin/get_image /deis/router` && docker history $IMAGE >/dev/null || docker pull $IMAGE"
 ExecStartPre=/bin/sh -c "docker inspect deis-router >/dev/null && docker rm -f deis-router || true"
-ExecStart=/bin/sh -c "IMAGE=`/run/deis/bin/get_image /deis/router` && docker run --name deis-router --rm -p 80:80 -p 2222:2222 -e EXTERNAL_PORT=80 -e HOST=$COREOS_PRIVATE_IPV4 $IMAGE"
+ExecStart=/bin/sh -c "IMAGE=`/run/deis/bin/get_image /deis/router` && docker run --name deis-router --rm -p 80:80 -p 2222:2222 -p 443:443 -e EXTERNAL_PORT=80 -e HOST=$COREOS_PRIVATE_IPV4 $IMAGE"
 ExecStopPost=-/usr/bin/docker rm -f deis-router
 Restart=on-failure
 RestartSec=5
diff --git a/router/conf.d/deis.cert.toml b/router/conf.d/deis.cert.toml
@@ -0,0 +1,9 @@
+[template]
+src   = "deis.cert"
+dest  = "/etc/ssl/deis.cert"
+uid = 0
+gid = 0
+mode  = "0644"
+keys = [
+  "/deis/router",
+]
diff --git a/router/conf.d/deis.conf.toml b/router/conf.d/deis.conf.toml
@@ -0,0 +1,9 @@
+[template]
+src   = "deis.conf"
+dest  = "/opt/nginx/conf/deis.conf"
+uid = 0
+gid = 0
+mode  = "0644"
+keys = [
+  "/deis/router",
+]
diff --git a/router/conf.d/deis.key.toml b/router/conf.d/deis.key.toml
@@ -0,0 +1,9 @@
+[template]
+src   = "deis.key"
+dest  = "/etc/ssl/deis.key"
+uid = 0
+gid = 0
+mode  = "0644"
+keys = [
+  "/deis/router",
+]
diff --git a/router/templates/deis.cert b/router/templates/deis.cert
@@ -0,0 +1 @@
+{{ .deis_router_sslCert }}
diff --git a/router/templates/deis.conf b/router/templates/deis.conf
@@ -0,0 +1,9 @@
+server_name_in_redirect off;
+port_in_redirect off;
+
+{{ if .deis_router_sslCert }}
+listen 443;
+ssl on;
+ssl_certificate /etc/ssl/deis.cert;
+ssl_certificate_key /etc/ssl/deis.key;
+{{ end }}
diff --git a/router/templates/deis.key b/router/templates/deis.key
@@ -0,0 +1 @@
+{{ .deis_router_sslKey }}
diff --git a/router/templates/nginx.conf b/router/templates/nginx.conf
@@ -50,8 +50,7 @@ http {
 
     server {
         server_name ~^deis\.(?<domain>.+)$;
-        server_name_in_redirect off;
-        port_in_redirect off;
+        include deis.conf;
 
         location / {
             proxy_buffering             off;
@@ -75,8 +74,7 @@ http {
 
     server {
         server_name ~^deis-store\.(?<domain>.+)$;
-        server_name_in_redirect off;
-        port_in_redirect off;
+        include deis.conf;
 
         location / {
             proxy_buffering             off;
@@ -101,9 +99,7 @@ http {
 
     server {
         server_name ~^{{ Base $service.Key }}\.(?<domain>.+)${{ range $app_domains := $domains }}{{ if eq (Base $service.Key) (Base $app_domains.Key) }} {{ $app_domains.Value }}{{ end }}{{ end }};
-
-        server_name_in_redirect off;
-        port_in_redirect off;
+        include deis.conf;
 
         location / {
             proxy_buffering             off;
