Misc updates for SSL NGINX configuration
Updates based on SSL testing for NGINX secure server configuration. Enable xenial-pike testing as gnocchi 4.0.3 is now in pike/edge. Change-Id: Ifc371a07e5d6a09210db5ccc18e895d4c014512f
This commit is contained in:
parent
ecaea903e7
commit
eac3e026e7
|
@ -13,15 +13,13 @@ server {
|
|||
{% if options.endpoints -%}
|
||||
{% for address, endpoint, ext, int in options.endpoints -%}
|
||||
server {
|
||||
listen {{ ext }} {% if options.ssl -%}ssl{% endif -%};
|
||||
listen {{ address }}:{{ ext }} ssl;
|
||||
|
||||
{% if options.ssl -%}
|
||||
ssl on;
|
||||
ssl_certificate /var/snap/gnocchi/common/etc/nginx/ssl/cert_{{ address }};
|
||||
ssl_certificate_key /var/snap/gnocchi/common/etc/nginx/ssl/key_{{ address }};
|
||||
ssl_certificate /var/snap/gnocchi/common/etc/nginx/ssl/cert_{{ endpoint }};
|
||||
ssl_certificate_key /var/snap/gnocchi/common/etc/nginx/ssl/key_{{ endpoint }};
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM;
|
||||
{% endif -%}
|
||||
|
||||
server_name {{ endpoint }};
|
||||
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
#!/usr/bin/env python
|
||||
#
|
||||
# Copyright 2016 Canonical Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
"""Amulet tests on a basic Gnocchi Charm deployment on xenial-pike."""
|
||||
|
||||
from basic_deployment import GnocchiCharmSnapDeployment
|
||||
|
||||
if __name__ == '__main__':
|
||||
deployment = GnocchiCharmSnapDeployment(series='xenial',
|
||||
openstack='cloud:xenial-pike',
|
||||
snap_source='snap:pike/edge')
|
||||
deployment.run_tests()
|
Loading…
Reference in New Issue