Handle SSL proxying and other fixes

Enable mod_ssl and enable proxying to ssl-terminated endpoints. In the case where the artifact is not found, return NULL instead of the bogus "Artifact_not_found" url, otherwise we can end up in a loop where we continuously append that to the url. Strip trailing slashes from the returned proxy target. We can't guarantee that folks won't have a '/' at the end of the artifact url they return to Zuul (and in fact, it's probably more correct that they do). But our regex in mod_rewrite guarantees that we will add a slash to it. One sure way to handle this is just to strip it from the data returned from Zuul if present. Add a .dockerignore file with both itself and the Dockerfile added, so that docker won't rebuild extra layers (like the C++ compile layer) if we just change the Dockerfile. Change-Id: I00dfd0b6842abedf938702a816698d1c6526974d
2020-04-08 09:48:45 -07:00 · 2020-04-08 09:48:45 -07:00 · 26d88125ef
parent e0d10c611e
commit 26d88125ef
4 changed files with 10 additions and 2 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,2 @@
+.dockerignore
+Dockerfile
--- a/2
+++ b/2
@ -34,7 +34,7 @@ RUN apt-get update \
  && apt-get install -y dumb-init apache2 $(cat /run.txt) \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/* /run.txt \
-  && a2enmod rewrite proxy proxy_http
+  && a2enmod rewrite proxy proxy_http ssl
 COPY ./vhost.conf /etc/apache2/sites-available/000-default.conf
 COPY --from=builder /usr/local /usr/local

--- a/vhost.conf
+++ b/vhost.conf
@ -9,4 +9,5 @@
        RewriteMap preview "prg://usr/local/bin/zuul-preview"
        RewriteRule "^/notfound" "-" [F]
        RewriteRule "^/?(.*)$" "${preview:%{ENV:ZUUL_API_URL} %{HTTP_HOST}|http://localhost/notfound}/$1" [P]
+        SSLProxyEngine on
 </VirtualHost>
--- a/zuul-preview/main.cc
+++ b/zuul-preview/main.cc
@ -165,7 +165,7 @@ int main(int, char**)
      auto body = response.extract_json().get();
      auto artifacts = body["artifacts"].as_array();

-      string artifact_url = "Artifact_not_found";
+      string artifact_url = "NULL";
      for (uint i = 0; i < artifacts.size(); i++) {
        if (artifacts[i].has_field("metadata") &&
            artifacts[i]["metadata"].has_field("type") &&
@ -174,6 +174,11 @@ int main(int, char**)
        }
      }

+      // The apache config is guaranteed to add a / to this, so avoid
+      // double slashes on the end.
+      if (artifact_url.back() == '/') {
+        artifact_url.pop_back();
+      }
      cout << artifact_url << endl;

      cache.put(hostname, artifact_url);