From 26d88125ef155743a8262f19677fd435ba0c53b1 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Wed, 8 Apr 2020 09:48:45 -0700 Subject: [PATCH] Handle SSL proxying and other fixes Enable mod_ssl and enable proxying to ssl-terminated endpoints. In the case where the artifact is not found, return NULL instead of the bogus "Artifact_not_found" url, otherwise we can end up in a loop where we continuously append that to the url. Strip trailing slashes from the returned proxy target. We can't guarantee that folks won't have a '/' at the end of the artifact url they return to Zuul (and in fact, it's probably more correct that they do). But our regex in mod_rewrite guarantees that we will add a slash to it. One sure way to handle this is just to strip it from the data returned from Zuul if present. Add a .dockerignore file with both itself and the Dockerfile added, so that docker won't rebuild extra layers (like the C++ compile layer) if we just change the Dockerfile. Change-Id: I00dfd0b6842abedf938702a816698d1c6526974d --- .dockerignore | 2 ++ Dockerfile | 2 +- vhost.conf | 1 + zuul-preview/main.cc | 7 ++++++- 4 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..6e19512 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,2 @@ +.dockerignore +Dockerfile diff --git a/Dockerfile b/Dockerfile index 6b1b03f..d31de09 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,7 +34,7 @@ RUN apt-get update \ && apt-get install -y dumb-init apache2 $(cat /run.txt) \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /run.txt \ - && a2enmod rewrite proxy proxy_http + && a2enmod rewrite proxy proxy_http ssl COPY ./vhost.conf /etc/apache2/sites-available/000-default.conf COPY --from=builder /usr/local /usr/local diff --git a/vhost.conf b/vhost.conf index d295c6c..1838b1f 100644 --- a/vhost.conf +++ b/vhost.conf @@ -9,4 +9,5 @@ RewriteMap preview "prg://usr/local/bin/zuul-preview" RewriteRule "^/notfound" "-" [F] RewriteRule "^/?(.*)$" "${preview:%{ENV:ZUUL_API_URL} %{HTTP_HOST}|http://localhost/notfound}/$1" [P] + SSLProxyEngine on diff --git a/zuul-preview/main.cc b/zuul-preview/main.cc index 848fb55..fb362d5 100644 --- a/zuul-preview/main.cc +++ b/zuul-preview/main.cc @@ -165,7 +165,7 @@ int main(int, char**) auto body = response.extract_json().get(); auto artifacts = body["artifacts"].as_array(); - string artifact_url = "Artifact_not_found"; + string artifact_url = "NULL"; for (uint i = 0; i < artifacts.size(); i++) { if (artifacts[i].has_field("metadata") && artifacts[i]["metadata"].has_field("type") && @@ -174,6 +174,11 @@ int main(int, char**) } } + // The apache config is guaranteed to add a / to this, so avoid + // double slashes on the end. + if (artifact_url.back() == '/') { + artifact_url.pop_back(); + } cout << artifact_url << endl; cache.put(hostname, artifact_url);