self/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'fix' (#79) from master into dev

Browse Source 
Reviewed-on: #79
This commit is contained in:
emmatveev 2025-06-10 00:41:52 +03:00
commit 7e4b38e9da
1 changed files with 47 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
nginx/nginx-dev/prepare.py
View File

@ -3,50 +3,57 @@ import os
from minio import Minio
minio_client = Minio(
"minio.develop.sprinthub.ru:9000",
access_key="serviceminioadmin",
secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
secure=False
)
def main():
minio_client = Minio(
"minio.develop.sprinthub.ru:9000",
access_key="serviceminioadmin",
secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
secure=False
)
hosts = get('http://configurator/api/v1/fetch?project=certupdater&stage=development').json()['configs']['hosts']
hosts = {**hosts, 'platform.develop.sprinthub.ru': {'host': 'platform-nginx', 'port': 1238}}
hosts = get('http://configurator/api/v1/fetch?project=certupdater&stage=development').json()['configs']['hosts']
hosts = {**hosts, 'platform.develop.sprinthub.ru': {'host': 'platform-nginx', 'port': 1238}}
config = ''
for host, params in hosts.items():
config += '''
server {{
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {host};
config = ''
for host, params in hosts.items():
config += '''
server {{
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {host};
ssl_certificate /etc/nginx/{host}/fullchain.pem;
ssl_certificate_key /etc/nginx/{host}/privkey.pem;
ssl_certificate /etc/nginx/{host}/fullchain.pem;
ssl_certificate_key /etc/nginx/{host}/privkey.pem;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-refferer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-refferer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
location / {{
resolver 127.0.0.11;
proxy_pass http://{target_host}:{port}$request_uri;
}}
}}\n\n
'''.format(host=host, target_host=params['host'], port=params['port'])
fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem')
privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem')
try:
os.mkdir(f'/etc/nginx/{host}')
except FileExistsError:
...
with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp:
fp.write(fullchain.data)
with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp:
fp.write(privkey.data)
location / {{
resolver 127.0.0.11;
proxy_pass http://{target_host}:{port}$request_uri;
}}
}}\n\n
'''.format(host=host, target_host=params['host'], port=params['port'])
fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem')
privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem')
try:
os.mkdir(f'/etc/nginx/{host}')
except FileExistsError:
...
with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp:
fp.write(fullchain.data)
with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp:
fp.write(privkey.data)
with open('/etc/nginx/hosts.conf', 'w') as fp:
fp.write(config)
with open('/etc/nginx/hosts.conf', 'w') as fp:
fp.write(config)
try:
main()
except Exception as e:
print(e)