yellow team mailing list archive
-
yellow team
-
Mailing list archive
-
Message #02039
Re: Serve the GUI assets over HTTPS (issue 6940084)
Land with changes.
Hi Nicola. Thanks for the fixes. This still wasn't working, but I got
it to work--I visited an https URL for the ec2 site and it worked fine.
I hope what I did is a help. I'd like all the changes I request to be
made in order for this to land, with the possible exception of the
NO_BZR change if that really annoys you. The NO_BZR change is not
exactly related to the other work you are doing, but we want it so I
slipped it in. Francesco will want it for running "make distfile" in
his branch.
The most important changes are the semicolons in the nginx template, and
the key/cert generation bits that must not require user interaction. If
you don't want to use the approach I found for key/cert generation, here
are instructions on getting creating a key without a user prompt:
http://stackoverflow.com/questions/4294689/how-to-generate-a-key-with-passphrase-from-the-command-line
. You can then use the -subj option as I show it in the pastebin to
make the openssl req command not require user interaction. However, I
can confirm that what I have works.
Please verify somehow that the tests work now, also. I was going to do
that for you, but I'm about ready to go to bed now. :-)
Thanks again,
Gary
https://codereview.appspot.com/6940084/diff/6009/config/nginx.conf.template
File config/nginx.conf.template (right):
https://codereview.appspot.com/6940084/diff/6009/config/nginx.conf.template#newcode1
config/nginx.conf.template:1: server {
As we discussed, please add a redirect from port 80 to port 443, and
then re-expose port 80 in the docs and code (in addition to port 443).
https://codereview.appspot.com/6940084/diff/6009/config/nginx.conf.template#newcode6
config/nginx.conf.template:6: ssl_certificate
/etc/ssl/private/juju-gui/server.pem
You need to terminate this with a semicolon.
https://codereview.appspot.com/6940084/diff/6009/config/nginx.conf.template#newcode7
config/nginx.conf.template:7: ssl_certificate_key
/etc/ssl/private/juju-gui/server.key
This one needs a semicolon too.
https://codereview.appspot.com/6940084/diff/6009/hooks/utils.py
File hooks/utils.py (right):
https://codereview.appspot.com/6940084/diff/6009/hooks/utils.py#newcode25
hooks/utils.py:25: command,
Please also import environ...
https://codereview.appspot.com/6940084/diff/6009/hooks/utils.py#newcode208
hooks/utils.py:208: with cd('juju-gui'):
Please precede or follow this with this line:
with environ(NO_BZR='1'):
This is a speed optimization in our Makefile from Matt that will be nice
to have.
See http://pastebin.ubuntu.com/1449174/ for an example.
https://codereview.appspot.com/6940084/diff/6009/hooks/utils.py#newcode228
hooks/utils.py:228: os.makedirs(ssl_cert_path)
To make debugging easier, I suggest only creating the directory if it
does not exist. See http://pastebin.ubuntu.com/1449174/ for example.
https://codereview.appspot.com/6940084/diff/6009/hooks/utils.py#newcode230
hooks/utils.py:230: cmd_log(run('openssl', 'genrsa', '-des3', '-out',
key_path, '1024'))
This is interactive, and fails.
See http://pastebin.ubuntu.com/1449174/ for an approach that eliminates
this problem and seems simpler.
https://codereview.appspot.com/6940084/diff/6009/hooks/utils.py#newcode233
hooks/utils.py:233: cmd_log(run('openssl', 'req', '-new', '-key',
key_path, '-out',
This is interactive, and fails.
See http://pastebin.ubuntu.com/1449174/ for an approach that eliminates
this problem and seems simpler.
https://codereview.appspot.com/6940084/
--
https://code.launchpad.net/~teknico/charms/precise/juju-gui/serve-via-https/+merge/140511
Your team Juju GUI Hackers is requested to review the proposed merge of lp:~teknico/charms/precise/juju-gui/serve-via-https into lp:~juju-gui/charms/precise/juju-gui/trunk.
References
