-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathgen_nginx.py
164 lines (138 loc) · 5.89 KB
/
gen_nginx.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
#!/usr/bin/env python
##############################################################################
# CRND Deploy - the simple way to start new production-ready Odoo instance. #
# Copyright (C) 2020 Center of Research and Development #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <https://www.gnu.org/licenses/>. #
##############################################################################
# Variables:
# - instance_name
# - instance_ip
# - instance_port (default: 8069)
# - instance_lp_port (default: 8072)
# - frontend_ip
# - frontend_server_name
NGINX_TEMPLATE = """
upstream crnd_{instance_name} {{
server {instance_ip}:{instance_port} weight=1 fail_timeout=2000s;
}}
upstream crnd_{instance_name}_longpolling {{
server {instance_ip}:{instance_lp_port} weight=1 fail_timeout=300s;
}}
# Force SSL (HTTPS)
#server {{
#listen {frontend_ip}:80;
#server_name {frontend_server_name};
#location / {{
#return 301 https://$host$request_uri;
#}}
#}}
server {{
listen {frontend_ip}:80;
# listen {frontend_ip}:443 ssl;
# server_name {frontend_server_name};
#-----------------------------------------------------------------------
access_log /var/log/nginx/{instance_name}.access.log;
error_log /var/log/nginx/{instance_name}.error.log;
#-----------------------------------------------------------------------
#-----------------------------------------------------------------------
# SSL config
#ssl on;
#ssl_certificate /etc/nginx/ssl/server.crt;
#ssl_certificate_key /etc/nginx/ssl/server.key;
#-----------------------------------------------------------------------
#-----------------------------------------------------------------------
# global params for Odoo backend server section
client_max_body_size 100m;
# Proxy global settings
# increase proxy buffer to handle some OpenERP web requests
proxy_buffers 16 64k;
proxy_buffer_size 128k;
# general proxy settings
# force timeouts if the backend dies
proxy_connect_timeout 900s;
proxy_send_timeout 900s;
proxy_read_timeout 900s;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# set headers
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
# by default, do not forward anything
proxy_redirect off;
proxy_buffering off;
# use gzip for folowing types
gzip_types text/html text/css text/less text/plain text/xml application/xml application/json application/javascript;
#-----------------------------------------------------------------------
location / {{
add_header Content-Security-Policy "upgrade-insecure-requests";
proxy_pass http://crnd_{instance_name};
}}
# Chat and IM related features support
location /longpolling {{
add_header Content-Security-Policy "upgrade-insecure-requests";
proxy_pass http://crnd_{instance_name}_longpolling;
}}
# Restrict access
location ~* ^/(web/database/|jsonrpc|xmlrpc|web/tests) {{
# TODO: Restrict external access here
# allow trusted_network;
# allow trusted_ip;
# deny all;
add_header Content-Security-Policy "upgrade-insecure-requests";
proxy_pass http://crnd_{instance_name};
}}
# cache some static data in memory for 60mins.
# under heavy load this will preserve the OpenERP Web client a little bit.
location /web/static/ {{
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
add_header Content-Security-Policy "upgrade-insecure-requests";
proxy_pass http://crnd_{instance_name};
}}
}}
"""
# - instance_name
# - instance_ip
# - instance_port (default: 8069)
# - instance_lp_port (default: 8072)
# - frontend_ip
# - frontend_server_name
import argparse
parser = argparse.ArgumentParser(
description='Simply generates nginx conf and prints it to STDOUT')
template_group = parser.add_argument_group('Template')
template_group.add_argument(
'--instance-name', required=True,
help='short name of instance to gen config for')
template_group.add_argument(
'--instance-ip', default='localhost',
help='Odoo instance ip')
template_group.add_argument(
'--instance-port', type=int, default=8069, help='Odoo instance port')
template_group.add_argument(
'--instance-lp-port', type=int, default=8072,
help='Odoo instance longpolling port (used for chatter)')
template_group.add_argument(
'--frontend-ip', default='0.0.0.0',
help='IP to bind nginx to')
template_group.add_argument(
'--frontend-server-name', required=True,
help='nginx servername')
args = parser.parse_args()
generated_conf = NGINX_TEMPLATE.format(**vars(args))
print(generated_conf)