Nginx configs

[precurse]

Hi guys. I noticed that in the nginx config files (https://github.com/OpenConext/OpenConext-deploy/blob/master/roles/nginx/templates/engine.j2) , there's one section for ipv4 and another for ipv6 -- but are both identical other than the listen address.

Do you know if there was any technical reason for doing it this way, as opposed to having a single section but with ipv4 and ipv6 listening like so:

listen 0.0.0.0:443
listen [::]:443

Thanks!

[thijskh]

Yes, there was a reason for that. It had to do with the fact that we needed to bind to different IP-addresses (we use some different configurations based on the IP address used) and this was in IPv4 for some reason necessary to specify that address explicitly, while for IPv6 we could get away with binding to 0. I don't remember it more exactly than that, it might have been specific to the kernel version in use, and is in any case not relevant when you use only one IP for your vhosts.

It's probably possible to move the shared content to a separate file which you'd then include in both the configurations. In the engineblock5-centos7 branch we switched away from nginx so I don't think there's much incentive to change this in master now I think.

[precurse]

Thanks for the quick reply. I figured there must have been a reason :)

I'm trying out the engineblock5-centos7 branch using the single system directions (https://github.com/OpenConext/OpenConext-deploy/wiki/Installation-steps-to-deploy-OpenConext-on-a-single-system-other-than-the-Vagrant-VM) as a guide since I see there were a number of changes with the layout (cert directory, environment directory, etc).

From the feel of it, the -template.yml stuff doesn't seem like it's working yet... Is there anything you can point me to to help me get it working? I'm more than willing to put the effort in if that's what it needs too.

Thanks!

[baszoetekouw]

Can't you just merge the ipv4 and ipv6 sections and still explicitly specify the ipv4 address? Something like:

listen       {{ nginx_ipv4_addresses.engine }}:80;
listen       [::]:80;

[baszoetekouw]

Oh, and isn't there a nice way in Ansible to merge all nxginx templates? IIRc they are identical except for the variable names used (nginx_ipv4_addresses.engine vs nginx_ipv4_addresses.grouper, etc).

[precurse]

Thanks, that definitely helps.

We're actually looking at trying out the new version of EngineBlock, since it sounds like it should be the main branch soon. Plus, it will give us a chance to help out and iron out bugs before release.

[quartje]

@precurse: We have done some work to create a working template in the engineblock5-centos7 environment. This has been documented here: https://github.com/OpenConext/OpenConext-deploy/wiki/Installation-steps-to-deploy-OpenConext-on-a-single-system-other-than-the-Vagrant-VM-centOS7. Please let us know if you run into any problems!

[precurse]

Thanks! I'll take a look at it today.