def set_up_nginx_files(m2ee): lines = "" x_frame_options = os.environ.get("X_FRAME_OPTIONS", "ALLOW") if x_frame_options == "ALLOW": x_frame_options = "" else: x_frame_options = "add_header X-Frame-Options '%s';" % x_frame_options if use_instadeploy(m2ee.config.get_runtime_version()): mxbuild_upstream = "proxy_pass http://mendix_mxbuild" else: mxbuild_upstream = "return 501" with open("nginx/conf/nginx.conf") as fh: lines = "".join(fh.readlines()) lines = ( lines.replace("CONFIG", get_path_config()) .replace("NGINX_PORT", str(get_nginx_port())) .replace("RUNTIME_PORT", str(get_runtime_port())) .replace("ADMIN_PORT", str(get_admin_port())) .replace("DEPLOY_PORT", str(get_deploy_port())) .replace("ROOT", os.getcwd()) .replace("XFRAMEOPTIONS", x_frame_options) .replace("MXBUILD_UPSTREAM", mxbuild_upstream) ) for line in lines.split("\n"): logger.debug(line) with open("nginx/conf/nginx.conf", "w") as fh: fh.write(lines) gen_htpasswd({"MxAdmin": get_m2ee_password()}) gen_htpasswd( {"deploy": os.getenv("DEPLOY_PASSWORD")}, file_name_suffix="-mxbuild" )
def set_up_nginx_files(m2ee): lines = "" if use_instadeploy(m2ee.config.get_runtime_version()): mxbuild_upstream = "proxy_pass http://mendix_mxbuild" else: mxbuild_upstream = "return 501" with open("nginx/conf/nginx.conf") as fh: lines = "".join(fh.readlines()) http_headers = parse_headers() lines = ( lines.replace("CONFIG", get_path_config()) .replace("NGINX_PORT", str(get_nginx_port())) .replace("RUNTIME_PORT", str(get_runtime_port())) .replace("ADMIN_PORT", str(get_admin_port())) .replace("DEPLOY_PORT", str(get_deploy_port())) .replace("ROOT", os.getcwd()) .replace("HTTP_HEADERS", http_headers) .replace("MXBUILD_UPSTREAM", mxbuild_upstream) ) for line in lines.split("\n"): logger.debug(line) with open("nginx/conf/nginx.conf", "w") as fh: fh.write(lines) gen_htpasswd({"MxAdmin": get_m2ee_password()}) gen_htpasswd( {"deploy": os.getenv("DEPLOY_PASSWORD")}, file_name_suffix="-mxbuild" )
def set_up_nginx_files(m2ee): lines = '' x_frame_options = os.environ.get('X_FRAME_OPTIONS', 'ALLOW') if x_frame_options == 'ALLOW': x_frame_options = '' else: x_frame_options = "add_header X-Frame-Options '%s';" % x_frame_options if use_instadeploy(m2ee.config.get_runtime_version()): mxbuild_upstream = 'proxy_pass http://mendix_mxbuild' else: mxbuild_upstream = 'return 501' with open('nginx/conf/nginx.conf') as fh: lines = ''.join(fh.readlines()) lines = lines.replace('CONFIG', get_path_config()).replace( 'NGINX_PORT', str(get_nginx_port())).replace('RUNTIME_PORT', str( get_runtime_port())).replace('ADMIN_PORT', str( get_admin_port())).replace('DEPLOY_PORT', str( get_deploy_port())).replace('ROOT', os.getcwd()).replace( 'XFRAMEOPTIONS', x_frame_options).replace('MXBUILD_UPSTREAM', mxbuild_upstream) for line in lines.split('\n'): logger.debug(line) with open('nginx/conf/nginx.conf', 'w') as fh: fh.write(lines) gen_htpasswd({'MxAdmin': get_m2ee_password()}) gen_htpasswd({'deploy': os.getenv('DEPLOY_PASSWORD')}, file_name_suffix='-mxbuild')
def set_up_nginx_files(m2ee): lines = "" x_frame_options = os.environ.get("X_FRAME_OPTIONS", "ALLOW") if x_frame_options == "ALLOW": x_frame_options = "" else: x_frame_options = "add_header X-Frame-Options '%s'; \n add_header X-XSS-Protection '1; mode=block'; " % x_frame_options strict_transport_security = os.environ.get( "STRICT_TRANSPORT_SECURITY", "0") # A normal value is: 7884000 if strict_transport_security.lower() == "0": strict_transport_security = "" else: strict_transport_security = "add_header Strict-Transport-Security 'max-age = %s;'; " % strict_transport_security if use_instadeploy(m2ee.config.get_runtime_version()): mxbuild_upstream = "proxy_pass http://mendix_mxbuild" else: mxbuild_upstream = "return 501" with open("nginx/conf/nginx.conf") as fh: lines = "".join(fh.readlines()) http_headers = parse_headers() lines = (lines.replace("CONFIG", get_path_config()).replace( "NGINX_PORT", str(get_nginx_port())).replace("RUNTIME_PORT", str( get_runtime_port())).replace("ADMIN_PORT", str( get_admin_port())).replace("DEPLOY_PORT", str( get_deploy_port())).replace("ROOT", os.getcwd()).replace( "XFRAMEOPTIONS", x_frame_options).replace( "STRICT_TRANSPORT_SECURITY", strict_transport_security).replace( "HTTP_HEADERS", http_headers).replace("MXBUILD_UPSTREAM", mxbuild_upstream)) for line in lines.split("\n"): logger.debug(line) with open("nginx/conf/nginx.conf", "w") as fh: fh.write(lines) gen_htpasswd({"MxAdmin": get_m2ee_password()}) gen_htpasswd({"deploy": os.getenv("DEPLOY_PASSWORD")}, file_name_suffix="-mxbuild")