From 1571f5c66c8768d55e261df855831f4a3096f805 Mon Sep 17 00:00:00 2001
From: Christian Boltz <cboltz@opensuse.org>
Date: Jun 05 2022 20:20:58 +0000
Subject: Merge branch 'cboltz-nginx-tests' into 'production'


Fix nginx config for several services that breaks CI with latest salt

See merge request infra/salt!556
---

diff --git a/bin/test_nginx.sh b/bin/test_nginx.sh
index 1351d84..5a9cdba 100755
--- a/bin/test_nginx.sh
+++ b/bin/test_nginx.sh
@@ -6,6 +6,8 @@
 
 source bin/get_colors.sh
 
+rpm -q nginx salt salt-master
+
 reset_nginx() {
     rm -rf /etc/nginx
     cp -a /etc/nginx_orig /etc/nginx
@@ -45,6 +47,25 @@ create_fake_certs() {
     done
 }
 
+touch_includes() {
+    case "$1" in
+        mailman3)
+            touch /etc/nginx/mails.rewritemap
+            touch /etc/nginx/lists.rewritemap
+            touch /etc/nginx/feeds.rewritemap
+            touch /etc/nginx/mboxs.rewritemap
+            touch /etc/nginx/miscs.rewritemap
+            ;;
+        pagure)
+            touch /etc/nginx/acme-challenge
+            mkdir -p /etc/ssl/services/letsencrypt
+            cat test/fixtures/domain.{crt,key} > /etc/ssl/services/letsencrypt/code.opensuse.org.with.chain_rsa.pem
+            cat test/fixtures/domain.{crt,key} > /etc/ssl/services/letsencrypt/code.opensuse.org.with.chain_ecdsa.pem
+            sed '/ ssl_dhparam / d' -i /etc/nginx/ssl-config
+            ;;
+    esac;
+}
+
 cp -a /etc/nginx /etc/nginx_orig
 
 WEB_ROLES=( $(bin/get_roles.py) )
@@ -56,10 +77,13 @@ for role in ${WEB_ROLES[@]}; do
         reset_ip
         salt-call --local -l quiet state.apply role.$role > /dev/null
         create_fake_certs
+        touch_includes $role
         if $(nginx -tq); then
             echo_PASSED
         else
             echo_FAILED
+            head -n1000 /etc/nginx/vhosts.d/*
+            echo "### end of /etc/nginx/vhosts.d/* for role $role"
             STATUS=1
         fi
         echo
@@ -67,3 +91,5 @@ for role in ${WEB_ROLES[@]}; do
 done
 
 exit $STATUS
+
+vim:expandtab
diff --git a/pillar/role/mailman3.sls b/pillar/role/mailman3.sls
index a71828f..db992f3 100644
--- a/pillar/role/mailman3.sls
+++ b/pillar/role/mailman3.sls
@@ -31,30 +31,30 @@ nginx:
         lists.opensuse.org.conf:
           config:
             - map $request_uri $mails_rewritemap:
-                - include /etc/nginx/mails.rewritemap
+                - include: /etc/nginx/mails.rewritemap
             - map $request_uri $lists_rewritemap:
-                - include /etc/nginx/lists.rewritemap
+                - include: /etc/nginx/lists.rewritemap
             - map $request_uri $feeds_rewritemap:
-                - include /etc/nginx/feeds.rewritemap
+                - include: /etc/nginx/feeds.rewritemap
             - map $request_uri $mboxs_rewritemap:
-                - include /etc/nginx/mboxs.rewritemap
+                - include: /etc/nginx/mboxs.rewritemap
             - map $request_uri $miscs_rewritemap:
-                - include /etc/nginx/miscs.rewritemap
+                - include: /etc/nginx/miscs.rewritemap
             - server:
                 - server_name: lists.opensuse.org lists.uyuni-project.org
                 - listen:
                     - 80
                     - default_server
-                - if ($mails_rewrite:map):
-                    - rewrite: ^(.*)$ $mails_rewrite:map permanent
-                - if ($lists_rewrite:map):
-                    - rewrite: ^(.*)$ $lists_rewrite:map permanent
-                - if ($feeds_rewrite:map):
-                    - rewrite: ^(.*)$ $feeds_rewrite:map permanent
-                - if ($mboxs_rewrite:map):
-                    - rewrite: ^(.*)$ $mboxs_rewrite:map permanent
-                - if ($miscs_rewrite:map):
-                    - rewrite: ^(.*)$ $miscs_rewrite:map permanent
+                - if ($mails_rewritemap):
+                    - rewrite: ^(.*)$ $mails_rewritemap permanent
+                - if ($lists_rewritemap):
+                    - rewrite: ^(.*)$ $lists_rewritemap permanent
+                - if ($feeds_rewritemap):
+                    - rewrite: ^(.*)$ $feeds_rewritemap permanent
+                - if ($mboxs_rewritemap):
+                    - rewrite: ^(.*)$ $mboxs_rewritemap permanent
+                - if ($miscs_rewritemap):
+                    - rewrite: ^(.*)$ $miscs_rewritemap permanent
                 - location /static/django-mailman3/img/login/opensuse.png:
                     - return: 301 https://static.opensuse.org/favicon-24.png
                 - location /static/:
diff --git a/pillar/role/web_jekyll.sls b/pillar/role/web_jekyll.sls
index b2bffed..058bfd5 100644
--- a/pillar/role/web_jekyll.sls
+++ b/pillar/role/web_jekyll.sls
@@ -37,9 +37,9 @@ nginx:
                     - application/javascript
                 - expires: $expires
                 - location ~ /\.svn:
-                    - return 404
+                    - return: 404
                 - location ~ /\.git:
-                    - return 404
+                    - return: 404
                 - location /:
                     - index:
                         - index.html
diff --git a/pillar/role/web_static.sls b/pillar/role/web_static.sls
index 293dd72..b8bcc52 100644
--- a/pillar/role/web_static.sls
+++ b/pillar/role/web_static.sls
@@ -37,9 +37,9 @@ nginx:
                     - application/javascript
                 - expires: $expires
                 - location ~ /\.svn:
-                    - return 404
+                    - return: 404
                 - location ~ /\.git:
-                    - return 404
+                    - return: 404
                 - location /:
                     - index:
                         - index.html