Add feature flags for IPv6

quay · Sep 9, 2022 · baf361d · baf361d
1 parent e566560
commit baf361d
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/conf/init/nginx_conf_create.py b/conf/init/nginx_conf_create.py
@@ -74,6 +74,9 @@ def generate_nginx_config(config):
     enable_rate_limits = config.get("FEATURE_RATE_LIMITS", False)
     ssl_protocols = config.get("SSL_PROTOCOLS", SSL_PROTOCOL_DEFAULTS)
     ssl_ciphers = config.get("SSL_CIPHERS", SSL_CIPHER_DEFAULTS)
+    use_ipv4 = config.get("FEATURE_IPV4", True)
+    use_ipv6 = config.get("FEATURE_IPV6", False)
+
 
     write_config(
         os.path.join(QUAYCONF_DIR, "nginx/nginx.conf"),
@@ -82,6 +85,8 @@ def generate_nginx_config(config):
         v1_only_domain=v1_only_domain,
         ssl_protocols=ssl_protocols,
         ssl_ciphers=":".join(ssl_ciphers),
+        use_ipv4=use_ipv4,
+        use_ipv6=use_ipv6
     )
 
 

diff --git a/conf/nginx/nginx.conf.jnj b/conf/nginx/nginx.conf.jnj
@@ -32,8 +32,12 @@ http {
 
         include server-base.conf;
 
+        {% if use_ipv4 %}
         listen 8443 ssl http2 default;
+        {% endif %}
+        {% if use_ipv6 %}
         listen [::]:8443 ssl http2 default;
+        {% endif %}
 
         ssl on;
 
@@ -57,8 +61,12 @@ http {
 
         include server-base.conf;
 
+        {% if use_ipv4 %}
         listen 7443 ssl http2 default proxy_protocol;
+        {% endif %}
+        {% if use_ipv6 %}
         listen [::]:7443 ssl http2 default proxy_protocol;
+        {% endif %}
 
         ssl on;
 
@@ -80,8 +88,12 @@ http {
         ssl_certificate ../stack/ssl.cert;
         ssl_certificate_key ../stack/ssl.key;
 
+        {% if use_ipv4 %}
         listen 55443 ssl http2 default;
+        {% endif %}
+        {% if use_ipv6 %}
         listen [::]:55443 ssl http2 default;
+        {% endif %}
         ssl on;
 
         # Required for gRPC streaming of long running builds
@@ -114,8 +126,12 @@ http {
         ssl_certificate ../stack/ssl.cert;
         ssl_certificate_key ../stack/ssl.key;
 
+        {% if use_ipv4 %}
         listen 8443 ssl;
+        {% endif %}
+        {% if use_ipv6 %}
         listen [::]:8443 ssl;
+        {% endif %}
 
         ssl on;
 
@@ -133,8 +149,12 @@ http {
 
         include server-base.conf;
 
+        {% if use_ipv4 %}
         listen 7443 ssl proxy_protocol;
+        {% endif %}
+        {% if use_ipv6 %}
         listen [::]:7443 ssl proxy_protocol;
+        {% endif %}
         ssl on;
 
         # This header must be set only for HTTPS
@@ -159,8 +179,12 @@ http {
     server {
         include server-base.conf;
 
+        {% if use_ipv4 %}
         listen 8080 default;
+        {% endif %}
+        {% if use_ipv6 %}
         listen [::]:8080 default;
+        {% endif %}
 
         access_log /var/log/nginx/access.log lb_logs;
     }