From 0f891c7584d62c8142df411ebbe3333627658189 Mon Sep 17 00:00:00 2001
From: Sylwester Brzeczkowski <sbrzeczkowski@mirantis.com>
Date: Wed, 24 Jun 2015 16:11:51 +0200
Subject: [PATCH] Change /dump url to internal in nginx conf

/dump is used for snapshot downloading - since we want to allow
only authenticated users, we change the url to /api/dump/
(which is handled by nailgun and authentication occurs).
Then user is redirected to /dump (using XSendfile).
To prevent potential intruder from downloading sensitive data
/dump should be changed to 'internal'.

Change-Id: I1ee2758e3f21803c82c3587e706f46877fcfbe9b
Implements: blueprint snapshot-download-with-auth
Depends-On: Id46b533e8d2a8021d1fbb2e5d4284508e1181704
---
 deployment/puppet/nailgun/templates/nginx_nailgun.conf.erb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/deployment/puppet/nailgun/templates/nginx_nailgun.conf.erb b/deployment/puppet/nailgun/templates/nginx_nailgun.conf.erb
index 5f0dbb70d9..a7cefdcff2 100644
--- a/deployment/puppet/nailgun/templates/nginx_nailgun.conf.erb
+++ b/deployment/puppet/nailgun/templates/nginx_nailgun.conf.erb
@@ -24,6 +24,7 @@ server {
     }
 
     location /dump {
+        internal;
         alias <%= @logdumpdir %>;
     }
 
@@ -43,7 +44,7 @@ server {
 
     location /api {
         include uwsgi_params;
-        uwsgi_pass <%= @nailgun_host %>:8001; 
+        uwsgi_pass <%= @nailgun_host %>:8001;
         client_max_body_size 100m;
     }
 }