Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos-mynij-dev
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Mynij
slapos-mynij-dev
Commits
fa8a4f73
Commit
fa8a4f73
authored
Nov 23, 2018
by
Łukasz Nowak
Committed by
Łukasz Nowak
Mar 13, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
caddy-frontend: Implement non-zero knowledge backward compatible behaviour
parent
28a1283d
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
209 additions
and
21 deletions
+209
-21
software/caddy-frontend/buildout.hash.cfg
software/caddy-frontend/buildout.hash.cfg
+9
-9
software/caddy-frontend/instance-apache-frontend.cfg.in
software/caddy-frontend/instance-apache-frontend.cfg.in
+41
-6
software/caddy-frontend/instance-apache-replicate.cfg.in
software/caddy-frontend/instance-apache-replicate.cfg.in
+42
-0
software/caddy-frontend/instance.cfg.in
software/caddy-frontend/instance.cfg.in
+2
-0
software/caddy-frontend/templates/Caddyfile.in
software/caddy-frontend/templates/Caddyfile.in
+12
-2
software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
.../caddy-frontend/templates/apache-custom-slave-list.cfg.in
+55
-0
software/caddy-frontend/templates/default-virtualhost.conf.in
...ware/caddy-frontend/templates/default-virtualhost.conf.in
+14
-1
software/caddy-frontend/templates/nginx-notebook-slave.conf.in
...are/caddy-frontend/templates/nginx-notebook-slave.conf.in
+14
-1
software/caddy-frontend/templates/nginx.cfg.in
software/caddy-frontend/templates/nginx.cfg.in
+13
-2
software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in
...tend/templates/replicate-publish-slave-information.cfg.in
+7
-0
No files found.
software/caddy-frontend/buildout.hash.cfg
View file @
fa8a4f73
...
@@ -14,7 +14,7 @@
...
@@ -14,7 +14,7 @@
# not need these here).
# not need these here).
[template]
[template]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
ffaf426c68b2f7a35558bf187b5981b7
md5sum =
9906c7722c4fe7534cb5a397c9692553
[template-common]
[template-common]
filename = instance-common.cfg.in
filename = instance-common.cfg.in
...
@@ -22,15 +22,15 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
...
@@ -22,15 +22,15 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend]
[template-apache-frontend]
filename = instance-apache-frontend.cfg.in
filename = instance-apache-frontend.cfg.in
md5sum =
b3275d8203b36506ea0f2f9c12f86399
md5sum =
87558ff8adfebac0e53ebc797b5cdffa
[template-apache-replicate]
[template-apache-replicate]
filename = instance-apache-replicate.cfg.in
filename = instance-apache-replicate.cfg.in
md5sum =
ab77522560589fc315ddb6c8d28c401
5
md5sum =
3344628355c45a7c38bf6c74878f80a
5
[template-slave-list]
[template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
filename = templates/apache-custom-slave-list.cfg.in
md5sum =
ed9743c1a5c1564c7083113ab54b78e3
md5sum =
8bed2dcba7904a765c29cf8349b7d5cc
[template-slave-configuration]
[template-slave-configuration]
filename = templates/custom-virtualhost.conf.in
filename = templates/custom-virtualhost.conf.in
...
@@ -38,11 +38,11 @@ md5sum = 54ae95597a126ae552c3a913ddf29e5e
...
@@ -38,11 +38,11 @@ md5sum = 54ae95597a126ae552c3a913ddf29e5e
[template-replicate-publish-slave-information]
[template-replicate-publish-slave-information]
filename = templates/replicate-publish-slave-information.cfg.in
filename = templates/replicate-publish-slave-information.cfg.in
md5sum =
125181ce0065b2acddb0e3ee38f81864
md5sum =
38e9994be01ea1b8a379f8ff7aa05438
[template-caddy-frontend-configuration]
[template-caddy-frontend-configuration]
filename = templates/Caddyfile.in
filename = templates/Caddyfile.in
md5sum =
1814950fe926b4a5f730d81d52cc827f
md5sum =
d1f22ffd1567f86091e857e53afc0959
[caddy-backend-url-validator]
[caddy-backend-url-validator]
filename = templates/caddy-backend-url-validator.in
filename = templates/caddy-backend-url-validator.in
...
@@ -58,7 +58,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
...
@@ -58,7 +58,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost]
[template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in
filename = templates/default-virtualhost.conf.in
md5sum =
ce86264b0c4cc1d447edf40db34e01c4
md5sum =
add17b5d1848bee6569c028bc1aea74c
[template-cached-slave-virtualhost]
[template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in
filename = templates/cached-virtualhost.conf.in
...
@@ -86,7 +86,7 @@ md5sum = 117238225b3fc3c5b5be381815f44c67
...
@@ -86,7 +86,7 @@ md5sum = 117238225b3fc3c5b5be381815f44c67
[template-nginx-configuration]
[template-nginx-configuration]
filename = templates/nginx.cfg.in
filename = templates/nginx.cfg.in
md5sum =
e5b65b424d01fa539c92f4ba10e847eb
md5sum =
d3a5ffd1020f7c7747ba5d360ecf9e72
[template-nginx-eventsource-slave-virtualhost]
[template-nginx-eventsource-slave-virtualhost]
filename = templates/nginx-eventsource-slave.conf.in
filename = templates/nginx-eventsource-slave.conf.in
...
@@ -94,7 +94,7 @@ md5sum = 217a6c801b8330b0b825f7b8b4c77184
...
@@ -94,7 +94,7 @@ md5sum = 217a6c801b8330b0b825f7b8b4c77184
[template-nginx-notebook-slave-virtualhost]
[template-nginx-notebook-slave-virtualhost]
filename = templates/nginx-notebook-slave.conf.in
filename = templates/nginx-notebook-slave.conf.in
md5sum =
3fd1fefaec2d630eee54f75e7a873c27
md5sum =
82834235d2256bec4b4d62e5ba0d302e
[template-apache-lazy-script-call]
[template-apache-lazy-script-call]
filename = templates/apache-lazy-script-call.sh.in
filename = templates/apache-lazy-script-call.sh.in
...
...
software/caddy-frontend/instance-apache-frontend.cfg.in
View file @
fa8a4f73
...
@@ -83,6 +83,9 @@ cron-entries = ${:etc}/cron.d
...
@@ -83,6 +83,9 @@ cron-entries = ${:etc}/cron.d
crontabs = ${:etc}/crontabs
crontabs = ${:etc}/crontabs
cronstamps = ${:etc}/cronstamps
cronstamps = ${:etc}/cronstamps
ca-dir = ${:srv}/ssl
ca-dir = ${:srv}/ssl
# BBB: SlapOS Master non-zero knowledge BEGIN
bbb-ssl-dir = ${:srv}/bbb-ssl
# BBB: SlapOS Master non-zero knowledge END
varnginx = ${:var}/nginx
varnginx = ${:var}/nginx
...
@@ -135,6 +138,7 @@ command =
...
@@ -135,6 +138,7 @@ command =
[jinja2-template-base]
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/${:filename}
rendered = ${buildout:directory}/${:filename}
extensions = jinja2.ext.do
extra-context =
extra-context =
slapparameter_dict = {{ dumps(instance_parameter['configuration']) }}
slapparameter_dict = {{ dumps(instance_parameter['configuration']) }}
slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }}
slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }}
...
@@ -202,7 +206,6 @@ stop-on-error = True
...
@@ -202,7 +206,6 @@ stop-on-error = True
< = jinja2-template-base
< = jinja2-template-base
template = {{ parameter_dict['template_slave_list'] }}
template = {{ parameter_dict['template_slave_list'] }}
filename = custom-personal-instance-slave-list.cfg
filename = custom-personal-instance-slave-list.cfg
extensions = jinja2.ext.do
slave_instance_list = {{ dumps(instance_parameter['slave-instance-list']) }}
slave_instance_list = {{ dumps(instance_parameter['slave-instance-list']) }}
extra_slave_instance_list = {{ dumps(instance_parameter.get('configuration.extra_slave_instance_list')) }}
extra_slave_instance_list = {{ dumps(instance_parameter.get('configuration.extra_slave_instance_list')) }}
master_key_download_url = {{ dumps(slapparameter_dict['master-key-download-url']) }}
master_key_download_url = {{ dumps(slapparameter_dict['master-key-download-url']) }}
...
@@ -280,12 +283,16 @@ extra-context =
...
@@ -280,12 +283,16 @@ extra-context =
key service_directory directory:service
key service_directory directory:service
key run_directory directory:etc-run
key run_directory directory:etc-run
key not_found_file caddy-configuration:not-found-file
key not_found_file caddy-configuration:not-found-file
# BBB: SlapOS Master non-zero knowledge BEGIN
key custom_ssl_directory caddy-directory:custom-ssl-directory
key apache_certificate apache-certificate:rendered
key apache_key apache-key:rendered
# BBB: SlapOS Master non-zero knowledge END
[dynamic-virtualhost-template-slave]
[dynamic-virtualhost-template-slave]
<= jinja2-template-base
<= jinja2-template-base
template = {{ parameter_dict['template_slave_configuration'] }}
template = {{ parameter_dict['template_slave_configuration'] }}
rendered = ${directory:template}/slave-virtualhost.conf.in
rendered = ${directory:template}/slave-virtualhost.conf.in
extensions = jinja2.ext.do
# BBB: apache_custom_https and apache_custom_http
# BBB: apache_custom_https and apache_custom_http
extra-context =
extra-context =
key https_port configuration:port
key https_port configuration:port
...
@@ -320,6 +327,10 @@ extra-context =
...
@@ -320,6 +327,10 @@ extra-context =
key not_found_file caddy-configuration:not-found-file
key not_found_file caddy-configuration:not-found-file
key username monitor-instance-parameter:username
key username monitor-instance-parameter:username
key password monitor-htpasswd:passwd
key password monitor-htpasswd:passwd
# BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:rendered
key apache_key apache-key:rendered
# BBB: SlapOS Master non-zero knowledge END
[caddy-wrapper]
[caddy-wrapper]
recipe = slapos.cookbook:wrapper
recipe = slapos.cookbook:wrapper
...
@@ -364,6 +375,9 @@ slave-log = ${directory:log}/httpd
...
@@ -364,6 +375,9 @@ slave-log = ${directory:log}/httpd
nginx-slave-configuration = ${directory:etc}/nginx-slave-conf.d/
nginx-slave-configuration = ${directory:etc}/nginx-slave-conf.d/
autocert = ${directory:srv}/autocert
autocert = ${directory:srv}/autocert
master-autocert-dir = ${:autocert}/master-autocert
master-autocert-dir = ${:autocert}/master-autocert
# BBB: SlapOS Master non-zero knowledge BEGIN
custom-ssl-directory = ${:slave-configuration}/ssl
# BBB: SlapOS Master non-zero knowledge END
[caddy-configuration]
[caddy-configuration]
frontend-configuration = ${directory:etc}/Caddyfile
frontend-configuration = ${directory:etc}/Caddyfile
...
@@ -384,6 +398,24 @@ recipe = slapos.cookbook:wrapper
...
@@ -384,6 +398,24 @@ recipe = slapos.cookbook:wrapper
command-line = ${frontend-caddy-validate:rendered}
command-line = ${frontend-caddy-validate:rendered}
wrapper-path = ${directory:bin}/caddy-configtest
wrapper-path = ${directory:bin}/caddy-configtest
# BBB: SlapOS Master non-zero knowledge BEGIN
[apache-key]
< = jinja2-template-base
template = {{ parameter_dict['template_empty'] }}
rendered = ${directory:bbb-ssl-dir}/frontend.key
content = ${configuration:apache-key}
extra-context =
key content :content
[apache-certificate]
< = jinja2-template-base
template = {{ parameter_dict['template_empty'] }}
rendered = ${directory:bbb-ssl-dir}/frontend.crt
content = ${configuration:apache-certificate}
extra-context =
key content :content
# BBB: SlapOS Master non-zero knowledge END
[cron]
[cron]
recipe = slapos.cookbook:cron
recipe = slapos.cookbook:cron
dcrond-binary = {{ parameter_dict['dcron'] }}/sbin/crond
dcrond-binary = {{ parameter_dict['dcron'] }}/sbin/crond
...
@@ -561,8 +593,8 @@ config-wrapper-path = ${trafficserver-line:wrapper-path}
...
@@ -561,8 +593,8 @@ config-wrapper-path = ${trafficserver-line:wrapper-path}
template = {{ parameter_dict['template_graceful_script'] }}
template = {{ parameter_dict['template_graceful_script'] }}
rendered = ${directory:etc-run}/frontend-caddy-safe-graceful
rendered = ${directory:etc-run}/frontend-caddy-safe-graceful
mode = 0700
mode = 0700
# XXX: Fix path_list for direct ssl ${caddy-directory:vh-ssl}/*.proxy_ca_crt
path_list = ${caddy-configuration:frontend-configuration} ${frontend-configuration:log-access-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:slave-with-cache-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*/*.pem
path_list = ${caddy-configuration:frontend-configuration} ${frontend-configuration:log-access-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:slave-with-cache-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*/*.pem
${caddy-directory:custom-ssl-directory}/*.key ${caddy-directory:custom-ssl-directory}/*.crt ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.key ${directory:bbb-ssl-dir}/*.crt
sha256sum = {{ parameter_dict['sha256sum'] }}
sha256sum = {{ parameter_dict['sha256sum'] }}
signature_file = ${directory:run}/caddy_graceful_signature
signature_file = ${directory:run}/caddy_graceful_signature
extra-context =
extra-context =
...
@@ -576,8 +608,7 @@ extra-context =
...
@@ -576,8 +608,7 @@ extra-context =
template = {{ parameter_dict['template_graceful_script'] }}
template = {{ parameter_dict['template_graceful_script'] }}
rendered = ${directory:etc-run}/frontend-nginx-safe-graceful
rendered = ${directory:etc-run}/frontend-nginx-safe-graceful
mode = 0700
mode = 0700
# XXX: Fix path_list for direct ssl ${caddy-directory:vh-ssl}/*.proxy_ca_crt
path_list = ${dynamic-nginx-frontend-template:rendered} ${caddy-directory:nginx-slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*/*.pem ${caddy-directory:custom-ssl-directory}/*.key ${caddy-directory:custom-ssl-directory}/*.crt ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.key ${directory:bbb-ssl-dir}/*.crt
path_list = ${dynamic-nginx-frontend-template:rendered} ${caddy-directory:nginx-slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*/*.pem
sha256sum = {{ parameter_dict['sha256sum'] }}
sha256sum = {{ parameter_dict['sha256sum'] }}
signature_file = ${directory:run}/nginx_graceful_signature
signature_file = ${directory:run}/nginx_graceful_signature
extra-context =
extra-context =
...
@@ -778,6 +809,10 @@ extra-context =
...
@@ -778,6 +809,10 @@ extra-context =
key access_log nginx-configuration:access_log
key access_log nginx-configuration:access_log
key not_found_file caddy-configuration:not-found-file
key not_found_file caddy-configuration:not-found-file
key master_certificate caddy-configuration:master-certificate
key master_certificate caddy-configuration:master-certificate
# BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:rendered
key apache_key apache-key:rendered
# BBB: SlapOS Master non-zero knowledge END
[nginx-configuration]
[nginx-configuration]
access_log = ${directory:log}/nginx-access.log
access_log = ${directory:log}/nginx-access.log
...
...
software/caddy-frontend/instance-apache-replicate.cfg.in
View file @
fa8a4f73
...
@@ -72,10 +72,12 @@ context =
...
@@ -72,10 +72,12 @@ context =
{% set authorized_slave_string_list = slapparameter_dict.pop('-frontend-authorized-slave-string', '').split() %}
{% set authorized_slave_string_list = slapparameter_dict.pop('-frontend-authorized-slave-string', '').split() %}
{% set authorized_slave_list = [] %}
{% set authorized_slave_list = [] %}
{% set rejected_slave_dict = {} %}
{% set rejected_slave_dict = {} %}
{% set warning_slave_dict = {} %}
{% set used_host_list = [] %}
{% set used_host_list = [] %}
{% set unauthorized_message = 'slave not authorized' %}
{% set unauthorized_message = 'slave not authorized' %}
{% for slave in slave_instance_list %}
{% for slave in slave_instance_list %}
{% set slave_error_list = [] %}
{% set slave_error_list = [] %}
{% set slave_warning_list = [] %}
{% set slave_server_alias_unclashed = [] %}
{% set slave_server_alias_unclashed = [] %}
{# BBB: apache_custom_https AND apache_custom_http #}
{# BBB: apache_custom_https AND apache_custom_http #}
{% set custom_domain = slave.get('custom_domain') %}
{% set custom_domain = slave.get('custom_domain') %}
...
@@ -127,6 +129,25 @@ context =
...
@@ -127,6 +129,25 @@ context =
{% do slave_error_list.append('slave https-url %r invalid' % (slave['https-url'],)) %}
{% do slave_error_list.append('slave https-url %r invalid' % (slave['https-url'],)) %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{# BBB: SlapOS Master non-zero knowledge BEGIN #}
{% for key in ['ssl_key', 'ssl_crt', 'ssl_ca_crt'] %}
{% if key in slave %}
{% do slave_warning_list.append('%s is obsolete, please use key-upload-url' % (key,)) %}
{% endif %}
{% endfor %}
{% if slave.get('ssl_ca_crt') and not (slave.get('ssl_crt') and slave.get('ssl_key')) %}
{% do slave_error_list.append('ssl_ca_crt is present, so ssl_crt and ssl_key are required') %}
{% endif %}
{% if slave.get('ssl_key') and slave.get('ssl_crt') %}
{% set key_popen = popen([parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %}
{% set crt_popen = popen([parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %}
{% set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %}
{% set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %}
{% if not key_modulus or key_modulus != crt_modulus %}
{% do slave_error_list.append('slave ssl_key and ssl_crt does not match') %}
{% endif %}
{% endif %}
{# BBB: SlapOS Master non-zero knowledge END #}
{% if slave.get('custom_domain') %}
{% if slave.get('custom_domain') %}
{% set slave_custom_domain = '' ~ slave['custom_domain'] %}
{% set slave_custom_domain = '' ~ slave['custom_domain'] %}
{% if slave_custom_domain.startswith('*.') %}
{% if slave_custom_domain.startswith('*.') %}
...
@@ -143,6 +164,9 @@ context =
...
@@ -143,6 +164,9 @@ context =
{% else %}
{% else %}
{% do rejected_slave_dict.__setitem__(slave.get('slave_reference'), slave_error_list) %}
{% do rejected_slave_dict.__setitem__(slave.get('slave_reference'), slave_error_list) %}
{% endif %}
{% endif %}
{% if len(slave_warning_list) > 0 %}
{% do warning_slave_dict.__setitem__(slave.get('slave_reference'), slave_warning_list) %}
{% endif %}
{% endfor %}
{% endfor %}
[monitor-instance-parameter]
[monitor-instance-parameter]
...
@@ -189,6 +213,12 @@ sla-{{ parameter }} = {{ value }}
...
@@ -189,6 +213,12 @@ sla-{{ parameter }} = {{ value }}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}
{% set warning_list = [] %}
{% for key in ['apache-certificate', 'apache-key'] %}
{% if key in slapparameter_dict %}
{% do warning_list.append('%s is obsolete, please use master-key-upload-url' % (key, )) %}
{% endif %}
{% endfor %}
[publish-information]
[publish-information]
<= monitor-publish
<= monitor-publish
...
@@ -201,6 +231,12 @@ rejected-slave-dict = {{ dumps(json_module.dumps(rejected_slave_dict)) }}
...
@@ -201,6 +231,12 @@ rejected-slave-dict = {{ dumps(json_module.dumps(rejected_slave_dict)) }}
master-key-upload-url = ${request-kedifa:connection-master-key-upload-url}
master-key-upload-url = ${request-kedifa:connection-master-key-upload-url}
master-key-generate-auth-url = ${request-kedifa:connection-master-key-generate-auth-url}
master-key-generate-auth-url = ${request-kedifa:connection-master-key-generate-auth-url}
kedifa-caucase-url = ${request-kedifa:connection-caucase-url}
kedifa-caucase-url = ${request-kedifa:connection-caucase-url}
{% if len(warning_list) > 0 %}
warning-list = {{ dumps(json_module.dumps(warning_list)) }}
{% endif %}
{% if len(warning_slave_dict) > 0 %}
warning-slave-dict = {{ dumps(json_module.dumps(warning_slave_dict)) }}
{% endif %}
{% if not aikc_enabled %}
{% if not aikc_enabled %}
kedifa-csr_id-url = ${request-kedifa:connection-csr_id-url}
kedifa-csr_id-url = ${request-kedifa:connection-csr_id-url}
kedifa-csr_id-certificate = ${request-kedifa:connection-csr_id-certificate}
kedifa-csr_id-certificate = ${request-kedifa:connection-csr_id-certificate}
...
@@ -258,6 +294,11 @@ sla-{{ key[sla_kedifa_key_length:] }} = {{ slapparameter_dict.pop(key) }}
...
@@ -258,6 +294,11 @@ sla-{{ key[sla_kedifa_key_length:] }} = {{ slapparameter_dict.pop(key) }}
{{ slave_id }} = {{ dumps(json_module.dumps(rejected_list)) }}
{{ slave_id }} = {{ dumps(json_module.dumps(rejected_list)) }}
{% endfor %}
{% endfor %}
[warning-slave-information]
{% for slave_id, warning_list in warning_slave_dict.iteritems() %}
{{ slave_id }} = {{ dumps(json_module.dumps(warning_list)) }}
{% endfor %}
[slave-information]
[slave-information]
{% for frontend_section in frontend_section_list %}
{% for frontend_section in frontend_section_list %}
{{ frontend_section }} = {{ "${%s:connection-slave-instance-information-list}" % frontend_section }}
{{ frontend_section }} = {{ "${%s:connection-slave-instance-information-list}" % frontend_section }}
...
@@ -281,6 +322,7 @@ extra-context =
...
@@ -281,6 +322,7 @@ extra-context =
section slave_information slave-information
section slave_information slave-information
section rejected_slave_information rejected-slave-information
section rejected_slave_information rejected-slave-information
section active_slave_instance_dict active-slave-instance
section active_slave_instance_dict active-slave-instance
section warning_slave_information warning-slave-information
key slave_kedifa_information request-kedifa:connection-slave-kedifa-information
key slave_kedifa_information request-kedifa:connection-slave-kedifa-information
[monitor-conf-parameters]
[monitor-conf-parameters]
...
...
software/caddy-frontend/instance.cfg.in
View file @
fa8a4f73
...
@@ -106,6 +106,8 @@ configuration.apache_custom_https = ""
...
@@ -106,6 +106,8 @@ configuration.apache_custom_https = ""
configuration.apache_custom_http = ""
configuration.apache_custom_http = ""
configuration.caddy_custom_https = ""
configuration.caddy_custom_https = ""
configuration.caddy_custom_http = ""
configuration.caddy_custom_http = ""
configuration.apache-key =
configuration.apache-certificate =
configuration.open-port = 80 443
configuration.open-port = 80 443
configuration.disk-cache-size = 8G
configuration.disk-cache-size = 8G
configuration.ram-cache-size = 1G
configuration.ram-cache-size = 1G
...
...
software/caddy-frontend/templates/Caddyfile.in
View file @
fa8a4f73
...
@@ -4,10 +4,20 @@ import {{frontend_configuration.get('log-access-configuration')}}
...
@@ -4,10 +4,20 @@ import {{frontend_configuration.get('log-access-configuration')}}
import {{ slave_configuration_directory }}/*.conf
import {{ slave_configuration_directory }}/*.conf
import {{ slave_with_cache_configuration_directory }}/*.conf
import {{ slave_with_cache_configuration_directory }}/*.conf
{%- set ssl = {} -%}
{%- if os_module.path.exists(master_certificate) -%}
{%- do ssl.__setitem__('certificate', master_certificate) -%}
{%- do ssl.__setitem__('key', master_certificate) -%}
{#- BBB: SlapOS Master non-zero knowledge BEGIN -#}
{%- elif os_module.path.getsize(apache_certificate) > 0 and os_module.path.getsize(apache_key) > 0 -%}
{%- do ssl.__setitem__('certificate', apache_certificate) -%}
{%- do ssl.__setitem__('key', apache_key) -%}
{%- endif -%}
{#- BBB: SlapOS Master non-zero knowledge END #}
# Catch-all and 404 for not configured instances
# Catch-all and 404 for not configured instances
{% if
os_module.path.exists(master_certificate)
%}
{% if
'key' in ssl
%}
:{{ https_port }} {
:{{ https_port }} {
tls {{
master_certificate }} {{ master_certificate
}}
tls {{
ssl['certificate'] }} {{ ssl['key']
}}
bind {{ local_ipv4 }}
bind {{ local_ipv4 }}
# Compress the output
# Compress the output
gzip
gzip
...
...
software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
View file @
fa8a4f73
...
@@ -208,6 +208,61 @@ command =
...
@@ -208,6 +208,61 @@ command =
fi
fi
update-command = ${:command}
update-command = ${:command}
# BBB: SlapOS Master non-zero knowledge BEGIN
{# Set ssl certificates for each slave #}
{% for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%}
{% if cert_name in slave_instance %}
{% set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
{% do part_list.append(cert_title) %}
{% do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
{% do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %}
{# Store certificates on fs #}
[{{ cert_title }}]
< = jinja2-template-base
template = {{ empty_template }}
rendered = {{ cert_file }}
extra-context =
key content {{ cert_title + '-config:value' }}
# Store certificate in config
[{{ cert_title + '-config' }}]
value = {{ dumps(slave_instance.get(cert_name)) }}
{% endif %}
{% endfor %}
{#- Set Up Certs #}
{% do slave_instance.__setitem__('apache_certificate', apache_certificate) %}
{% do slave_instance.__setitem__('apache_key', apache_key) %}
{% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
{% set cert_title = '%s-crt' % (slave_reference) %}
{% set key_title = '%s-key' % (slave_reference) %}
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
{% set key_file = '/'.join([custom_ssl_directory, key_title.replace('-','.')]) %}
{% do part_list.append(cert_title) %}
{% do part_list.append(key_title) %}
{% do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %}
{% do slave_parameter_dict.__setitem__("ssl_key", key_file) %}
{% do slave_instance.__setitem__('path_to_ssl_crt', cert_file) %}
{% do slave_instance.__setitem__('path_to_ssl_key', key_file) %}
[{{key_title}}]
< = jinja2-template-base
template = {{ empty_template }}
rendered = {{ key_file }}
key-content = {{ dumps(slave_instance.get('ssl_key')) }}
extra-context =
key content :key-content
[{{cert_title}}]
< = jinja2-template-base
template = {{ empty_template }}
rendered = {{ cert_file }}
cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.get('ssl_ca_crt', '')) }}
extra-context =
key content :cert-content
{% endif %}
# BBB: SlapOS Master non-zero knowledge END
{# ########################################## #}
{# ########################################## #}
{# Set Slave Configuration #}
{# Set Slave Configuration #}
[{{ slave_configuration_section_name }}]
[{{ slave_configuration_section_name }}]
...
...
software/caddy-frontend/templates/default-virtualhost.conf.in
View file @
fa8a4f73
...
@@ -26,12 +26,25 @@
...
@@ -26,12 +26,25 @@
{%- set default_path = slave_parameter.get('default-path', '').strip('/') | urlencode %}
{%- set default_path = slave_parameter.get('default-path', '').strip('/') | urlencode %}
# SSL enabled hosts
# SSL enabled hosts
{% set ssl = {} %}
{% if os_module.path.exists(slave_parameter['certificate']) %}
{% if os_module.path.exists(slave_parameter['certificate']) %}
{% do ssl.__setitem__('certificate', slave_parameter['certificate']) %}
{% do ssl.__setitem__('key', slave_parameter['certificate']) %}
{#- BBB: SlapOS Master non-zero knowledge BEGIN -#}
{% elif 'path_to_ssl_crt' in slave_parameter and 'path_to_ssl_key' in slave_parameter %}
{% do ssl.__setitem__('certificate', slave_parameter['path_to_ssl_crt']) %}
{% do ssl.__setitem__('key', slave_parameter['path_to_ssl_key']) %}
{% elif os_module.path.getsize(slave_parameter['apache_certificate']) > 0 and os_module.path.getsize(slave_parameter['apache_key']) > 0 %}
{% do ssl.__setitem__('certificate', slave_parameter['apache_certificate']) %}
{% do ssl.__setitem__('key', slave_parameter['apache_key']) %}
{% endif %}
{#- BBB: SlapOS Master non-zero knowledge END -#}
{% if 'key' in ssl %}
{{ https_host_list|join(', ') }} {
{{ https_host_list|join(', ') }} {
bind {{ slave_parameter['local_ipv4'] }}
bind {{ slave_parameter['local_ipv4'] }}
# Compress the output
# Compress the output
gzip
gzip
tls {{ s
lave_parameter['certificate'] }} {{ slave_parameter['certificate
'] }} {
tls {{ s
sl['certificate'] }} {{ ssl['key
'] }} {
{%- if enable_h2 %}
{%- if enable_h2 %}
# Allow HTTP2
# Allow HTTP2
alpn h2 http/1.1
alpn h2 http/1.1
...
...
software/caddy-frontend/templates/nginx-notebook-slave.conf.in
View file @
fa8a4f73
...
@@ -5,7 +5,20 @@
...
@@ -5,7 +5,20 @@
{%- set https_upstream = https_url.split("/")[2] %}
{%- set https_upstream = https_url.split("/")[2] %}
# SSL-enabled
# SSL-enabled
{% set ssl = {} %}
{% if os_module.path.exists(slave_parameter['certificate']) %}
{% if os_module.path.exists(slave_parameter['certificate']) %}
{% do ssl.__setitem__('certificate', slave_parameter['certificate']) %}
{% do ssl.__setitem__('key', slave_parameter['certificate']) %}
{#- BBB: SlapOS Master non-zero knowledge BEGIN -#}
{% elif 'path_to_ssl_crt' in slave_parameter and 'path_to_ssl_key' in slave_parameter %}
{% do ssl.__setitem__('certificate', slave_parameter['path_to_ssl_crt']) %}
{% do ssl.__setitem__('key', slave_parameter['path_to_ssl_key']) %}
{% elif os_module.path.getsize(slave_parameter['apache_certificate']) > 0 and os_module.path.getsize(slave_parameter['apache_key']) > 0 %}
{% do ssl.__setitem__('certificate', slave_parameter['apache_certificate']) %}
{% do ssl.__setitem__('key', slave_parameter['apache_key']) %}
{% endif %}
{#- BBB: SlapOS Master non-zero knowledge END -#}
{% if 'key' in ssl %}
https://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_https_port'] }} {
https://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_https_port'] }} {
bind {{ slave_parameter['local_ipv4'] }}
bind {{ slave_parameter['local_ipv4'] }}
# Compress the output
# Compress the output
...
@@ -13,7 +26,7 @@ https://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_htt
...
@@ -13,7 +26,7 @@ https://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_htt
log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
errors {{ slave_parameter.get('error_log') }}
errors {{ slave_parameter.get('error_log') }}
tls {{ s
lave_parameter['certificate'] }} {{ slave_parameter['certificate
'] }} {
tls {{ s
sl['certificate'] }} {{ ssl['key
'] }} {
alpn http/1.1
alpn http/1.1
}
}
...
...
software/caddy-frontend/templates/nginx.cfg.in
View file @
fa8a4f73
...
@@ -58,9 +58,20 @@
...
@@ -58,9 +58,20 @@
import {{ slave_configuration_directory }}/*.conf
import {{ slave_configuration_directory }}/*.conf
# Catch-all and 404 for not configured instances
# Catch-all and 404 for not configured instances
{% if os_module.path.exists(master_certificate) %}
{%- set ssl = {} -%}
{%- if os_module.path.exists(master_certificate) -%}
{%- do ssl.__setitem__('certificate', master_certificate) -%}
{%- do ssl.__setitem__('key', master_certificate) -%}
{#- BBB: SlapOS Master non-zero knowledge BEGIN -#}
{%- elif os_module.path.getsize(apache_certificate) > 0 and os_module.path.getsize(apache_key) > 0 -%}
{%- do ssl.__setitem__('certificate', apache_certificate) -%}
{%- do ssl.__setitem__('key', apache_key) -%}
{%- endif -%}
{#- BBB: SlapOS Master non-zero knowledge END -#}
# Catch-all and 404 for not configured instances
{% if 'key' in ssl %}
:{{ port }} {
:{{ port }} {
tls {{
master_certificate }} {{ master_certificate
}}
tls {{
ssl['certificate'] }} {{ ssl['key']
}}
bind {{ local_ip }}
bind {{ local_ip }}
# Serve an error 204 (No Content) for favicon.ico
# Serve an error 204 (No Content) for favicon.ico
status 204 /favicon.ico
status 204 /favicon.ico
...
...
software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in
View file @
fa8a4f73
...
@@ -34,6 +34,13 @@
...
@@ -34,6 +34,13 @@
{% do slave_information_dict[slave_reference].__setitem__('request-error-list', rejected_info_list) %}
{% do slave_information_dict[slave_reference].__setitem__('request-error-list', rejected_info_list) %}
{% endfor %}
{% endfor %}
{% for slave_reference, warning_info_list in warning_slave_information.iteritems() %}
{% if slave_reference not in slave_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% endif %}
{% do slave_information_dict[slave_reference].__setitem__('warning-list', warning_info_list) %}
{% endfor %}
{% for slave_reference, kedifa_dict in json_module.loads(slave_kedifa_information).iteritems() %}
{% for slave_reference, kedifa_dict in json_module.loads(slave_kedifa_information).iteritems() %}
{% if slave_reference not in rejected_slave_information %}
{% if slave_reference not in rejected_slave_information %}
{% if slave_reference not in slave_information_dict %}
{% if slave_reference not in slave_information_dict %}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment