Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
francois
slapos
Commits
34945832
Commit
34945832
authored
May 07, 2013
by
Cédric Le Ninivin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
apache-frontend: Introduce new architecture for apache frontend
parent
6bc5832d
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
172 additions
and
301 deletions
+172
-301
slapos/recipe/apache_frontend/__init__.py
slapos/recipe/apache_frontend/__init__.py
+43
-259
slapos/recipe/apache_frontend/template/apache.conf.in
slapos/recipe/apache_frontend/template/apache.conf.in
+0
-5
slapos/recipe/apache_frontend/template/apache_cached.conf.in
slapos/recipe/apache_frontend/template/apache_cached.conf.in
+114
-0
software/apache-frontend/instance.cfg
software/apache-frontend/instance.cfg
+15
-37
No files found.
slapos/recipe/apache_frontend/__init__.py
View file @
34945832
...
@@ -58,7 +58,7 @@ class Recipe(BaseSlapRecipe):
...
@@ -58,7 +58,7 @@ class Recipe(BaseSlapRecipe):
frontend_port_number
=
self
.
parameter_dict
.
get
(
"port"
,
4443
)
frontend_port_number
=
self
.
parameter_dict
.
get
(
"port"
,
4443
)
frontend_plain_http_port_number
=
self
.
parameter_dict
.
get
(
frontend_plain_http_port_number
=
self
.
parameter_dict
.
get
(
"plain_http_port"
,
8080
)
"plain_http_port"
,
8080
)
base_varnish_port
=
260
09
base_varnish_port
=
260
10
slave_instance_list
=
self
.
parameter_dict
.
get
(
"slave_instance_list"
,
[])
slave_instance_list
=
self
.
parameter_dict
.
get
(
"slave_instance_list"
,
[])
self
.
path_list
=
[]
self
.
path_list
=
[]
...
@@ -70,6 +70,7 @@ class Recipe(BaseSlapRecipe):
...
@@ -70,6 +70,7 @@ class Recipe(BaseSlapRecipe):
self
.
path_list
.
append
(
self
.
killpidfromfile
)
self
.
path_list
.
append
(
self
.
killpidfromfile
)
rewrite_rule_list
=
[]
rewrite_rule_list
=
[]
rewrite_rule_cached_list
=
[]
rewrite_rule_https_only_list
=
[]
rewrite_rule_https_only_list
=
[]
rewrite_rule_zope_list
=
[]
rewrite_rule_zope_list
=
[]
rewrite_rule_zope_path_list
=
[]
rewrite_rule_zope_path_list
=
[]
...
@@ -133,7 +134,7 @@ class Recipe(BaseSlapRecipe):
...
@@ -133,7 +134,7 @@ class Recipe(BaseSlapRecipe):
# base_varnish_port, backend_url, reference, service_dict, domain)
# base_varnish_port, backend_url, reference, service_dict, domain)
rewrite_rule
=
self
.
configureSquidSlave
(
rewrite_rule
=
self
.
configureSquidSlave
(
base_varnish_port
,
backend_url
,
reference
,
service_dict
,
domain
)
base_varnish_port
,
backend_url
,
reference
,
service_dict
,
domain
)
base_varnish_port
+=
2
rewrite_rule_cached_list
.
append
(
"%s %s"
%
(
domain
,
backend_url
))
else
:
else
:
rewrite_rule
=
"%s %s"
%
(
domain
,
backend_url
)
rewrite_rule
=
"%s %s"
%
(
domain
,
backend_url
)
# # Temporary forbid activation of cache until it is properly tested
# # Temporary forbid activation of cache until it is properly tested
...
@@ -190,9 +191,11 @@ class Recipe(BaseSlapRecipe):
...
@@ -190,9 +191,11 @@ class Recipe(BaseSlapRecipe):
ip_list
=
[
"[%s]"
%
self
.
getGlobalIPv6Address
(),
ip_list
=
[
"[%s]"
%
self
.
getGlobalIPv6Address
(),
self
.
getLocalIPv4Address
()],
self
.
getLocalIPv4Address
()],
port
=
frontend_port_number
,
port
=
frontend_port_number
,
cached_port
=
base_varnish_port
+
1
,
plain_http_port
=
frontend_plain_http_port_number
,
plain_http_port
=
frontend_plain_http_port_number
,
name
=
frontend_domain_name
,
name
=
frontend_domain_name
,
rewrite_rule_list
=
rewrite_rule_list
,
rewrite_rule_list
=
rewrite_rule_list
,
rewrite_rule_cached_list
=
rewrite_rule_cached_list
,
rewrite_rule_https_only_list
=
rewrite_rule_https_only_list
,
rewrite_rule_https_only_list
=
rewrite_rule_https_only_list
,
rewrite_rule_zope_list
=
rewrite_rule_zope_list
,
rewrite_rule_zope_list
=
rewrite_rule_zope_list
,
rewrite_rule_zope_path_list
=
rewrite_rule_zope_path_list
,
rewrite_rule_zope_path_list
=
rewrite_rule_zope_path_list
,
...
@@ -257,7 +260,6 @@ class Recipe(BaseSlapRecipe):
...
@@ -257,7 +260,6 @@ class Recipe(BaseSlapRecipe):
service_dict
,
domain
):
service_dict
,
domain
):
# Squid should use stunnel to connect to the backend
# Squid should use stunnel to connect to the backend
base_squid_control_port
=
base_squid_port
base_squid_control_port
=
base_squid_port
base_squid_port
+=
1
# Use regex
# Use regex
host_regex
=
"((
\
[
\
w*|[0-9]+
\
.)(
\
:|)).*(
\
]|
\
.[0-9]+)"
host_regex
=
"((
\
[
\
w*|[0-9]+
\
.)(
\
:|)).*(
\
]|
\
.[0-9]+)"
slave_host
=
re
.
search
(
host_regex
,
url
).
group
(
0
)
slave_host
=
re
.
search
(
host_regex
,
url
).
group
(
0
)
...
@@ -282,218 +284,16 @@ class Recipe(BaseSlapRecipe):
...
@@ -282,218 +284,16 @@ class Recipe(BaseSlapRecipe):
# size="1G")
# size="1G")
service_dict
[
service_name
]
=
dict
(
public_ip
=
squid_ip
,
service_dict
[
service_name
]
=
dict
(
public_ip
=
squid_ip
,
public_port
=
stunnel_port
,
public_port
=
stunnel_port
,
private_ip
=
slave_host
.
replace
(
"["
,
""
).
replace
(
"]"
,
""
)
,
private_ip
=
slave_host
,
private_port
=
slave_port
)
private_port
=
slave_port
)
return
"%s http://%s:%s"
%
\
return
"%s http://%s:%s"
%
\
(
domain
,
squid_ip
,
base_squid_port
)
(
domain
,
squid_ip
,
base_squid_port
)
# def installSquidCache(self, name, ip, port, backend_host,
# backend_port, domain, size="1G"):
# """
# Install a squid daemon for a certain address
# """
## directory = self.createDataDirectory(name)
## squid_config = dict(
## directory=directory,
## pid = "%s/squid.pid" % directory,
## port="%s:%s" % (ip, port),
## squidd_binary=self.options["squidd_binary"],
## control_port="%s:%s" % (ip, control_port),
## storage="file,%s/storage.bin,%s" % (directory, size))
#
##
## squid_argument_list = [squid_config['squidd_binary'].strip(),
## "-F", "-n", directory, "-P", squid_config["pid"], "-p",
## "cc_command=exec %s " % self.options["gcc_binary"] +\
## "-fpic -shared -o %o %s",
## "-f", config_file,
## "-a", squid_config["port"], "-T", squid_config["control_port"],
## "-s", squid_config["storage"]]
## environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
## os.environ.get('PATH')))
## wrapper = zc.buildout.easy_install.scripts([(name,
## 'slapos.recipe.librecipe.execute', 'executee')], self.ws,
## sys.executable, self.service_directory, arguments=[squid_argument_list,
## environment])[0]
## self.path_list.append(wrapper)
#
#
## directory = self.createDataDirectory(name)
# config = dict(
# ip=ip,
# port=port,
# backend_ip=backend_host,
# backend_port=backend_port,
# domain=domain,
# # XXX Hardcoded
# access_log_path = os.path.join(self.log_directory, 'squid.access.log'),
# # XXX Hardcoded
# cache_log_path = os.path.join(self.log_directory, 'squid.cache.log'),
## cache_path=self.options['cache-path'],
# # XXX Hardcoded
# pid_filename_path=os.path.join(self.run_directory, 'squid.pid'),
# squid_binary=self.options["squid_binary"],
# )
#
# template_filename = self.getTemplateFilename('squid.conf.in')
# config_file = self.createConfigurationFile("%s.conf" % name,
# self.substituteTemplate(self.getTemplateFilename('squid.conf.in'),
# config))
#
## # Prepare directories
## prepare_path = self.createPythonScript(
## self.options['prepare-path'],
## 'slapos.recipe.librecipe.execute.execute',
## arguments=[self.options['binary-path'].strip(),
## '-z',
## '-f', configuration_path,
## ],)
##
## # Create running wrapper
## wrapper_path = self.createPythonScript(
## self.options['wrapper-path'],
## 'slapos.recipe.librecipe.execute.execute',
## arguments=[self.options['binary-path'].strip(),
## '-N',
## '-f', configuration_path,
## ],)
##
## return [configuration_path, wrapper_path, prepare_path]
#
# squid_argument_list = [config['squid_binary'].strip(),
# "-N", "-f", config_file]
## "cc_command=exec %s " % self.options["gcc_binary"] +\
## "-fpic -shared -o %o %s",
## "-f", config_file,
## "-a", config["port"], "-T", config["control_port"],
## "-s", config["storage"]]
# environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
# os.environ.get('PATH')))
# wrapper = zc.buildout.easy_install.scripts([(name,
# 'slapos.recipe.librecipe.execute', 'executee')], self.ws,
# sys.executable, self.service_directory, arguments=[squid_argument_list,
# environment])[0]
# self.path_list.append(wrapper)
#
# return config
# def requestCertificate(self, name):
# hash = hashlib.sha512(name).hexdigest()
# key = os.path.join(self.ca_private, hash + self.ca_key_ext)
# certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
# parser = ConfigParser.RawConfigParser()
# parser.add_section('certificate')
# parser.set('certificate', 'name', name)
# parser.set('certificate', 'key_file', key)
# parser.set('certificate', 'certificate_file', certificate)
# parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
# return key, certificate
# def installCrond(self):
# timestamps = self.createDataDirectory('cronstamps')
# cron_output = os.path.join(self.log_directory, 'cron-output')
# self._createDirectory(cron_output)
# catcher = zc.buildout.easy_install.scripts([('catchcron',
# __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
# self.bin_directory, arguments=[cron_output])[0]
# self.path_list.append(catcher)
# cron_d = os.path.join(self.etc_directory, 'cron.d')
# crontabs = os.path.join(self.etc_directory, 'crontabs')
# self._createDirectory(cron_d)
# self._createDirectory(crontabs)
# wrapper = zc.buildout.easy_install.scripts([('crond',
# 'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
# self.service_directory, arguments=[
# self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
# '-t', timestamps, '-f', '-l', '5', '-M', catcher]
# )[0]
# self.path_list.append(wrapper)
# return cron_d
# def installValidCertificateAuthority(self, domain_name, certificate, key):
# ca_dir = os.path.join(self.data_root_directory, 'ca')
# ca_private = os.path.join(ca_dir, 'private')
# ca_certs = os.path.join(ca_dir, 'certs')
# ca_crl = os.path.join(ca_dir, 'crl')
# self._createDirectory(ca_dir)
# for path in (ca_private, ca_certs, ca_crl):
# self._createDirectory(path)
# key_path = os.path.join(ca_private, domain_name + ".key")
# certificate_path = os.path.join(ca_certs, domain_name + ".crt")
# self._writeFile(key_path, key)
# self._writeFile(certificate_path, certificate)
# return dict(certificate_authority_path=ca_dir,
# ca_crl=ca_crl,
# certificate=certificate_path,
# key=key_path)
#
# def installCertificateAuthority(self, ca_country_code='XX',
# ca_email='xx@example.com', ca_state='State', ca_city='City',
# ca_company='Company'):
# backup_path = self.createBackupDirectory('ca')
# self.ca_dir = os.path.join(self.data_root_directory, 'ca')
# self._createDirectory(self.ca_dir)
# self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
# self._createDirectory(self.ca_request_dir)
# config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
# self.ca_private = os.path.join(self.ca_dir, 'private')
# self.ca_certs = os.path.join(self.ca_dir, 'certs')
# self.ca_crl = os.path.join(self.ca_dir, 'crl')
# self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
# self.ca_key_ext = '.key'
# self.ca_crt_ext = '.crt'
# for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
# self._createDirectory(d)
# for f in ['crlnumber', 'serial']:
# if not os.path.exists(os.path.join(self.ca_dir, f)):
# open(os.path.join(self.ca_dir, f), 'w').write('01')
# if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
# open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
# openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
# config.update(
# working_directory=self.ca_dir,
# country_code=ca_country_code,
# state=ca_state,
# city=ca_city,
# company=ca_company,
# email_address=ca_email,
# )
# self._writeFile(openssl_configuration, pkg_resources.resource_string(
# __name__, 'template/openssl.cnf.ca.in') % config)
#
# # XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
# # from the instance profile.
# self.path_list.extend(zc.buildout.easy_install.scripts([
# ('certificate_authority', __name__ + '.certificate_authority',
# 'runCertificateAuthority')],
# self.ws, sys.executable, self.service_directory, arguments=[dict(
# openssl_configuration=openssl_configuration,
# openssl_binary=self.options['openssl_binary'],
# certificate=os.path.join(self.ca_dir, 'cacert.pem'),
# key=os.path.join(self.ca_private, 'cakey.pem'),
# crl=os.path.join(self.ca_crl),
# request_dir=self.ca_request_dir
# )]))
# configure backup
#backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
#open(backup_cron, 'w').write(
# '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
# rdiff_backup=self.options['rdiff_backup_binary'],
# source=self.ca_dir,
# destination=backup_path))
#self.path_list.append(backup_cron)
# return dict(
# ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
# ca_crl=os.path.join(config['ca_dir'], 'crl'),
# certificate_authority_path=config['ca_dir']
# )
def
_getApacheConfigurationDict
(
self
,
name
,
ip_list
,
port
):
def
_getApacheConfigurationDict
(
self
,
name
,
ip_list
,
port
):
apache_conf
=
dict
()
apache_conf
=
dict
()
apache_conf
[
'server_name'
]
=
name
apache_conf
[
'server_name'
]
=
name
apache_conf
[
'pid_file'
]
=
self
.
options
[
'pid-file'
]
apache_conf
[
'pid_file'
]
=
self
.
options
[
'pid-file'
]
apache_conf
[
'pid_cache_file'
]
=
self
.
options
[
'cache-pid-file'
]
apache_conf
[
'lock_file'
]
=
os
.
path
.
join
(
self
.
run_directory
,
apache_conf
[
'lock_file'
]
=
os
.
path
.
join
(
self
.
run_directory
,
name
+
'.lock'
)
name
+
'.lock'
)
apache_conf
[
'document_root'
]
=
os
.
path
.
join
(
self
.
data_root_directory
,
apache_conf
[
'document_root'
]
=
os
.
path
.
join
(
self
.
data_root_directory
,
...
@@ -505,57 +305,23 @@ class Recipe(BaseSlapRecipe):
...
@@ -505,57 +305,23 @@ class Recipe(BaseSlapRecipe):
apache_conf
[
'server_admin'
]
=
'admin@'
apache_conf
[
'server_admin'
]
=
'admin@'
apache_conf
[
'error_log'
]
=
self
.
options
[
'error-log'
]
apache_conf
[
'error_log'
]
=
self
.
options
[
'error-log'
]
apache_conf
[
'access_log'
]
=
self
.
options
[
'access-log'
]
apache_conf
[
'access_log'
]
=
self
.
options
[
'access-log'
]
apache_conf
[
'error_cache_log'
]
=
self
.
options
[
'cache-error-log'
]
apache_conf
[
'access_cache_log'
]
=
self
.
options
[
'cache-access-log'
]
return
apache_conf
return
apache_conf
def
installStunnel
(
self
,
service_dict
,
certificate
,
key
,
ca_crl
,
ca_path
):
"""Installs stunnel
service_dict =
{ name: (public_ip, private_ip, public_port, private_port),}
"""
template_filename
=
self
.
getTemplateFilename
(
'stunnel.conf.in'
)
template_entry_filename
=
self
.
getTemplateFilename
(
'stunnel.conf.entry.in'
)
log
=
os
.
path
.
join
(
self
.
log_directory
,
'stunnel.log'
)
pid_file
=
os
.
path
.
join
(
self
.
run_directory
,
'stunnel.pid'
)
stunnel_conf
=
dict
(
pid_file
=
pid_file
,
log
=
log
,
cert
=
certificate
,
key
=
key
,
ca_crl
=
ca_crl
,
ca_path
=
ca_path
,
entry_str
=
''
)
entry_list
=
[]
for
name
,
parameter_dict
in
service_dict
.
iteritems
():
parameter_dict
[
"name"
]
=
name
entry_str
=
self
.
substituteTemplate
(
template_entry_filename
,
parameter_dict
)
entry_list
.
append
(
entry_str
)
stunnel_conf
[
"entry_str"
]
=
"
\
n
"
.
join
(
entry_list
)
stunnel_conf_path
=
self
.
createConfigurationFile
(
"stunnel.conf"
,
self
.
substituteTemplate
(
template_filename
,
stunnel_conf
))
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'stunnel'
,
'slapos.recipe.librecipe.execute'
,
'execute_wait'
)],
self
.
ws
,
sys
.
executable
,
self
.
service_directory
,
arguments
=
[
[
self
.
options
[
'stunnel_binary'
].
strip
(),
stunnel_conf_path
],
[
certificate
,
key
]]
)[
0
]
self
.
path_list
.
append
(
wrapper
)
return
stunnel_conf
def
installFrontendApache
(
self
,
ip_list
,
key
,
certificate
,
name
,
def
installFrontendApache
(
self
,
ip_list
,
key
,
certificate
,
name
,
port
=
4443
,
plain_http_port
=
8080
,
port
=
4443
,
plain_http_port
=
8080
,
cached_port
=
26081
,
rewrite_rule_list
=
None
,
rewrite_rule_list
=
None
,
rewrite_rule_cached_list
=
None
,
rewrite_rule_zope_list
=
None
,
rewrite_rule_zope_list
=
None
,
rewrite_rule_https_only_list
=
None
,
rewrite_rule_https_only_list
=
None
,
rewrite_rule_zope_path_list
=
None
,
rewrite_rule_zope_path_list
=
None
,
access_control_string
=
None
):
access_control_string
=
None
):
if
rewrite_rule_list
is
None
:
if
rewrite_rule_list
is
None
:
rewrite_rule_list
=
[]
rewrite_rule_list
=
[]
if
rewrite_rule_cached_list
is
None
:
rewrite_rule_cached_list
=
[]
if
rewrite_rule_https_only_list
is
None
:
if
rewrite_rule_https_only_list
is
None
:
rewrite_rule_zope_path_list
=
[]
rewrite_rule_zope_path_list
=
[]
if
rewrite_rule_zope_list
is
None
:
if
rewrite_rule_zope_list
is
None
:
...
@@ -597,21 +363,15 @@ class Recipe(BaseSlapRecipe):
...
@@ -597,21 +363,15 @@ class Recipe(BaseSlapRecipe):
if
not
os
.
path
.
exists
(
custom_apache_virtual_configuration_file_location
):
if
not
os
.
path
.
exists
(
custom_apache_virtual_configuration_file_location
):
open
(
custom_apache_virtual_configuration_file_location
,
'w'
)
open
(
custom_apache_virtual_configuration_file_location
,
'w'
)
# Create backup of custom apache configuration
#backup_path = self.createBackupDirectory('custom_apache_conf_backup')
#backup_cron = os.path.join(self.cron_d, 'custom_apache_conf_backup')
#open(backup_cron, 'w').write(
# '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
# rdiff_backup=self.options['rdiff_backup_binary'],
# source=custom_apache_configuration_directory,
# destination=backup_path))
#self.path_list.append(backup_cron)
# Create configuration file and rewritemaps
# Create configuration file and rewritemaps
apachemap_path
=
self
.
createConfigurationFile
(
apachemap_path
=
self
.
createConfigurationFile
(
"apache_rewritemap_generic.txt"
,
"apache_rewritemap_generic.txt"
,
"
\
n
"
.
join
(
rewrite_rule_list
)
"
\
n
"
.
join
(
rewrite_rule_list
)
)
)
apachecachedmap_path
=
self
.
createConfigurationFile
(
"apache_rewritemap_cached.txt"
,
"
\
n
"
.
join
(
rewrite_rule_cached_list
)
)
apachemap_httpsonly_path
=
self
.
createConfigurationFile
(
apachemap_httpsonly_path
=
self
.
createConfigurationFile
(
"apache_rewritemap_httpsonly.txt"
,
"apache_rewritemap_httpsonly.txt"
,
"
\
n
"
.
join
(
rewrite_rule_https_only_list
)
"
\
n
"
.
join
(
rewrite_rule_https_only_list
)
...
@@ -635,8 +395,14 @@ class Recipe(BaseSlapRecipe):
...
@@ -635,8 +395,14 @@ class Recipe(BaseSlapRecipe):
)
)
apache_conf
[
"listen"
]
=
"
\
n
"
.
join
([
apache_conf
[
"listen"
]
=
"
\
n
"
.
join
([
"Listen %s:%s"
%
(
ip
,
port
)
"Listen %s:%s"
%
(
ip
,
tmp_port
)
for
port
in
(
plain_http_port
,
port
)
for
tmp_port
in
(
plain_http_port
,
port
)
for
ip
in
ip_list
])
apache_conf
[
"listen_cache"
]
=
"
\
n
"
.
join
([
"Listen %s:%s"
%
(
ip
,
tmp_port
)
for
tmp_port
in
(
cached_port
,)
for
ip
in
ip_list
for
ip
in
ip_list
])
])
...
@@ -651,12 +417,14 @@ class Recipe(BaseSlapRecipe):
...
@@ -651,12 +417,14 @@ class Recipe(BaseSlapRecipe):
apache_conf
.
update
(
**
dict
(
apache_conf
.
update
(
**
dict
(
path_enable
=
path
,
path_enable
=
path
,
apachemap_path
=
apachemap_path
,
apachemap_path
=
apachemap_path
,
apachecachedmap_path
=
apachecachedmap_path
,
apachemap_httpsonly_path
=
apachemap_httpsonly_path
,
apachemap_httpsonly_path
=
apachemap_httpsonly_path
,
apachemapzope_path
=
apachemap_zope_path
,
apachemapzope_path
=
apachemap_zope_path
,
apachemapzopepath_path
=
apachemap_zopepath_path
,
apachemapzopepath_path
=
apachemap_zopepath_path
,
apache_domain
=
name
,
apache_domain
=
name
,
https_port
=
port
,
https_port
=
port
,
plain_http_port
=
plain_http_port
,
plain_http_port
=
plain_http_port
,
cached_port
=
cached_port
,
custom_apache_conf
=
custom_apache_configuration_file_location
,
custom_apache_conf
=
custom_apache_configuration_file_location
,
custom_apache_virtualhost_conf
=
custom_apache_virtual_configuration_file_location
,
custom_apache_virtualhost_conf
=
custom_apache_virtual_configuration_file_location
,
))
))
...
@@ -677,4 +445,20 @@ class Recipe(BaseSlapRecipe):
...
@@ -677,4 +445,20 @@ class Recipe(BaseSlapRecipe):
config
=
apache_config_file
)
config
=
apache_config_file
)
]))
]))
apache_cached_conf_string
=
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'apache_cached.conf.in'
),
apache_conf
)
apache_cached_config_file
=
self
.
createConfigurationFile
(
'apache_frontend_cached.conf'
,
apache_cached_conf_string
)
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([(
'frontend_cached_apache'
,
'slapos.recipe.erp5.apache'
,
'runApache'
)],
self
.
ws
,
sys
.
executable
,
self
.
service_directory
,
arguments
=
[
dict
(
required_path_list
=
[
key
,
certificate
],
binary
=
self
.
options
[
'httpd_binary'
],
config
=
apache_cached_config_file
)
]))
return
dict
(
site_url
=
"https://%s:%s/"
%
(
name
,
port
))
return
dict
(
site_url
=
"https://%s:%s/"
%
(
name
,
port
))
slapos/recipe/apache_frontend/template/apache.conf.in
View file @
34945832
...
@@ -87,8 +87,6 @@ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javasc
...
@@ -87,8 +87,6 @@ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javasc
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent
# SSL Configuration
# SSL Configuration
%(ssl_snippet)s
%(ssl_snippet)s
...
@@ -146,9 +144,6 @@ Header append Vary User-Agent
...
@@ -146,9 +144,6 @@ Header append Vary User-Agent
ProxyTimeout 600
ProxyTimeout 600
RewriteEngine On
RewriteEngine On
# Remove "Secure" from cookies, as backend may be https
Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
# Include configuration file not operated by slapos. This file won't be erased
# Include configuration file not operated by slapos. This file won't be erased
# or changed when slapgrid is ran. It can be freely customized by node admin.
# or changed when slapgrid is ran. It can be freely customized by node admin.
# Include %(custom_apache_virtualhost_conf)s
# Include %(custom_apache_virtualhost_conf)s
...
...
slapos/recipe/apache_frontend/template/apache_cached.conf.in
0 → 100644
View file @
34945832
# Apache configuration file for Zope
# Automatically generated
# Basic server configuration
PidFile "%(pid_cache_file)s"
ServerName %(server_name)s
DocumentRoot %(document_root)s
ServerRoot %(instance_home)s
%(listen_cache)s
ServerAdmin %(server_admin)s
DefaultType text/plain
TypesConfig %(httpd_home)s/conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER
ServerTokens Prod
# Log configuration
ErrorLog "%(error_cache_log)s"
LogLevel warn
# LogFormat "%%h %%{REMOTE_USER}i %%{Host}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
# LogFormat "%%h %%{REMOTE_USER}i %%{Host}i %%l %%u %%t \"%%r\" %%>s %%b" common
# CustomLog "%(access_log)s" common
LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_cache_log)s" combined
%(path_enable)s
# List of modules
#LoadModule unixd_module modules/mod_unixd.so
#LoadModule access_compat_module modules/mod_access_compat.so
#LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module %(httpd_home)s/modules/mod_authz_host.so
LoadModule log_config_module %(httpd_home)s/modules/mod_log_config.so
LoadModule deflate_module %(httpd_home)s/modules/mod_deflate.so
LoadModule setenvif_module %(httpd_home)s/modules/mod_setenvif.so
LoadModule version_module %(httpd_home)s/modules/mod_version.so
LoadModule proxy_module %(httpd_home)s/modules/mod_proxy.so
LoadModule proxy_http_module %(httpd_home)s/modules/mod_proxy_http.so
LoadModule ssl_module %(httpd_home)s/modules/mod_ssl.so
LoadModule mime_module %(httpd_home)s/modules/mod_mime.so
LoadModule dav_module %(httpd_home)s/modules/mod_dav.so
LoadModule dav_fs_module %(httpd_home)s/modules/mod_dav_fs.so
LoadModule negotiation_module %(httpd_home)s/modules/mod_negotiation.so
LoadModule rewrite_module %(httpd_home)s/modules/mod_rewrite.so
LoadModule headers_module %(httpd_home)s/modules/mod_headers.so
LoadModule cache_module %(httpd_home)s/modules/mod_cache.so
LoadModule mem_cache_module %(httpd_home)s/modules/mod_mem_cache.so
LoadModule antiloris_module %(httpd_home)s/modules/mod_antiloris.so
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
# Cache directives
CacheEnable mem /
CacheDefaultExpire 3600
MCacheSize 8192
MCacheMaxObjectCount 1000
MCacheMaxObjectSize 8192
MCacheRemovalAlgorithm LRU
# Deflate
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# SSL Configuration
%(ssl_snippet)s
# Only accept generic (i.e not Zope) backends on http
<VirtualHost *:%(cached_port)s>
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Include configuration file not operated by slapos. This file won't be erased
# or changed when slapgrid is ran. It can be freely customized by node admin.
# Include %(custom_apache_virtualhost_conf)s
RewriteMap apachemapcached txt:%(apachecachedmap_path)s
RewriteCond ${apachemapcached:%%{SERVER_NAME}} >""
RewriteRule ^/(.*)$ ${apachemapcached:%%{SERVER_NAME}}/$1 [L,P]
# If nothing exist : put a nice error
ErrorDocument 404 /notfound.html
</VirtualHost>
software/apache-frontend/instance.cfg
View file @
34945832
...
@@ -37,7 +37,7 @@ cronstamps = $${:etc}/cronstamps
...
@@ -37,7 +37,7 @@ cronstamps = $${:etc}/cronstamps
ca-dir = $${:srv}/ssl
ca-dir = $${:srv}/ssl
squid-cache = $${:srv}/squid_cache
squid-cache = $${:srv}/squid_cache
stunnel-conf = $${:etc}/stunnel
[instance-parameter]
[instance-parameter]
# Fetches parameters defined in SlapOS Master for this instance.
# Fetches parameters defined in SlapOS Master for this instance.
...
@@ -79,6 +79,9 @@ ca_crl = $${certificate-authority:ca-crl}
...
@@ -79,6 +79,9 @@ ca_crl = $${certificate-authority:ca-crl}
access-log = $${directory:log}/frontend-apache-access.log
access-log = $${directory:log}/frontend-apache-access.log
error-log = $${directory:log}/frontend-apache-error.log
error-log = $${directory:log}/frontend-apache-error.log
pid-file = $${directory:run}/httpd.pid
pid-file = $${directory:run}/httpd.pid
cache-access-log = $${directory:log}/frontend-apache-access-cached.log
cache-error-log = $${directory:log}/frontend-apache-error-cached.log
cache-pid-file = $${directory:run}/httpd-cached.pid
# Create wrapper for "apachectl conftest" in bin
# Create wrapper for "apachectl conftest" in bin
...
@@ -106,40 +109,15 @@ certs = $${directory:ca-dir}/certs/
...
@@ -106,40 +109,15 @@ certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/
crl = $${directory:ca-dir}/crl/
[ca-frontend]
#[ca-frontend]
<= certificate-authority
#<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
#recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/apache_frontend.key
#key-file = $${cadirectory:certs}/apache_frontend.key
cert-file = $${cadirectory:certs}/apache_frontend.crt
#cert-file = $${cadirectory:certs}/apache_frontend.crt
executable = $${directory:service}/apache_frontend
#executable = $${directory:service}/apache_frontend
wrapper = $${directory:service}/apache_frontend
#wrapper = $${directory:service}/apache_frontend
# Put domain name
## Put domain name
name = $${instance-parameter:configuration.domain}
#name = $${instance-parameter:configuration.domain}
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
[stunnel]
recipe = slapos.cookbook:stunnel
stunnel-binary = ${stunnel:location}/bin/stunnel
wrapper = $${directory:bin}/stunnel
log-file = $${directory:log}/stunnel.log
config-file = $${directory:etc}/stunnel.conf
key-file = $${ca-stunnel:key-file}
cert-file = $${ca-stunnel:cert-file}
pid-file = $${directory:run}/stunnel.pid
local-port = $${squid-hardcoded:backend-port}
local-host = $${squid-hardcoded:backend-ip}
remote-host = $${squid-hardcoded:remote-host}
remote-port = $${squid-hardcoded:remote-port}
client = false
post-rotate-script = $${directory:bin}/stunnel_post_rotate
[cron]
[cron]
recipe = slapos.cookbook:cron
recipe = slapos.cookbook:cron
...
@@ -182,7 +160,7 @@ recipe = slapos.cookbook:logrotate.d
...
@@ -182,7 +160,7 @@ recipe = slapos.cookbook:logrotate.d
name = apache
name = apache
log = $${apache:error-log} $${apache:access-log}
log = $${apache:error-log} $${apache:access-log}
frequency = daily
frequency = daily
rotate-num = 30
rotate
p
-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${apache:pid-file} SIGUSR1
post = ${buildout:bin-directory}/killpidfromfile $${apache:pid-file} SIGUSR1
sharedscripts = true
sharedscripts = true
notifempty = true
notifempty = true
...
@@ -199,7 +177,7 @@ ip = $${squid-hardcoded:ip}
...
@@ -199,7 +177,7 @@ ip = $${squid-hardcoded:ip}
port = $${squid-hardcoded:port}
port = $${squid-hardcoded:port}
backend-ip = $${squid-hardcoded:backend-ip}
backend-ip = $${squid-hardcoded:backend-ip}
backend-port = $${squid-hardcoded:backend-port}
backend-port = $${squid-hardcoded:backend-port}
domain = $${squid-hardcoded:domain
}
public-ipv4 = $${instance-parameter:configuration.public-ipv4
}
access-log-path = $${directory:log}/squid-access.log
access-log-path = $${directory:log}/squid-access.log
cache-log-path = $${directory:log}/squid-cache.log
cache-log-path = $${directory:log}/squid-cache.log
pid-filename-path = $${directory:run}/squid.pid
pid-filename-path = $${directory:run}/squid.pid
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment