Commit 0b53209e authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Implement enable_cache

parent a040c759
......@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913
[template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
md5sum = 181631c2acd06dc79508711123ea3b82
md5sum = 0643a19572f65e496e1656df0971d8bd
[template-slave-configuration]
filename = templates/custom-virtualhost.conf.in
......@@ -43,7 +43,7 @@ md5sum = d1a7a759aa2801c96ecf4445a33203f2
[template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
md5sum = 181631c2acd06dc79508711123ea3b82
md5sum = 0643a19572f65e496e1656df0971d8bd
[template-not-found-html]
filename = templates/notfound.html
......@@ -55,11 +55,11 @@ md5sum = 4dbb8560e4de1af2a0706b020e713fe7
[template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in
md5sum = 07b3a9a0f25d1a173066a39293f09cd6
md5sum = 4e06ce63dfbd38dd855f04aa7d01951f
[template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in
md5sum = 42a574141f2d8e27669e3848d2e600a1
md5sum = b66ebb546e1762419a22ac853437a9c2
[template-log-access]
filename = templates/template-log-access.conf.in
......
......@@ -323,6 +323,8 @@ extra-context =
section slave_parameter {{ slave_configuration_section_name }}
raw cached_port {{ cached_port }}
raw ssl_cached_port {{ ssl_cached_port }}
raw local_ipv4 {{ local_ipv4 }}
raw local_ipv6 {{ local_ipv6 }}
{{ '\n' }}
{% endfor %}
......
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{% set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
{%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%}
{%- set http_host_list = [] %}
{%- set https_host_list = [] %}
{%- for host in host_list %}
{%- do http_host_list.append('http://%s:%s' % (host, cached_port)) %}
{%- do https_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %}
{%- endfor %}
# TODO-Caddy # Only accept generic (i.e not Zope) backends on http
# TODO-Caddy <VirtualHost *:{{ cached_port }}>
# TODO-Caddy ServerName {{ slave_parameter.get('custom_domain') }}
# TODO-Caddy {%- for server_alias in server_alias_list %}
# TODO-Caddy ServerAlias {{ server_alias }}
# TODO-Caddy {% endfor %}
# TODO-Caddy SSLProxyEngine on
# TODO-Caddy {% if ssl_proxy_verify -%}
# TODO-Caddy {% if 'ssl_proxy_ca_crt' in slave_parameter -%}
# Only accept generic (i.e not Zope) backends on http
{{ http_host_list|join(', ') }} {
bind {{ local_ipv4 }}
# TODO-Caddy bind {{ local_ipv6 }}
# Rewrite part
proxy / {{ slave_parameter.get('backend_url', '') }} {
transparent
timeout 600s
{%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
# TODO-Caddy {% endif %}
# TODO-Caddy SSLProxyVerify require
# TODO-Caddy #SSLProxyCheckPeerCN on
# TODO-Caddy SSLProxyCheckPeerExpire on
# TODO-Caddy {% endif %}
# TODO-Caddy # Rewrite part
# TODO-Caddy ProxyPreserveHost On
# TODO-Caddy ProxyTimeout 600
# TODO-Caddy RewriteEngine On
# TODO-Caddy
# TODO-Caddy RewriteRule ^/(.*)$ {{ slave_parameter.get('backend_url', '') }}/$1 [L,P]
# TODO-Caddy </VirtualHost>
# Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%- endif %}
{%- else %}
insecure_skip_verify
{%- endif %}
}
}
# TODO-Caddy <VirtualHost *:{{ ssl_cached_port }}>
# TODO-Caddy ServerName {{ slave_parameter.get('custom_domain') }}
# TODO-Caddy {%- for server_alias in server_alias_list %}
# TODO-Caddy ServerAlias {{ server_alias }}
# TODO-Caddy {% endfor %}
# TODO-Caddy SSLProxyEngine on
# TODO-Caddy
# TODO-Caddy {% if ssl_proxy_verify -%}
# TODO-Caddy {% if 'ssl_proxy_ca_crt' in slave_parameter -%}
{{ https_host_list|join(', ') }} {
bind {{ local_ipv4 }}
# TODO-Caddy bind {{ local_ipv6 }}
## tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }}
proxy / {{ slave_parameter.get('https_backend_url', '') }} {
transparent
timeout 600s
{%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
# TODO-Caddy {% endif %}
# TODO-Caddy SSLProxyVerify require
# TODO-Caddy #SSLProxyCheckPeerCN on
# TODO-Caddy SSLProxyCheckPeerExpire on
# TODO-Caddy {% endif %}
# TODO-Caddy # Rewrite part
# TODO-Caddy ProxyPreserveHost On
# TODO-Caddy ProxyTimeout 600
# TODO-Caddy RewriteEngine On
# TODO-Caddy
# TODO-Caddy RewriteRule ^/(.*)$ {{ slave_parameter.get('https_backend_url', '') }}/$1 [L,P]
# TODO-Caddy </VirtualHost>
# TODO-Caddy
# Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%- endif %}
{%- else %}
insecure_skip_verify
{%- endif %}
}
}
......@@ -39,15 +39,6 @@
# TODO-Caddy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
# TODO-Caddy SSLHonorCipherOrder on
{% if disable_via_header %}
# TODO-Caddy Header unset Via
{% endif -%}
{% if disable_no_cache_header %}
# TODO-Caddy RequestHeader unset Cache-Control
# TODO-Caddy RequestHeader unset Pragma
{% endif -%}
{%- for disabled_cookie in disabled_cookie_list %}
# TODO-Caddy {{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{% endfor -%}
......@@ -58,6 +49,14 @@
{% if slave_type == 'zope' and backend_url -%}
proxy / {{ backend_url }} {
{% if disable_via_header %}
header_downstream -Via
{% endif -%}
{% if disable_no_cache_header %}
header_upstream -Cache-Control
header_upstream -Pragma
{% endif -%}
transparent
timeout 600s
{%- if ssl_proxy_verify %}
......@@ -92,6 +91,14 @@
{% endif -%}
{%- if backend_url %}
proxy / {{ backend_url }} {
{% if disable_via_header %}
header_downstream -Via
{% endif -%}
{% if disable_no_cache_header %}
header_upstream -Cache-Control
header_upstream -Pragma
{% endif -%}
transparent
timeout 600s
{%- if ssl_proxy_verify %}
......@@ -145,6 +152,14 @@
}
{% elif slave_type == 'zope' and backend_url -%}
proxy / {{ backend_url }} {
{% if disable_via_header %}
header_downstream -Via
{% endif -%}
{% if disable_no_cache_header %}
header_upstream -Cache-Control
header_upstream -Pragma
{% endif -%}
transparent
timeout 600s
{%- if ssl_proxy_verify %}
......@@ -175,6 +190,14 @@
{% endif -%}
{%- if slave_parameter.get('url', '') %}
proxy / {{ slave_parameter.get('url', '') }} {
{% if disable_via_header %}
header_downstream -Via
{% endif -%}
{% if disable_no_cache_header %}
header_upstream -Cache-Control
header_upstream -Pragma
{% endif -%}
transparent
timeout 600s
{%- if ssl_proxy_verify %}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment