caddy-frontend: Implement /server-status hook

14ea9108 · Łukasz Nowak · 842e044e · 14ea9108 · 14ea9108 · 14ea9108
Commit 14ea9108 authored Jun 01, 2018 by Łukasz Nowak
5 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e

 [template-apache-frontend]
 filename = instance-apache-frontend.cfg
-md5sum = d4eb1cf0ceb223ec07337d48c8f8c388
+md5sum = af5cfa38ce547668963769cad61a5ae0

 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -39,7 +39,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e

 [template-caddy-frontend-configuration]
 filename = templates/Caddyfile.in
-md5sum = edfdd21d712f4ba4c2e1fcb9ea096554
+md5sum = 70aa99bcab47d0c19737fc62d5c3dedf

 [template-custom-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
@@ -49,10 +49,6 @@ md5sum = c28797d929eab286cada3a4891ba5de0
 filename = templates/notfound.html
 md5sum = f20d6c3d2d94fb685f8d26dfca1e822b

-[template-default-virtualhost]
-filename = templates/000.conf.in
-md5sum = 88a31d5a26c26408443fa5c2550ff8ac
-
 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
 md5sum = bb80ef5a195b841a071c7104544ae776

--- a/software/caddy-frontend/common.cfg
+++ b/software/caddy-frontend/common.cfg
@@ -80,10 +80,6 @@ filename = apache-default-slave-list.cfg.in
 <=download-template
 filename = notfound.html

-[template-default-virtualhost]
-<=download-template
-filename = 000.conf.in
-
 [template-default-slave-virtualhost]
 <=download-template
 filename = default-virtualhost.conf.in

--- a/software/caddy-frontend/instance-apache-frontend.cfg
+++ b/software/caddy-frontend/instance-apache-frontend.cfg
@@ -13,7 +13,6 @@ parts =
  switch-apache-softwaretype
  frontend-caddy-graceful
  frontend-nginx-graceful
-  dynamic-template-default-vh
  not-found-html
  promise-frontend-apache-configuration
  promise-apache-frontend-v4-https
@@ -146,19 +145,6 @@ context =
    section directory directory
    $${:extra-context}

-[dynamic-template-default-vh]
-< = jinja2-template-base
-template = ${template-default-virtualhost:target}
-rendered = $${caddy-directory:slave-configuration}/000.conf
-extensions = jinja2.ext.do
-extra-context =
-    key http_port instance-parameter:configuration.plain_http_port
-    key https_port instance-parameter:configuration.port
-    key login_certificate ca-frontend:cert-file
-    key login_key ca-frontend:key-file
-    key login_ca_crt ca-custom-frontend:rendered
-    key ipv4_addr instance-parameter:ipv4-random
-
 [software-release-path]
 template-empty = ${template-empty:target}
 template-slave-configuration = ${template-slave-configuration:target}
@@ -235,7 +221,6 @@ extra-context =
    key httpd_mod_ssl_cache_directory caddy-directory:mod-ssl
    key document_root caddy-directory:document-root
    key instance_home buildout:directory
-    key ipv4_addr instance-parameter:ipv4-random
    key server_admin instance-parameter:configuration.server-admin
    key protected_path apache-configuration:protected-path
    key access_control_string apache-configuration:access-control-string
@@ -250,6 +235,13 @@ extra-context =
    key ssl_cached_port apache-configuration:ssl-cache-through-port
    key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
    section frontend_configuration frontend-configuration
+    key http_port instance-parameter:configuration.plain_http_port
+    key https_port instance-parameter:configuration.port
+    key local_ipv4 instance-parameter:ipv4-random
+    key global_ipv6 slap-network-information:global-ipv6
+    key error_log apache-configuration:error-log
+    key username slap-parameter:monitor-username
+    key password slap-parameter:monitor-password

 [caddy-wrapper]
 < = jinja2-template-base

--- a/software/caddy-frontend/templates/000.conf.in
+++ b/software/caddy-frontend/templates/000.conf.in
-https://www.example.org:{{ https_port }} {
-  tls {{ login_certificate }} {{ login_key }}
-  bind {{ ipv4_addr }}
-status 404 /
-# TODO-Caddy   SSLEngine on
-# TODO-Caddy   SSLProxyEngine on
-# TODO-Caddy   SSLProtocol all -SSLv2 -SSLv3
-# TODO-Caddy   SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
-# TODO-Caddy   SSLHonorCipherOrder on
-# TODO-Caddy 
-# TODO-Caddy   # Rewrite part
-# TODO-Caddy   ProxyPreserveHost On
-# TODO-Caddy   ProxyTimeout 600
-# TODO-Caddy   RewriteEngine On
-# TODO-Caddy 
-# TODO-Caddy   ErrorDocument 404 /notfound.html
-# TODO-Caddy 
-}
-
-http://www.example.org:{{ http_port }} {
-  bind {{ ipv4_addr }}
-status 404 /
-}
--- a/software/caddy-frontend/templates/Caddyfile.in
+++ b/software/caddy-frontend/templates/Caddyfile.in
@@ -6,9 +6,9 @@
 #ServerRoot {{ instance_home }}


-# TODO-Caddy {{ "Listen %s:%s" % (ipv4_addr, cached_port)  }}
-# TODO-Caddy {{ "Listen %s:%s" % (ipv4_addr, ssl_cached_port)  }}
-# TODO-Caddy per site bind {{ ipv4_addr }}
+# TODO-Caddy {{ "Listen %s:%s" % (local_ipv4, cached_port)  }}
+# TODO-Caddy {{ "Listen %s:%s" % (local_ipv4, ssl_cached_port)  }}
+# TODO-Caddy per site bind {{ local_ipv4 }}

 # TODO-Caddy ServerAdmin {{ server_admin }}
 # TODO-Caddy TypesConfig {{ httpd_home }}/conf/mime.types
@@ -23,13 +23,6 @@
 # Disable TRACE Method
 # TODO-Caddy TraceEnable off

-# Log configuration
-# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b" common
-# CustomLog "{{ access_log }}" common
-# TODO-Caddy LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
-# TODO-Caddy CustomLog "{{ access_log }}" combined
-
 # TODO-Caddy <Directory {{ protected_path }}>
 # TODO-Caddy   Order Deny,Allow
 # TODO-Caddy   Allow from {{ access_control_string }}
@@ -98,26 +91,6 @@
 # TODO-Caddy BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully


-# TODO-Caddy ExtendedStatus On
-# TODO-Caddy <Location /server-status>
-# TODO-Caddy     SetHandler server-status
-# TODO-Caddy     Order Deny,Allow
-# TODO-Caddy     Deny from all
-# TODO-Caddy     Allow from All
-# TODO-Caddy 
-# TODO-Caddy     AuthType basic
-# TODO-Caddy     AuthName "Apache Server Status"
-# TODO-Caddy     AuthBasicProvider file
-# TODO-Caddy     AuthUserFile {{ instance_home }}/etc/monitor-htpasswd
-# TODO-Caddy     Require valid-user
-# TODO-Caddy </Location>
-
-# TODO-Caddy ServerLimit {{ slapparameter_dict.get('mpm-server-limit', '16') }}
-# TODO-Caddy MaxClients {{ slapparameter_dict.get('mpm-max-clients', '400') }}
-# TODO-Caddy StartServers {{ slapparameter_dict.get('mpm-start-servers', '3') }}
-# TODO-Caddy ThreadsPerChild {{ slapparameter_dict.get('mpm-thread-per-child', '25') }}
-#MaxRequestsPerChild 0 // Default value is 0
-
 # Deflate
 # TODO-Caddy AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
 # TODO-Caddy BrowserMatch ^Mozilla/4 gzip-only-text/html
@@ -125,17 +98,9 @@
 # TODO-Caddy BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

 # SSL Configuration
-# TODO-Caddy SSLCertificateFile {{ login_certificate }}
-# TODO-Caddy SSLCertificateKeyFile {{ login_key }}
 # TODO-Caddy {% if slapparameter_dict.get('apache-ca-certificate') %}
 # TODO-Caddy SSLCACertificateFile {{ login_ca_crt }}
 # TODO-Caddy {% endif %}
-# TODO-Caddy SSLRandomSeed startup builtin
-# TODO-Caddy SSLRandomSeed connect builtin
-# TODO-Caddy SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
-# TODO-Caddy SSLSessionCacheTimeout  300
-# TODO-Caddy SSLRandomSeed startup /dev/urandom 256
-# TODO-Caddy SSLRandomSeed connect builtin
 # TODO-Caddy SSLProtocol all -SSLv2 -SSLv3
 # TODO-Caddy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
 # TODO-Caddy SSLHonorCipherOrder on
@@ -150,5 +115,39 @@ import {{frontend_configuration.get('log-access-configuration')}}
 import {{ slave_configuration_directory }}/*.conf
 import {{ slave_with_cache_configuration_directory }}/*.conf

+https://[{{ global_ipv6 }}]:{{ https_port }}/, https://{{ local_ipv4 }}:{{ https_port }}/ {
+  tls {{ login_certificate }} {{ login_key }}
+  bind {{ local_ipv4 }}
+  status 404 /
+# TODO-Caddy   LogLevel notice
+# TODO-Caddy   LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+  log / {{ access_log }} {combined}
+  errors {{ error_log }}
+}
+
+https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {
+  tls {{ login_certificate }} {{ login_key }}
+  bind {{ local_ipv4 }}
+  basicauth "{{ username }}" {{ password }} {
+    "Server Status"
+    /
+  }
+  expvar
+  pprof
+# TODO-Caddy   LogLevel notice
+# TODO-Caddy   LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+  log / {{ access_log }} {combined}
+  errors {{ error_log }}
+}
+
+http://[{{ global_ipv6 }}]:{{ http_port }}/, http://{{ local_ipv4 }}:{{ http_port }}/ {
+  bind {{ local_ipv4 }}
+  status 404 /
+# TODO-Caddy   LogLevel notice
+# TODO-Caddy   LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+  log / {{ access_log }} {combined}
+  errors {{ error_log }}
+}
+
 # TODO-Caddy ErrorDocument 404 /notfound.html
 # TODO-Caddy RewriteRule (.*) /notfound.html [R=404,L]