Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos-caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Guillaume Hervier
slapos-caddy
Commits
3f1bbc7a
Commit
3f1bbc7a
authored
May 11, 2018
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
caddy-frontend: Minimal working implementation
parent
dd7dbf87
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
62 additions
and
53 deletions
+62
-53
software/caddy-frontend/buildout.hash.cfg
software/caddy-frontend/buildout.hash.cfg
+4
-4
software/caddy-frontend/instance-apache-frontend.cfg
software/caddy-frontend/instance-apache-frontend.cfg
+4
-0
software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
.../caddy-frontend/templates/apache-custom-slave-list.cfg.in
+5
-0
software/caddy-frontend/templates/default-virtualhost.conf.in
...ware/caddy-frontend/templates/default-virtualhost.conf.in
+49
-49
No files found.
software/caddy-frontend/buildout.hash.cfg
View file @
3f1bbc7a
...
...
@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
[template-apache-frontend]
filename = instance-apache-frontend.cfg
md5sum =
38243a38c6d33c19efe30544854f91a2
md5sum =
60aed3fdbdc2b33b804410542198304a
[template-apache-replicate]
filename = instance-apache-replicate.cfg.in
...
...
@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913
[template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
md5sum =
b016f416ce5390213afef56c4a41aaa1
md5sum =
e05e056b34a5e903932833c1cf20a048
[template-slave-configuration]
filename = templates/custom-virtualhost.conf.in
...
...
@@ -43,7 +43,7 @@ md5sum = d1a7a759aa2801c96ecf4445a33203f2
[template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
md5sum =
b016f416ce5390213afef56c4a41aaa1
md5sum =
e05e056b34a5e903932833c1cf20a048
[template-not-found-html]
filename = templates/notfound.html
...
...
@@ -55,7 +55,7 @@ md5sum = 4dbb8560e4de1af2a0706b020e713fe7
[template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in
md5sum =
b302fc0a44ffac068902b1fb37c96bd7
md5sum =
41f2c8bc8972f777becbf1cb588276ac
[template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in
...
...
software/caddy-frontend/instance-apache-frontend.cfg
View file @
3f1bbc7a
...
...
@@ -192,6 +192,7 @@ extra-context =
key custom_ssl_directory caddy-directory:vh-ssl
key apache_log_directory caddy-directory:slave-log
key local_ipv4 instance-parameter:ipv4-random
key local_ipv6 instance-parameter:ipv6-random
key global_ipv6 slap-network-information:global-ipv6
key varnginx directory:varnginx
key empty_template software-release-path:template-empty
...
...
@@ -210,6 +211,9 @@ extra-context =
key promise_directory monitor-directory:promises
key report_directory monitor-directory:reports
raw bin_directory ${buildout:bin-directory}
key login_certificate ca-frontend:cert-file
key login_key ca-frontend:key-file
key login_ca_crt ca-custom-frontend:rendered
[dynamic-virtualhost-template-slave]
<= jinja2-template-base
...
...
software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
View file @
3f1bbc7a
...
...
@@ -162,6 +162,10 @@ value = {{ dumps(slave_instance.get(cert_name)) }}
{% endif -%}
{% endfor -%}
{#- Set Up Certs #}
{%- do slave_instance.__setitem__('login_certificate', login_certificate) %}
{%- do slave_instance.__setitem__('login_key', login_key) %}
{%- do slave_instance.__setitem__('login_ca_crt', login_ca_crt) %}
{% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance -%}
{% set cert_title = '%s-crt' % (slave_reference) -%}
{% set key_title = '%s-key' % (slave_reference) -%}
...
...
@@ -228,6 +232,7 @@ extra-context =
raw local_ipv4 {{ local_ipv4 }}
raw nginx_http_port {{ nginx_http_port }}
raw nginx_https_port {{ nginx_https_port }}
raw local_ipv6 {{ local_ipv6 }}
section slave_parameter {{ slave_configuration_section_name }}
{{ '\n' }}
...
...
software/caddy-frontend/templates/default-virtualhost.conf.in
View file @
3f1bbc7a
...
...
@@ -8,21 +8,27 @@
{%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() -%}
{%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
{%- set slave_type = slave_parameter.get('type', '') -%}
{%- set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
('SSLCertificateKeyFile', 'path_to_ssl_key'),
('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
# TODO-Caddy <VirtualHost *:{{ https_port }}>
# TODO-Caddy ServerName {{ slave_parameter.get('custom_domain') }}
# TODO-Caddy ServerAlias {{ slave_parameter.get('custom_domain') }}
{%- for server_alias in server_alias_list %}
# TODO-Caddy ServerAlias {{ server_alias }}
{% endfor %}
{%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%}
{%- set http_host_list = [] %}
{%- set https_host_list = [] %}
{%- for host in host_list %}
{%- do http_host_list.append('http://%s:%s' % (host, http_port)) %}
{%- do https_host_list.append('https://%s:%s' % (host, https_port)) %}
{%- endfor %}
{{ https_host_list|join(', ') }} {
bind {{ local_ipv4 }}
# TODO-Caddy bind {{ local_ipv6 }}
tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} {
{%- if slave_parameter.get('path_to_ssl_ca_crt') %}
clients {{ slave_parameter.get('path_to_ssl_ca_crt') }}
{%- endif %}
}
# TODO-Caddy # One Slave two logs
# TODO-Caddy LogLevel notice
# TODO-Caddy LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
log / {{ slave_parameter.get('access_log') }} {combined}
errors {{ slave_parameter.get('error_log') }}
# TODO-Caddy SSLEngine on
# TODO-Caddy SSLProxyEngine on
{% if ssl_proxy_verify -%}
{% if 'ssl_proxy_ca_crt' in slave_parameter -%}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
...
...
@@ -39,18 +45,6 @@
# TODO-Caddy Protocols h2 http/1.1
{% endif -%}
{% for key, value in ssl_configuration_list -%}
{% if value in slave_parameter -%}
# TODO-Caddy {{ ' %s' % key }} {{ slave_parameter.get(value) }}
{% endif -%}
{% endfor -%}
# TODO-Caddy # One Slave two logs
# TODO-Caddy ErrorLog "{{ slave_parameter.get('error_log') }}"
# TODO-Caddy LogLevel notice
# TODO-Caddy LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
# TODO-Caddy CustomLog "{{ slave_parameter.get('access_log') }}" combined
# TODO-Caddy # Rewrite part
# TODO-Caddy ProxyPreserveHost On
# TODO-Caddy ProxyTimeout 600
...
...
@@ -85,21 +79,27 @@
# TODO-Caddy RewriteRule (.*) {{ slave_parameter.get('https-url', slave_parameter.get('url', ''))}}$1 [R,L]
{% else -%}
{% if 'default-path' in slave_parameter %}
# TODO-Caddy RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
redir 301 {
if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }}
}
{% endif -%}
# TODO-Caddy RewriteRule ^/(.*)$ {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }}/$1 [L,P]
proxy / {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }} {
transparent
{%- if not ssl_proxy_verify %}
insecure_skip_verify
{%- endif %}
}
{% endif -%}
# TODO-Caddy </VirtualHost>
}
# TODO-Caddy <VirtualHost *:{{ http_port }}>
# TODO-Caddy ServerName {{ slave_parameter.get('custom_domain')
}}
# TODO-Caddy
ServerAlias {{ slave_parameter.get('custom_domain')
}}
{{ http_host_list|join(', ') }} {
bind {{ local_ipv4
}}
# TODO-Caddy
bind {{ local_ipv6
}}
{%- for server_alias in server_alias_list %}
# TODO-Caddy ServerAlias {{ server_alias }}
{% endfor %}
log / {{ slave_parameter.get('access_log') }} {combined}
errors {{ slave_parameter.get('error_log') }}
# TODO-Caddy SSLProxyEngine on
{% if ssl_proxy_verify -%}
{% if 'ssl_proxy_ca_crt' in slave_parameter -%}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
...
...
@@ -118,10 +118,8 @@
# TODO-Caddy RewriteEngine On
# TODO-Caddy # One Slave two logs
# TODO-Caddy ErrorLog "{{ slave_parameter.get('error_log') }}"
# TODO-Caddy LogLevel notice
# TODO-Caddy LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
# TODO-Caddy CustomLog "{{ slave_parameter.get('access_log') }}" combined
# TODO-Caddy # Remove "Secure" from cookies, as backend may be https
# TODO-Caddy Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
...
...
@@ -143,13 +141,8 @@
# TODO-Caddy RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
{% endif %}
# Next line is forbidden and people who copy it will be hanged short
{% if https_only -%}
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
# TODO-Caddy RewriteCond %{SERVER_PORT} !^{{ https_port }}$
# TODO-Caddy RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
{%- if https_only %}
redir / https://{host}{uri}
{% elif slave_type == 'redirect' -%}
# TODO-Caddy RewriteRule (.*) {{slave_parameter.get('url', '')}}$1 [R,L]
{% elif slave_type == 'zope' -%}
...
...
@@ -162,12 +155,19 @@
# TODO-Caddy RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http/%{SERVER_NAME}:{{ slave_parameter.get('virtualhostroot-http-port', '80') }}/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
{% else -%}
{% if 'default-path' in slave_parameter %}
# TODO-Caddy RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
redir 301 {
if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }}
}
{% endif -%}
# TODO-Caddy RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
proxy / {{ slave_parameter.get('url', '') }} {
transparent
{%- if not ssl_proxy_verify %}
insecure_skip_verify
{%- endif %}
}
{% endif -%}
# If nothing exist : put a nice error
# ErrorDocument 404 /notfound.html
# Dadiboom
# TODO-Caddy </VirtualHost>
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment