Commit 3f1bbc7a authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Minimal working implementation

parent dd7dbf87
...@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e ...@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg filename = instance-apache-frontend.cfg
md5sum = 38243a38c6d33c19efe30544854f91a2 md5sum = 60aed3fdbdc2b33b804410542198304a
[template-apache-replicate] [template-apache-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
...@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913 ...@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913
[template-slave-list] [template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = b016f416ce5390213afef56c4a41aaa1 md5sum = e05e056b34a5e903932833c1cf20a048
[template-slave-configuration] [template-slave-configuration]
filename = templates/custom-virtualhost.conf.in filename = templates/custom-virtualhost.conf.in
...@@ -43,7 +43,7 @@ md5sum = d1a7a759aa2801c96ecf4445a33203f2 ...@@ -43,7 +43,7 @@ md5sum = d1a7a759aa2801c96ecf4445a33203f2
[template-custom-slave-list] [template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = b016f416ce5390213afef56c4a41aaa1 md5sum = e05e056b34a5e903932833c1cf20a048
[template-not-found-html] [template-not-found-html]
filename = templates/notfound.html filename = templates/notfound.html
...@@ -55,7 +55,7 @@ md5sum = 4dbb8560e4de1af2a0706b020e713fe7 ...@@ -55,7 +55,7 @@ md5sum = 4dbb8560e4de1af2a0706b020e713fe7
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = b302fc0a44ffac068902b1fb37c96bd7 md5sum = 41f2c8bc8972f777becbf1cb588276ac
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
......
...@@ -192,6 +192,7 @@ extra-context = ...@@ -192,6 +192,7 @@ extra-context =
key custom_ssl_directory caddy-directory:vh-ssl key custom_ssl_directory caddy-directory:vh-ssl
key apache_log_directory caddy-directory:slave-log key apache_log_directory caddy-directory:slave-log
key local_ipv4 instance-parameter:ipv4-random key local_ipv4 instance-parameter:ipv4-random
key local_ipv6 instance-parameter:ipv6-random
key global_ipv6 slap-network-information:global-ipv6 key global_ipv6 slap-network-information:global-ipv6
key varnginx directory:varnginx key varnginx directory:varnginx
key empty_template software-release-path:template-empty key empty_template software-release-path:template-empty
...@@ -210,6 +211,9 @@ extra-context = ...@@ -210,6 +211,9 @@ extra-context =
key promise_directory monitor-directory:promises key promise_directory monitor-directory:promises
key report_directory monitor-directory:reports key report_directory monitor-directory:reports
raw bin_directory ${buildout:bin-directory} raw bin_directory ${buildout:bin-directory}
key login_certificate ca-frontend:cert-file
key login_key ca-frontend:key-file
key login_ca_crt ca-custom-frontend:rendered
[dynamic-virtualhost-template-slave] [dynamic-virtualhost-template-slave]
<= jinja2-template-base <= jinja2-template-base
......
...@@ -162,6 +162,10 @@ value = {{ dumps(slave_instance.get(cert_name)) }} ...@@ -162,6 +162,10 @@ value = {{ dumps(slave_instance.get(cert_name)) }}
{% endif -%} {% endif -%}
{% endfor -%} {% endfor -%}
{#- Set Up Certs #}
{%- do slave_instance.__setitem__('login_certificate', login_certificate) %}
{%- do slave_instance.__setitem__('login_key', login_key) %}
{%- do slave_instance.__setitem__('login_ca_crt', login_ca_crt) %}
{% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance -%} {% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance -%}
{% set cert_title = '%s-crt' % (slave_reference) -%} {% set cert_title = '%s-crt' % (slave_reference) -%}
{% set key_title = '%s-key' % (slave_reference) -%} {% set key_title = '%s-key' % (slave_reference) -%}
...@@ -228,6 +232,7 @@ extra-context = ...@@ -228,6 +232,7 @@ extra-context =
raw local_ipv4 {{ local_ipv4 }} raw local_ipv4 {{ local_ipv4 }}
raw nginx_http_port {{ nginx_http_port }} raw nginx_http_port {{ nginx_http_port }}
raw nginx_https_port {{ nginx_https_port }} raw nginx_https_port {{ nginx_https_port }}
raw local_ipv6 {{ local_ipv6 }}
section slave_parameter {{ slave_configuration_section_name }} section slave_parameter {{ slave_configuration_section_name }}
{{ '\n' }} {{ '\n' }}
......
...@@ -8,21 +8,27 @@ ...@@ -8,21 +8,27 @@
{%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() -%} {%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() -%}
{%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%} {%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
{%- set slave_type = slave_parameter.get('type', '') -%} {%- set slave_type = slave_parameter.get('type', '') -%}
{%- set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'), {%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%}
('SSLCertificateKeyFile', 'path_to_ssl_key'), {%- set http_host_list = [] %}
('SSLCACertificateFile', 'path_to_ssl_ca_crt'), {%- set https_host_list = [] %}
('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%} {%- for host in host_list %}
{%- do http_host_list.append('http://%s:%s' % (host, http_port)) %}
# TODO-Caddy <VirtualHost *:{{ https_port }}> {%- do https_host_list.append('https://%s:%s' % (host, https_port)) %}
# TODO-Caddy ServerName {{ slave_parameter.get('custom_domain') }} {%- endfor %}
# TODO-Caddy ServerAlias {{ slave_parameter.get('custom_domain') }} {{ https_host_list|join(', ') }} {
bind {{ local_ipv4 }}
{%- for server_alias in server_alias_list %} # TODO-Caddy bind {{ local_ipv6 }}
# TODO-Caddy ServerAlias {{ server_alias }} tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} {
{% endfor %} {%- if slave_parameter.get('path_to_ssl_ca_crt') %}
clients {{ slave_parameter.get('path_to_ssl_ca_crt') }}
{%- endif %}
}
# TODO-Caddy # One Slave two logs
# TODO-Caddy LogLevel notice
# TODO-Caddy LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
log / {{ slave_parameter.get('access_log') }} {combined}
errors {{ slave_parameter.get('error_log') }}
# TODO-Caddy SSLEngine on
# TODO-Caddy SSLProxyEngine on
{% if ssl_proxy_verify -%} {% if ssl_proxy_verify -%}
{% if 'ssl_proxy_ca_crt' in slave_parameter -%} {% if 'ssl_proxy_ca_crt' in slave_parameter -%}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }} # TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
...@@ -39,18 +45,6 @@ ...@@ -39,18 +45,6 @@
# TODO-Caddy Protocols h2 http/1.1 # TODO-Caddy Protocols h2 http/1.1
{% endif -%} {% endif -%}
{% for key, value in ssl_configuration_list -%}
{% if value in slave_parameter -%}
# TODO-Caddy {{ ' %s' % key }} {{ slave_parameter.get(value) }}
{% endif -%}
{% endfor -%}
# TODO-Caddy # One Slave two logs
# TODO-Caddy ErrorLog "{{ slave_parameter.get('error_log') }}"
# TODO-Caddy LogLevel notice
# TODO-Caddy LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
# TODO-Caddy CustomLog "{{ slave_parameter.get('access_log') }}" combined
# TODO-Caddy # Rewrite part # TODO-Caddy # Rewrite part
# TODO-Caddy ProxyPreserveHost On # TODO-Caddy ProxyPreserveHost On
# TODO-Caddy ProxyTimeout 600 # TODO-Caddy ProxyTimeout 600
...@@ -85,21 +79,27 @@ ...@@ -85,21 +79,27 @@
# TODO-Caddy RewriteRule (.*) {{ slave_parameter.get('https-url', slave_parameter.get('url', ''))}}$1 [R,L] # TODO-Caddy RewriteRule (.*) {{ slave_parameter.get('https-url', slave_parameter.get('url', ''))}}$1 [R,L]
{% else -%} {% else -%}
{% if 'default-path' in slave_parameter %} {% if 'default-path' in slave_parameter %}
# TODO-Caddy RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L] redir 301 {
if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }}
}
{% endif -%} {% endif -%}
# TODO-Caddy RewriteRule ^/(.*)$ {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }}/$1 [L,P] proxy / {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }} {
transparent
{%- if not ssl_proxy_verify %}
insecure_skip_verify
{%- endif %}
}
{% endif -%} {% endif -%}
# TODO-Caddy </VirtualHost> }
# TODO-Caddy <VirtualHost *:{{ http_port }}> {{ http_host_list|join(', ') }} {
# TODO-Caddy ServerName {{ slave_parameter.get('custom_domain') }} bind {{ local_ipv4 }}
# TODO-Caddy ServerAlias {{ slave_parameter.get('custom_domain') }} # TODO-Caddy bind {{ local_ipv6 }}
{%- for server_alias in server_alias_list %} log / {{ slave_parameter.get('access_log') }} {combined}
# TODO-Caddy ServerAlias {{ server_alias }} errors {{ slave_parameter.get('error_log') }}
{% endfor %}
# TODO-Caddy SSLProxyEngine on
{% if ssl_proxy_verify -%} {% if ssl_proxy_verify -%}
{% if 'ssl_proxy_ca_crt' in slave_parameter -%} {% if 'ssl_proxy_ca_crt' in slave_parameter -%}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }} # TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
...@@ -118,10 +118,8 @@ ...@@ -118,10 +118,8 @@
# TODO-Caddy RewriteEngine On # TODO-Caddy RewriteEngine On
# TODO-Caddy # One Slave two logs # TODO-Caddy # One Slave two logs
# TODO-Caddy ErrorLog "{{ slave_parameter.get('error_log') }}"
# TODO-Caddy LogLevel notice # TODO-Caddy LogLevel notice
# TODO-Caddy LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined # TODO-Caddy LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
# TODO-Caddy CustomLog "{{ slave_parameter.get('access_log') }}" combined
# TODO-Caddy # Remove "Secure" from cookies, as backend may be https # TODO-Caddy # Remove "Secure" from cookies, as backend may be https
# TODO-Caddy Header edit Set-Cookie "(?i)^(.+);secure$" "$1" # TODO-Caddy Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
...@@ -143,13 +141,8 @@ ...@@ -143,13 +141,8 @@
# TODO-Caddy RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip" # TODO-Caddy RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
{% endif %} {% endif %}
# Next line is forbidden and people who copy it will be hanged short {%- if https_only %}
{% if https_only -%} redir / https://{host}{uri}
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
# TODO-Caddy RewriteCond %{SERVER_PORT} !^{{ https_port }}$
# TODO-Caddy RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
{% elif slave_type == 'redirect' -%} {% elif slave_type == 'redirect' -%}
# TODO-Caddy RewriteRule (.*) {{slave_parameter.get('url', '')}}$1 [R,L] # TODO-Caddy RewriteRule (.*) {{slave_parameter.get('url', '')}}$1 [R,L]
{% elif slave_type == 'zope' -%} {% elif slave_type == 'zope' -%}
...@@ -162,12 +155,19 @@ ...@@ -162,12 +155,19 @@
# TODO-Caddy RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http/%{SERVER_NAME}:{{ slave_parameter.get('virtualhostroot-http-port', '80') }}/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P] # TODO-Caddy RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http/%{SERVER_NAME}:{{ slave_parameter.get('virtualhostroot-http-port', '80') }}/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
{% else -%} {% else -%}
{% if 'default-path' in slave_parameter %} {% if 'default-path' in slave_parameter %}
# TODO-Caddy RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L] redir 301 {
if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }}
}
{% endif -%} {% endif -%}
# TODO-Caddy RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P] proxy / {{ slave_parameter.get('url', '') }} {
transparent
{%- if not ssl_proxy_verify %}
insecure_skip_verify
{%- endif %}
}
{% endif -%} {% endif -%}
# If nothing exist : put a nice error # If nothing exist : put a nice error
# ErrorDocument 404 /notfound.html # ErrorDocument 404 /notfound.html
# Dadiboom # Dadiboom
}
# TODO-Caddy </VirtualHost>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment