Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos-caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Guillaume Hervier
slapos-caddy
Commits
524c2b7f
Commit
524c2b7f
authored
Apr 02, 2013
by
Cédric de Saint Martin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add https-only support.
parent
253b111d
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
56 additions
and
16 deletions
+56
-16
slapos/recipe/apache_frontend/__init__.py
slapos/recipe/apache_frontend/__init__.py
+39
-15
slapos/recipe/apache_frontend/template/apache.conf.in
slapos/recipe/apache_frontend/template/apache.conf.in
+10
-1
software/apache-frontend/README.apache_frontend.txt
software/apache-frontend/README.apache_frontend.txt
+7
-0
No files found.
slapos/recipe/apache_frontend/__init__.py
View file @
524c2b7f
...
...
@@ -73,6 +73,7 @@ class Recipe(BaseSlapRecipe):
self
.
path_list
.
append
(
self
.
killpidfromfile
)
rewrite_rule_list
=
[]
rewrite_rule_https_only_list
=
[]
rewrite_rule_zope_list
=
[]
rewrite_rule_zope_path_list
=
[]
slave_dict
=
{}
...
...
@@ -92,9 +93,13 @@ class Recipe(BaseSlapRecipe):
enable_cache
=
slave_instance
.
get
(
'enable_cache'
,
''
).
lower
()
in
TRUE_VALUES
slave_type
=
slave_instance
.
get
(
'type'
,
''
).
lower
()
or
None
https_only
=
slave_instance
.
get
(
'https-only'
,
''
).
lower
()
in
TRUE_VALUES
# Set scheme (http? https?)
# Future work may allow to choose between http and https (or both?)
scheme
=
'http://'
if
https_only
:
scheme
=
'https://'
else
:
scheme
=
'http://'
self
.
logger
.
info
(
'Processing slave instance: %s'
%
reference
)
...
...
@@ -136,6 +141,10 @@ class Recipe(BaseSlapRecipe):
rewrite_rule
=
"%s %s"
%
(
domain
,
backend_url
)
# Finally, if successful, we add the rewrite rule to our list of rules
# We have 4 RewriteMaps:
# - One for generic (non-zope) websites, accepting both HTTP and HTTPS
# - One for generic websites that only accept HTTPS
# - Two for Zope-based websites
if
rewrite_rule
:
# We check if we have a zope slave. It requires different rewrite
# rule structure.
...
...
@@ -147,7 +156,10 @@ class Recipe(BaseSlapRecipe):
rewrite_rule_path
=
"%s %s"
%
(
domain
,
slave_instance
.
get
(
'path'
,
''
))
rewrite_rule_zope_path_list
.
append
(
rewrite_rule_path
)
else
:
rewrite_rule_list
.
append
(
rewrite_rule
)
if
https_only
:
rewrite_rule_https_only_list
.
append
(
rewrite_rule
)
else
:
rewrite_rule_list
.
append
(
rewrite_rule
)
# Certificate stuff
valid_certificate_str
=
self
.
parameter_dict
.
get
(
"domain_ssl_ca_cert"
)
...
...
@@ -179,6 +191,7 @@ class Recipe(BaseSlapRecipe):
plain_http_port
=
frontend_plain_http_port_number
,
name
=
frontend_domain_name
,
rewrite_rule_list
=
rewrite_rule_list
,
rewrite_rule_https_only_list
=
rewrite_rule_https_only_list
,
rewrite_rule_zope_list
=
rewrite_rule_zope_list
,
rewrite_rule_zope_path_list
=
rewrite_rule_zope_path_list
,
key
=
key
,
certificate
=
certificate
)
...
...
@@ -510,10 +523,13 @@ class Recipe(BaseSlapRecipe):
port
=
4443
,
plain_http_port
=
8080
,
rewrite_rule_list
=
None
,
rewrite_rule_zope_list
=
None
,
rewrite_rule_https_only_list
=
None
,
rewrite_rule_zope_path_list
=
None
,
access_control_string
=
None
):
if
rewrite_rule_list
is
None
:
rewrite_rule_list
=
[]
if
rewrite_rule_https_only_list
is
None
:
rewrite_rule_zope_path_list
=
[]
if
rewrite_rule_zope_list
is
None
:
rewrite_rule_zope_list
=
[]
if
rewrite_rule_zope_path_list
is
None
:
...
...
@@ -564,15 +580,22 @@ class Recipe(BaseSlapRecipe):
self
.
path_list
.
append
(
backup_cron
)
# Create configuration file and rewritemaps
apachemap_name
=
"apachemap.txt"
apachemapzope_name
=
"apachemapzope.txt"
apachemapzopepath_name
=
"apachemapzopepath.txt"
self
.
createConfigurationFile
(
apachemap_name
,
"
\
n
"
.
join
(
rewrite_rule_list
))
self
.
createConfigurationFile
(
apachemapzope_name
,
"
\
n
"
.
join
(
rewrite_rule_zope_list
))
self
.
createConfigurationFile
(
apachemapzopepath_name
,
"
\
n
"
.
join
(
rewrite_rule_zope_path_list
))
apachemap_path
=
self
.
createConfigurationFile
(
"apache_rewritemap_generic.txt"
,
"
\
n
"
.
join
(
rewrite_rule_list
)
)
apachemap_httpsonly_path
=
self
.
createConfigurationFile
(
"apache_rewritemap_httpsonly.txt"
,
"
\
n
"
.
join
(
rewrite_rule_https_only_list
)
)
apachemap_zope_path
=
self
.
createConfigurationFile
(
"apache_rewritemap_zope.txt"
,
"
\
n
"
.
join
(
rewrite_rule_zope_list
)
)
apachemap_zopepath_path
=
self
.
createConfigurationFile
(
"apache_rewritemap_zopepath.txt"
,
"
\
n
"
.
join
(
rewrite_rule_zope_path_list
)
)
apache_conf
=
self
.
_getApacheConfigurationDict
(
name
,
ip_list
,
port
)
apache_conf
[
'ssl_snippet'
]
=
self
.
substituteTemplate
(
...
...
@@ -599,9 +622,10 @@ class Recipe(BaseSlapRecipe):
apache_conf
.
update
(
**
dict
(
path_enable
=
path
,
apachemap_path
=
os
.
path
.
join
(
self
.
etc_directory
,
apachemap_name
),
apachemapzope_path
=
os
.
path
.
join
(
self
.
etc_directory
,
apachemapzope_name
),
apachemapzopepath_path
=
os
.
path
.
join
(
self
.
etc_directory
,
apachemapzopepath_name
),
apachemap_path
=
apachemap_path
,
apachemap_httpsonly_path
=
apachemap_httpsonly_path
,
apachemapzope_path
=
apachemap_zope_path
,
apachemapzopepath_path
=
apachemap_zopepath_path
,
apache_domain
=
name
,
https_port
=
port
,
plain_http_port
=
plain_http_port
,
...
...
slapos/recipe/apache_frontend/template/apache.conf.in
View file @
524c2b7f
...
...
@@ -104,10 +104,12 @@ Header append Vary User-Agent
# or changed when slapgrid is ran. It can be freely customized by node admin.
Include %(custom_apache_virtualhost_conf)s
# Define the two RewriteMaps (key -> value store): one for Zope, one generic
# Define the 3 RewriteMaps (key -> value store): one for Zope, one generic,
# one generic https only,
# containing: rewritten URL -> original URL (a.k.a VirtualHostBase in Zope)
RewriteMap apachemapzope txt:%(apachemapzope_path)s
RewriteMap apachemapgeneric txt:%(apachemap_path)s
RewriteMap apachemapgenerichttpsonly txt:%(apachemap_httpsonly_path)s
# Define another RewriteMap for Zope, containing:
# rewritten URL -> VirtualHostRoot
...
...
@@ -123,6 +125,10 @@ Header append Vary User-Agent
RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
# Same for https only server
RewriteCond ${apachemapgenerichttpsonly:%%{SERVER_NAME}} >""
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ ${apachemapgenerichttpsonly:%%{SERVER_NAME}}/$1 [L,P]
# If nothing exist : put a nice error
ErrorDocument 404 /notfound.html
...
...
@@ -138,6 +144,9 @@ Header append Vary User-Agent
ProxyTimeout 600
RewriteEngine On
# Remove "Secure" from cookies, as backend may be https
Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
# Include configuration file not operated by slapos. This file won't be erased
# or changed when slapgrid is ran. It can be freely customized by node admin.
Include %(custom_apache_virtualhost_conf)s
...
...
software/apache-frontend/README.apache_frontend.txt
View file @
524c2b7f
...
...
@@ -118,6 +118,13 @@ Domain name to use as frontend. The frontend will be accessible from this domain
[instancereference].[masterdomain].
Example: www.mycustomdomain.com
https-only
~~~~~~~~~~
Specify if website should be accessed using https only. If so, the frontend
will redirect the user to https if accessed from http.
Possible values: "true", "false".
This is an optional parameter. Defaults to false.
path
~~~~
Only used if type is "zope".
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment