Skip to content

slapos-caddy
slapos-caddy
Commit 5dc76934 authored by Łukasz Nowak's avatar Łukasz Nowak
Browse files
Options

caddy-frontend: Simplify Jinja2 templates 

Avoid controlling whitespace as this is not needed, and can result with
erroneous files.
parent 985553a9
Show whitespace changes
Inline Side-by-side
Showing with 287 additions and 287 deletions
software/caddy-frontend/buildout.hash.cfg
View file @ 5dc76934
...@@ -23,11 +23,11 @@ md5sum = 21f4e3ac43b662e734ce1bd6c98516a6 ...@@ -23,11 +23,11 @@ md5sum = 21f4e3ac43b662e734ce1bd6c98516a6
[template-apache-replicate] [template-apache-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = a30d4bc21ae94d0eca42cea5032468a8 md5sum = d521bf1d2bdc037860eb874beac1ee6d
[template-slave-list] [template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = ecca3955ba747444f505216839fd1645 md5sum = 7eb42ef6aec24af641deab8f65864189
[template-slave-configuration] [template-slave-configuration]
filename = templates/custom-virtualhost.conf.in filename = templates/custom-virtualhost.conf.in
...@@ -35,7 +35,7 @@ md5sum = 74275ad73b03114c69f80c8f8ae73374 ...@@ -35,7 +35,7 @@ md5sum = 74275ad73b03114c69f80c8f8ae73374
[template-replicate-publish-slave-information] [template-replicate-publish-slave-information]
filename = templates/replicate-publish-slave-information.cfg.in filename = templates/replicate-publish-slave-information.cfg.in
md5sum = 665e83d660c9b779249b2179d7ce4b4e md5sum = 8d318af17da5631d4242c0d6d1531066
[template-caddy-frontend-configuration] [template-caddy-frontend-configuration]
filename = templates/Caddyfile.in filename = templates/Caddyfile.in
...@@ -43,7 +43,7 @@ md5sum = 2c3685356bef4b52fa2e654712e463cd ...@@ -43,7 +43,7 @@ md5sum = 2c3685356bef4b52fa2e654712e463cd
[template-custom-slave-list] [template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = ecca3955ba747444f505216839fd1645 md5sum = 7eb42ef6aec24af641deab8f65864189
[template-not-found-html] [template-not-found-html]
filename = templates/notfound.html filename = templates/notfound.html
...@@ -51,11 +51,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b ...@@ -51,11 +51,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = 25222f8a997bb26a6e3dfa2b7c41a103 md5sum = 30792249220b3e4fddd7e50236b455dc
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
md5sum = 6e569282b05fa326d0e9aa6958cb6910 md5sum = d5e9851aa54a9d05be7d7312af6ce3de
[template-log-access] [template-log-access]
filename = templates/template-log-access.conf.in filename = templates/template-log-access.conf.in
...@@ -87,11 +87,11 @@ md5sum = eae367cbf665816fbfe274026c848075 ...@@ -87,11 +87,11 @@ md5sum = eae367cbf665816fbfe274026c848075
[template-nginx-eventsource-slave-virtualhost] [template-nginx-eventsource-slave-virtualhost]
filename = templates/nginx-eventsource-slave.conf.in filename = templates/nginx-eventsource-slave.conf.in
md5sum = a0c5c376753da042c5f8444a33066acf md5sum = 69d65e461cd7cd5ef5b1ccd0098b50c8
[template-nginx-notebook-slave-virtualhost] [template-nginx-notebook-slave-virtualhost]
filename = templates/nginx-notebook-slave.conf.in filename = templates/nginx-notebook-slave.conf.in
md5sum = 193184d052d8ef8b09fa980cbca90798 md5sum = 548af159669069102ab9a1aae7b7dc25
[template-apache-lazy-script-call] [template-apache-lazy-script-call]
filename = templates/apache-lazy-script-call.sh.in filename = templates/apache-lazy-script-call.sh.in
......
software/caddy-frontend/instance-apache-replicate.cfg.in
View file @ 5dc76934
{% if slap_software_type in software_type -%} {% if slap_software_type in software_type %}
[jinja2-template-base] [jinja2-template-base]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
...@@ -12,33 +12,33 @@ context = ...@@ -12,33 +12,33 @@ context =
key slave_instance_list slap-parameter:slave_instance_list key slave_instance_list slap-parameter:slave_instance_list
${:extra-context} ${:extra-context}
{% set part_list = [] -%} {% set part_list = [] %}
{% set single_type_key = 'single-' %} {% set single_type_key = 'single-' %}
{% if slap_software_type == "replicate" %} {% if slap_software_type == "replicate" %}
{% set frontend_type = slapparameter_dict.pop('-frontend-type', 'single-default') -%} {% set frontend_type = slapparameter_dict.pop('-frontend-type', 'single-default') %}
{% elif slap_software_type in ['default', 'RootSoftwareInstance'] -%} {% elif slap_software_type in ['default', 'RootSoftwareInstance'] %}
{% set frontend_type = "%s%s" % (single_type_key, 'custom-personal') -%} {% set frontend_type = "%s%s" % (single_type_key, 'custom-personal') %}
{% else -%} {% else %}
{% set frontend_type = "%s%s" % (single_type_key, slap_software_type) -%} {% set frontend_type = "%s%s" % (single_type_key, slap_software_type) %}
{% endif -%} {% endif %}
{% set frontend_quantity = slapparameter_dict.pop('-frontend-quantity', '1') | int -%} {% set frontend_quantity = slapparameter_dict.pop('-frontend-quantity', '1') | int %}
{% set slave_list_name = 'extra_slave_instance_list' -%} {% set slave_list_name = 'extra_slave_instance_list' %}
{% set frontend_list = [] %} {% set frontend_list = [] %}
{% set frontend_section_list = [] %} {% set frontend_section_list = [] %}
{% set request_dict = {} %} {% set request_dict = {} %}
{% set namebase = 'caddy-frontend' -%} {% set namebase = 'caddy-frontend' %}
# XXX Dirty hack, not possible to define default value before # XXX Dirty hack, not possible to define default value before
{% set sla_computer_caddy_1_key = '-sla-1-computer_guid' -%} {% set sla_computer_caddy_1_key = '-sla-1-computer_guid' %}
{% if not sla_computer_caddy_1_key in slapparameter_dict -%} {% if not sla_computer_caddy_1_key in slapparameter_dict %}
{% do slapparameter_dict.__setitem__(sla_computer_caddy_1_key, '${slap-connection:computer-id}') -%} {% do slapparameter_dict.__setitem__(sla_computer_caddy_1_key, '${slap-connection:computer-id}') %}
{% endif -%} {% endif %}
# Here we request individually each frontend. # Here we request individually each frontend.
# The presence of sla parameters is checked and added if found # The presence of sla parameters is checked and added if found
{% for i in range(1, frontend_quantity + 1) -%} {% for i in range(1, frontend_quantity + 1) %}
{% set frontend_name = "%s-%s" % (namebase, i) -%} {% set frontend_name = "%s-%s" % (namebase, i) %}
{% set request_section_title = 'request-%s' % frontend_name -%} {% set request_section_title = 'request-%s' % frontend_name %}
{% set sla_key = "-sla-%s-" % i -%} {% set sla_key = "-sla-%s-" % i %}
{% set sla_key_length = sla_key | length %} {% set sla_key_length = sla_key | length %}
{% set sla_dict = {} %} {% set sla_dict = {} %}
{% set config_key = "-frontend-config-%s-" % i %} {% set config_key = "-frontend-config-%s-" % i %}
...@@ -48,13 +48,13 @@ context = ...@@ -48,13 +48,13 @@ context =
{% if key.startswith(sla_key) %} {% if key.startswith(sla_key) %}
{% do sla_dict.__setitem__(key[sla_key_length:], slapparameter_dict.pop(key)) %} {% do sla_dict.__setitem__(key[sla_key_length:], slapparameter_dict.pop(key)) %}
# We check for specific configuration regarding the frontend # We check for specific configuration regarding the frontend
{% elif key.startswith(config_key) -%} {% elif key.startswith(config_key) %}
{% do config_dict.__setitem__(key[config_key_length:], slapparameter_dict.pop(key)) %} {% do config_dict.__setitem__(key[config_key_length:], slapparameter_dict.pop(key)) %}
{% endif -%} {% endif %}
{% endfor -%} {% endfor %}
{% do frontend_list.append(frontend_name) -%} {% do frontend_list.append(frontend_name) %}
{% do frontend_section_list.append(request_section_title) -%} {% do frontend_section_list.append(request_section_title) %}
{% do part_list.append(request_section_title) -%} {% do part_list.append(request_section_title) %}
# Filling request dict for slave # Filling request dict for slave
{% set state_key = "-frontend-%s-state" % i %} {% set state_key = "-frontend-%s-state" % i %}
{% do request_dict.__setitem__(request_section_title, {% do request_dict.__setitem__(request_section_title,
...@@ -64,9 +64,9 @@ context = ...@@ -64,9 +64,9 @@ context =
'sla': sla_dict, 'sla': sla_dict,
'state': slapparameter_dict.pop(state_key, None) 'state': slapparameter_dict.pop(state_key, None)
}) %} }) %}
{% endfor -%} {% endfor %}
{% set authorized_slave_string = slapparameter_dict.pop('-frontend-authorized-slave-string', '') -%} {% set authorized_slave_string = slapparameter_dict.pop('-frontend-authorized-slave-string', '') %}
{% set authorized_slave_list = [] %} {% set authorized_slave_list = [] %}
{% set rejected_slave_list = [] %} {% set rejected_slave_list = [] %}
{% for slave in slave_instance_list %} {% for slave in slave_instance_list %}
...@@ -75,7 +75,7 @@ context = ...@@ -75,7 +75,7 @@ context =
{% else %} {% else %}
{% do rejected_slave_list.append(slave.get('slave_reference')) %} {% do rejected_slave_list.append(slave.get('slave_reference')) %}
{% endif %} {% endif %}
{% endfor -%} {% endfor %}
[replicate] [replicate]
<= slap-connection <= slap-connection
...@@ -106,11 +106,11 @@ state = {{ frontend_request.get('state') }} ...@@ -106,11 +106,11 @@ state = {{ frontend_request.get('state') }}
{% do slave_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %} {% do slave_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %}
config-_ = {{ json_module.dumps(slave_configuration_dict) }} config-_ = {{ json_module.dumps(slave_configuration_dict) }}
{% if frontend_request.get('sla') %} {% if frontend_request.get('sla') %}
{% for parameter, value in frontend_request.get('sla').iteritems() -%} {% for parameter, value in frontend_request.get('sla').iteritems() %}
sla-{{ parameter }} = {{ value }} sla-{{ parameter }} = {{ value }}
{% endfor -%} {% endfor %}
{% endif -%} {% endif %}
{% endfor -%} {% endfor %}
[publish-information] [publish-information]
...@@ -134,9 +134,9 @@ custom-personal = ${dynamic-publish-slave-information:rendered} ...@@ -134,9 +134,9 @@ custom-personal = ${dynamic-publish-slave-information:rendered}
custom-group = ${dynamic-publish-slave-information:rendered} custom-group = ${dynamic-publish-slave-information:rendered}
[slave-information] [slave-information]
{% for frontend_section in frontend_section_list -%} {% for frontend_section in frontend_section_list %}
{{ frontend_section }} = {{ "${%s:connection-slave-instance-information-list}" % frontend_section }} {{ frontend_section }} = {{ "${%s:connection-slave-instance-information-list}" % frontend_section }}
{% endfor -%} {% endfor %}
[dynamic-publish-slave-information] [dynamic-publish-slave-information]
< = jinja2-template-base < = jinja2-template-base
...@@ -150,7 +150,7 @@ extra-context = ...@@ -150,7 +150,7 @@ extra-context =
monitor-url-list += monitor-url-list +=
{% for frontend in frontend_section_list %} {% for frontend in frontend_section_list %}
{{ ' ${' + frontend + ':connection-monitor-base-url}' }} {{ ' ${' + frontend + ':connection-monitor-base-url}' }}
{% endfor -%} {% endfor %}
[buildout] [buildout]
extends = {{ template_monitor }} extends = {{ template_monitor }}
...@@ -158,9 +158,9 @@ parts = ...@@ -158,9 +158,9 @@ parts =
monitor-base monitor-base
publish-slave-information publish-slave-information
publish-information publish-information
{% for part in part_list -%} {% for part in part_list %}
{{ ' %s' % part }} {{ ' %s' % part }}
{% endfor -%} {% endfor %}
# publish-information # publish-information
eggs-directory = {{ eggs_directory }} eggs-directory = {{ eggs_directory }}
...@@ -181,4 +181,4 @@ cert_file = ${slap-connection:cert-file} ...@@ -181,4 +181,4 @@ cert_file = ${slap-connection:cert-file}
slave_instance_list = slave_instance_list =
-frontend-quantity = 1 -frontend-quantity = 1
-frontend-type = single-default -frontend-type = single-default
{%- endif %} {% endif %}
software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
View file @ 5dc76934
{% if software_type == slap_software_type -%} {% if software_type == slap_software_type %}
{% set cached_server_dict = {} -%} {% set cached_server_dict = {} %}
{% set part_list = [] -%} {% set part_list = [] %}
{% set cache_port = caddy_configuration.get('cache-port') %} {% set cache_port = caddy_configuration.get('cache-port') %}
{% set cached_port = caddy_configuration.get('cache-through-port') %} {% set cached_port = caddy_configuration.get('cache-through-port') %}
{% set ssl_cached_port = caddy_configuration.get('ssl-cache-through-port') %} {% set ssl_cached_port = caddy_configuration.get('ssl-cache-through-port') %}
{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) -%} {% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) %}
{% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) -%} {% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) %}
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {% set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{% set NGINX_TYPE_LIST = ['eventsource', 'notebook'] -%} {% set NGINX_TYPE_LIST = ['eventsource', 'notebook'] %}
{% set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': local_ipv4, 'http_port': http_port, 'https_port': https_port} %} {% set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': local_ipv4, 'http_port': http_port, 'https_port': https_port} %}
{% set slave_log_dict = {} -%} {% set slave_log_dict = {} %}
{% if extra_slave_instance_list -%} {% if extra_slave_instance_list %}
{% set slave_instance_information_list = [] -%} {% set slave_instance_information_list = [] %}
{% set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) -%} {% set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) %}
{% endif -%} {% endif %}
[jinja2-template-base] [jinja2-template-base]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
extensions = jinja2.ext.do extensions = jinja2.ext.do
...@@ -26,7 +26,7 @@ context = ...@@ -26,7 +26,7 @@ context =
{% do logrotate_dict.pop('recipe') %} {% do logrotate_dict.pop('recipe') %}
[logrotate] [logrotate]
{% for key, value in logrotate_dict.iteritems() -%} {% for key, value in logrotate_dict.iteritems() %}
{{ key }} = {{ value }} {{ key }} = {{ value }}
{% endfor %} {% endfor %}
...@@ -46,28 +46,28 @@ newcerts = {{ custom_ssl_directory }}/newcerts/ ...@@ -46,28 +46,28 @@ newcerts = {{ custom_ssl_directory }}/newcerts/
crl = {{ custom_ssl_directory }}/crl/ crl = {{ custom_ssl_directory }}/crl/
{# Loop thought slave list to set up slaves #} {# Loop thought slave list to set up slaves #}
{% for slave_instance in slave_instance_list -%} {% for slave_instance in slave_instance_list %}
{% set slave_reference = slave_instance.get('slave_reference') -%} {% set slave_reference = slave_instance.get('slave_reference') %}
{% set slave_type = slave_instance.get('type', '') -%} {% set slave_type = slave_instance.get('type', '') %}
{% set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference -%} {% set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %}
{% set slave_parameter_dict = generic_instance_parameter_dict.copy() -%} {% set slave_parameter_dict = generic_instance_parameter_dict.copy() %}
{% set slave_publish_dict = {} -%} {% set slave_publish_dict = {} %}
{% set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %} {% set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %}
{% set slave_logrotate_section = slave_reference + "-logs" -%} {% set slave_logrotate_section = slave_reference + "-logs" %}
{% set slave_password_section = slave_reference + "-password" -%} {% set slave_password_section = slave_reference + "-password" %}
{% set slave_ln_section = slave_reference + "-ln" -%} {% set slave_ln_section = slave_reference + "-ln" %}
{# extend parts #} {# extend parts #}
{% do part_list.extend([slave_ln_section]) -%} {% do part_list.extend([slave_ln_section]) %}
{% do part_list.extend([slave_logrotate_section, slave_section_title]) -%} {% do part_list.extend([slave_logrotate_section, slave_section_title]) %}
{% set slave_log_folder = logrotate_dict.get('backup') + '/' + slave_reference + "-logs" -%} {% set slave_log_folder = logrotate_dict.get('backup') + '/' + slave_reference + "-logs" %}
{# Set Up log files #} {# Set Up log files #}
{% do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) -%} {% do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %}
{% do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) -%} {% do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) %}
{% do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) -%} {% do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) %}
{% do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) -%} {% do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) %}
{# Add slave log directory to the slave log access dict #} {# Add slave log directory to the slave log access dict #}
{% do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %} {% do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %}
...@@ -78,33 +78,33 @@ crl = {{ custom_ssl_directory }}/crl/ ...@@ -78,33 +78,33 @@ crl = {{ custom_ssl_directory }}/crl/
{% do slave_publish_dict.__setitem__('public-ipv4', public_ipv4) %} {% do slave_publish_dict.__setitem__('public-ipv4', public_ipv4) %}
{# Set slave domain if none was defined #} {# Set slave domain if none was defined #}
{% if slave_instance.get('custom_domain', None) == None -%} {% if slave_instance.get('custom_domain', None) == None %}
{% set domain_prefix = slave_instance.get('slave_reference').replace("-", "").replace("_", "").lower() -%} {% set domain_prefix = slave_instance.get('slave_reference').replace("-", "").replace("_", "").lower() %}
{% if slave_type in NGINX_TYPE_LIST -%} {% if slave_type in NGINX_TYPE_LIST %}
{% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('nginx-domain', slapparameter_dict.get('domain')))) -%} {% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('nginx-domain', slapparameter_dict.get('domain')))) %}
{% else -%} {% else %}
{% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) -%} {% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) %}
{% endif -%} {% endif %}
{% endif -%} {% endif %}
{% set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') -%} {% set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') %}
{% if enable_cache and 'url' in slave_instance -%} {% if enable_cache and 'url' in slave_instance %}
{% if 'domain' in slave_instance -%} {% if 'domain' in slave_instance %}
{% do slave_instance.__setitem__('custom_domain', slave_instance.get('domain')) -%} {% do slave_instance.__setitem__('custom_domain', slave_instance.get('domain')) %}
{% endif -%} {% endif %}
{% do slave_instance.__setitem__('backend_url', slave_instance.get('url')) -%} {% do slave_instance.__setitem__('backend_url', slave_instance.get('url')) %}
{% do slave_instance.__setitem__('https_backend_url', slave_instance.get('https-url', slave_instance.get('url'))) -%} {% do slave_instance.__setitem__('https_backend_url', slave_instance.get('https-url', slave_instance.get('url'))) %}
{% do slave_instance.__setitem__('url', cache_access) -%} {% do slave_instance.__setitem__('url', cache_access) %}
{% do slave_instance.__setitem__('https-url', ssl_cache_access) -%} {% do slave_instance.__setitem__('https-url', ssl_cache_access) %}
{% do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) -%} {% do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) %}
{% endif -%} {% endif %}
{% if not slave_instance.has_key('apache_custom_http') %} {% if not slave_instance.has_key('apache_custom_http') %}
{% do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) -%} {% do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) %}
{% do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) -%} {% do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
{% do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) -%} {% do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
{% do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) -%} {% do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
{% endif -%} {% endif %}
[slave-log-directory-dict] [slave-log-directory-dict]
{{slave_reference}} = {{ slave_log_folder }} {{slave_reference}} = {{ slave_log_folder }}
...@@ -136,13 +136,13 @@ bytes = 8 ...@@ -136,13 +136,13 @@ bytes = 8
{# Set Slave Certificates if needed #} {# Set Slave Certificates if needed #}
{# Set ssl certificates for each slave #} {# Set ssl certificates for each slave #}
{% for cert_name in ('ssl_ca_crt', 'ssl_csr', 'ssl_proxy_ca_crt')-%} {% for cert_name in ('ssl_ca_crt', 'ssl_csr', 'ssl_proxy_ca_crt')%}
{% if cert_name in slave_instance -%} {% if cert_name in slave_instance %}
{% set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) -%} {% set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%} {% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
{% do part_list.append(cert_title) -%} {% do part_list.append(cert_title) %}
{% do slave_parameter_dict.__setitem__(cert_name, cert_file) -%} {% do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
{% do slave_instance.__setitem__('path_to_' + cert_name, cert_file) -%} {% do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %}
{# Store certificates on fs #} {# Store certificates on fs #}
[{{ cert_title }}] [{{ cert_title }}]
< = jinja2-template-base < = jinja2-template-base
...@@ -153,26 +153,26 @@ extra-context = ...@@ -153,26 +153,26 @@ extra-context =
# Store certificate in config # Store certificate in config
[{{ cert_title + '-config' }}] [{{ cert_title + '-config' }}]
value = {{ dumps(slave_instance.get(cert_name)) }} value = {{ dumps(slave_instance.get(cert_name)) }}
{% endif -%} {% endif %}
{% endfor -%} {% endfor %}
{#- Set Up Certs #} {# Set Up Certs #}
{%- do slave_instance.__setitem__('login_certificate', login_certificate) %} {% do slave_instance.__setitem__('login_certificate', login_certificate) %}
{%- do slave_instance.__setitem__('login_key', login_key) %} {% do slave_instance.__setitem__('login_key', login_key) %}
{%- do slave_instance.__setitem__('login_ca_crt', login_ca_crt) %} {% do slave_instance.__setitem__('login_ca_crt', login_ca_crt) %}
{%- do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %} {% do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %}
{%- do slave_parameter_dict.__setitem__('ssl_crt', login_certificate) %} {% do slave_parameter_dict.__setitem__('ssl_crt', login_certificate) %}
{%- do slave_parameter_dict.__setitem__('ssl_key', login_key) %} {% do slave_parameter_dict.__setitem__('ssl_key', login_key) %}
{% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance -%} {% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
{% set cert_title = '%s-crt' % (slave_reference) -%} {% set cert_title = '%s-crt' % (slave_reference) %}
{% set key_title = '%s-key' % (slave_reference) -%} {% set key_title = '%s-key' % (slave_reference) %}
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%} {% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
{% set key_file = '/'.join([custom_ssl_directory, key_title.replace('-','.')]) -%} {% set key_file = '/'.join([custom_ssl_directory, key_title.replace('-','.')]) %}
{% do part_list.append(cert_title) -%} {% do part_list.append(cert_title) %}
{% do slave_parameter_dict.__setitem__("ssl_crt", cert_file) -%} {% do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %}
{% do slave_parameter_dict.__setitem__("ssl_key", key_file) -%} {% do slave_parameter_dict.__setitem__("ssl_key", key_file) %}
{% do slave_instance.__setitem__('path_to_ssl_crt', cert_file) -%} {% do slave_instance.__setitem__('path_to_ssl_crt', cert_file) %}
{% do slave_instance.__setitem__('path_to_ssl_key', key_file) -%} {% do slave_instance.__setitem__('path_to_ssl_key', key_file) %}
[{{cert_title}}] [{{cert_title}}]
recipe = slapos.cookbook:certificate_authority.request recipe = slapos.cookbook:certificate_authority.request
...@@ -188,17 +188,17 @@ key-file = {{ key_file }} ...@@ -188,17 +188,17 @@ key-file = {{ key_file }}
cert-file = {{ cert_file }} cert-file = {{ cert_file }}
key-content = {{ dumps(slave_instance.get('ssl_key')) }} key-content = {{ dumps(slave_instance.get('ssl_key')) }}
cert-content = {{ dumps(slave_instance.get('ssl_crt')) }} cert-content = {{ dumps(slave_instance.get('ssl_crt')) }}
{% endif -%} {% endif %}
{# ########################################## #} {# ########################################## #}
{# Set Slave Configuration #} {# Set Slave Configuration #}
[{{ slave_configuration_section_name }}] [{{ slave_configuration_section_name }}]
{% set apache_custom_http = ((slave_instance.pop('apache_custom_http', '')) % slave_parameter_dict) -%} {% set apache_custom_http = ((slave_instance.pop('apache_custom_http', '')) % slave_parameter_dict) %}
{% set apache_custom_https = ((slave_instance.pop('apache_custom_https', '')) % slave_parameter_dict) -%} {% set apache_custom_https = ((slave_instance.pop('apache_custom_https', '')) % slave_parameter_dict) %}
apache_custom_http = {{ dumps(apache_custom_http) }} apache_custom_http = {{ dumps(apache_custom_http) }}
apache_custom_https = {{ dumps(apache_custom_https) }} apache_custom_https = {{ dumps(apache_custom_https) }}
{{ '\n' }} {{ '\n' }}
{% for key, value in slave_instance.iteritems() -%} {% for key, value in slave_instance.iteritems() %}
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{% endfor %} {% endfor %}
...@@ -232,16 +232,16 @@ extra-context = ...@@ -232,16 +232,16 @@ extra-context =
{{ '\n' }} {{ '\n' }}
{% set check_error_log_section_title = 'check-%s-error-log-last-hour' % slave_instance.get('slave_reference') -%} {% set check_error_log_section_title = 'check-%s-error-log-last-hour' % slave_instance.get('slave_reference') %}
{% do part_list.append(check_error_log_section_title) -%} {% do part_list.append(check_error_log_section_title) %}
[{{ check_error_log_section_title }}] [{{ check_error_log_section_title }}]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/check-error-on-apache-log -l {{ slave_instance.get('error_log') }} -d 3600 command-line = {{ bin_directory }}/check-error-on-apache-log -l {{ slave_instance.get('error_log') }} -d 3600
filename = {{ check_error_log_section_title }} filename = {{ check_error_log_section_title }}
wrapper-path = {{ promise_directory }}/${:filename} wrapper-path = {{ promise_directory }}/${:filename}
{% set check_error_log_section_title = 'check-%s-error-log-last-day' % slave_instance.get('slave_reference') -%} {% set check_error_log_section_title = 'check-%s-error-log-last-day' % slave_instance.get('slave_reference') %}
{% do part_list.append(check_error_log_section_title) -%} {% do part_list.append(check_error_log_section_title) %}
[{{ check_error_log_section_title }}] [{{ check_error_log_section_title }}]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/check-error-on-apache-log -l {{ slave_instance.get('error_log') }} -d 86400 command-line = {{ bin_directory }}/check-error-on-apache-log -l {{ slave_instance.get('error_log') }} -d 86400
...@@ -251,7 +251,7 @@ wrapper-path = {{ promise_directory }}/${:filename} ...@@ -251,7 +251,7 @@ wrapper-path = {{ promise_directory }}/${:filename}
{% set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %} {% set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %}
{% if monitor_ipv6_test %} {% if monitor_ipv6_test %}
{% set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %} {% set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %}
{% do part_list.append(monitor_ipv6_section_title) -%} {% do part_list.append(monitor_ipv6_section_title) %}
[{{ monitor_ipv6_section_title }}] [{{ monitor_ipv6_section_title }}]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/is-icmp-packet-lost -a {{monitor_ipv6_test}} command-line = {{ bin_directory }}/is-icmp-packet-lost -a {{monitor_ipv6_test}}
...@@ -262,7 +262,7 @@ wrapper-path = {{ promise_directory }}/${:filename} ...@@ -262,7 +262,7 @@ wrapper-path = {{ promise_directory }}/${:filename}
{% set monitor_ipv4_test = slave_instance.get('monitor-ipv4-test', '') %} {% set monitor_ipv4_test = slave_instance.get('monitor-ipv4-test', '') %}
{% if monitor_ipv4_test %} {% if monitor_ipv4_test %}
{% set monitor_ipv4_section_title = 'check-%s-ipv4-packet-list-test' % slave_instance.get('slave_reference') %} {% set monitor_ipv4_section_title = 'check-%s-ipv4-packet-list-test' % slave_instance.get('slave_reference') %}
{% do part_list.append(monitor_ipv4_section_title) -%} {% do part_list.append(monitor_ipv4_section_title) %}
[{{ monitor_ipv4_section_title }}] [{{ monitor_ipv4_section_title }}]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/is-icmp-packet-lost -4 -a {{monitor_ipv4_test}} command-line = {{ bin_directory }}/is-icmp-packet-lost -4 -a {{monitor_ipv4_test}}
...@@ -274,7 +274,7 @@ wrapper-path = {{ promise_directory }}/${:filename} ...@@ -274,7 +274,7 @@ wrapper-path = {{ promise_directory }}/${:filename}
{% if re6st_optimal_test %} {% if re6st_optimal_test %}
{% set re6st_ipv6, re6st_ipv4 = re6st_optimal_test.split(",") %} {% set re6st_ipv6, re6st_ipv4 = re6st_optimal_test.split(",") %}
{% set re6st_optimal_test_section_title = 'check-%s-re6st-optimal-test' % slave_instance.get('slave_reference') %} {% set re6st_optimal_test_section_title = 'check-%s-re6st-optimal-test' % slave_instance.get('slave_reference') %}
{% do part_list.append(re6st_optimal_test_section_title) -%} {% do part_list.append(re6st_optimal_test_section_title) %}
[{{ re6st_optimal_test_section_title }}] [{{ re6st_optimal_test_section_title }}]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/check-re6st-optimal-status -4 {{re6st_ipv4}} -6 {{re6st_ipv6}} command-line = {{ bin_directory }}/check-re6st-optimal-status -4 {{re6st_ipv4}} -6 {{re6st_ipv6}}
...@@ -285,27 +285,27 @@ wrapper-path = {{ promise_directory }}/${:filename} ...@@ -285,27 +285,27 @@ wrapper-path = {{ promise_directory }}/${:filename}
{# ############################### #} {# ############################### #}
{# Publish Slave Information #} {# Publish Slave Information #}
{% if not extra_slave_instance_list -%} {% if not extra_slave_instance_list %}
{% set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') -%} {% set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') %}
{% do part_list.append(publish_section_title) -%} {% do part_list.append(publish_section_title) %}
[{{ publish_section_title }}] [{{ publish_section_title }}]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
{% for key, value in slave_publish_dict.iteritems() %} {% for key, value in slave_publish_dict.iteritems() %}
{{ key }} = {{ value }} {{ key }} = {{ value }}
{% endfor %} {% endfor %}
{% else -%} {% else %}
{% do slave_instance_information_list.append(slave_publish_dict) -%} {% do slave_instance_information_list.append(slave_publish_dict) %}
{% endif -%} {% endif %}
{# End of the main for loop#} {# End of the main for loop#}
{% endfor -%} {% endfor %}
############################################### ###############################################
### Prepare virtualhost for slaves using cache ### Prepare virtualhost for slaves using cache
{% for slave_reference, slave_configuration_section_name in cached_server_dict.iteritems() %} {% for slave_reference, slave_configuration_section_name in cached_server_dict.iteritems() %}
{% set cached_slave_configuration_section_title = '%s-cached-virtualhost' % slave_reference %} {% set cached_slave_configuration_section_title = '%s-cached-virtualhost' % slave_reference %}
{% do part_list.append(cached_slave_configuration_section_title) -%} {% do part_list.append(cached_slave_configuration_section_title) %}
[{{ cached_slave_configuration_section_title }}] [{{ cached_slave_configuration_section_title }}]
< = jinja2-template-base < = jinja2-template-base
template = {{ template_cached_slave_configuration }} template = {{ template_cached_slave_configuration }}
...@@ -324,7 +324,7 @@ extra-context = ...@@ -324,7 +324,7 @@ extra-context =
<= slave-log-directory-dict <= slave-log-directory-dict
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
{#- Define IPv6 to IPV4 tunneling #} {# Define IPv6 to IPV4 tunneling #}
[tunnel-6to4-base] [tunnel-6to4-base]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
ipv4 = ${slap-network-information:local-ipv4} ipv4 = ${slap-network-information:local-ipv4}
...@@ -387,15 +387,15 @@ extra-context = ...@@ -387,15 +387,15 @@ extra-context =
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
public-ipv4 = {{ public_ipv4 }} public-ipv4 = {{ public_ipv4 }}
private-ipv4 = {{ local_ipv4 }} private-ipv4 = {{ local_ipv4 }}
{% if extra_slave_instance_list -%} {% if extra_slave_instance_list %}
slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list) }} slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list) }}
{% endif -%} {% endif %}
monitor-base-url = {{ monitor_base_url }} monitor-base-url = {{ monitor_base_url }}
[buildout] [buildout]
parts += parts +=
slave-log-directories slave-log-directories
{% for part in part_list -%} {% for part in part_list %}
{{ ' %s' % part }} {{ ' %s' % part }}
{% endfor %} {% endfor %}
publish-caddy-information publish-caddy-information
...@@ -412,4 +412,4 @@ develop-eggs-directory = {{ develop_eggs_directory }} ...@@ -412,4 +412,4 @@ develop-eggs-directory = {{ develop_eggs_directory }}
offline = true offline = true
cache-access = {{ cache_access }} cache-access = {{ cache_access }}
{% endif -%} {% endif %}
software/caddy-frontend/templates/cached-virtualhost.conf.in
View file @ 5dc76934
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {% set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{% set server_alias_list = slave_parameter.get('server-alias', '').split() %} {% set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%} {% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES %}
{%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%} {% set host_list = [slave_parameter.get('custom_domain')] + server_alias_list %}
{%- set http_host_list = [] %} {% set http_host_list = [] %}
{%- set https_host_list = [] %} {% set https_host_list = [] %}
{%- for host in host_list %} {% for host in host_list %}
{%- do http_host_list.append('http://%s:%s' % (host, cached_port)) %} {% do http_host_list.append('http://%s:%s' % (host, cached_port)) %}
{%- do https_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %} {% do https_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %}
{%- endfor %} {% endfor %}
# Only accept generic (i.e not Zope) backends on http # Only accept generic (i.e not Zope) backends on http
{{ http_host_list|join(', ') }} { {{ http_host_list|join(', ') }} {
...@@ -19,14 +19,14 @@ ...@@ -19,14 +19,14 @@
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {% if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %} {% if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }} # TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
# Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store" # Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%- endif %} {% endif %}
{%- else %} {% else %}
insecure_skip_verify insecure_skip_verify
{%- endif %} {% endif %}
} }
} }
...@@ -38,13 +38,13 @@ ...@@ -38,13 +38,13 @@
header_upstream -REMOTE_USER header_upstream -REMOTE_USER
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {% if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %} {% if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }} # TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
# Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store" # Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%- endif %} {% endif %}
{%- else %} {% else %}
insecure_skip_verify insecure_skip_verify
{%- endif %} {% endif %}
} }
} }
software/caddy-frontend/templates/default-virtualhost.conf.in
View file @ 5dc76934
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {% set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{%- set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%} {% set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES %}
{%- set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%} {% set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES %}
{%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%} {% set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES %}
{%- set server_alias_list = slave_parameter.get('server-alias', '').split() -%} {% set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{%- set enable_h2 = ('' ~ slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default'])).lower() in TRUE_VALUES -%} {% set enable_h2 = ('' ~ slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default'])).lower() in TRUE_VALUES %}
{%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%} {% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES %}
{%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() -%} {% set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %}
{%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%} {% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES %}
{%- set slave_type = slave_parameter.get('type', '') -%} {% set slave_type = slave_parameter.get('type', '') %}
{%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%} {% set host_list = [slave_parameter.get('custom_domain')] + server_alias_list %}
{%- set backend_url = slave_parameter.get('https-url', slave_parameter.get('url', '')) %} {% set backend_url = slave_parameter.get('https-url', slave_parameter.get('url', '')) %}
{%- set http_host_list = [] %} {% set http_host_list = [] %}
{%- set https_host_list = [] %} {% set https_host_list = [] %}
{%- for host in host_list %} {% for host in host_list %}
{%- do http_host_list.append('http://%s:%s' % (host, http_port)) %} {% do http_host_list.append('http://%s:%s' % (host, http_port)) %}
{%- do https_host_list.append('https://%s:%s' % (host, https_port)) %} {% do https_host_list.append('https://%s:%s' % (host, https_port)) %}
{%- endfor %} {% endfor %}
{{ https_host_list|join(', ') }} { {{ https_host_list|join(', ') }} {
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} { tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} {
{%- if slave_parameter.get('path_to_ssl_ca_crt') %} {% if slave_parameter.get('path_to_ssl_ca_crt') %}
clients {{ slave_parameter.get('path_to_ssl_ca_crt') }} clients {{ slave_parameter.get('path_to_ssl_ca_crt') }}
{%- endif %} {% endif %}
{%- if enable_h2 %} {% if enable_h2 %}
alpn h2 http/1.1 alpn h2 http/1.1
{%- else %} {% else %}
alpn http/1.1 alpn http/1.1
{%- endif %} {% endif %}
} }
log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
errors {{ slave_parameter.get('error_log') }} errors {{ slave_parameter.get('error_log') }}
...@@ -35,85 +35,85 @@ ...@@ -35,85 +35,85 @@
# TODO-Caddy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5 # TODO-Caddy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
# TODO-Caddy SSLHonorCipherOrder on # TODO-Caddy SSLHonorCipherOrder on
{%- for disabled_cookie in disabled_cookie_list %} {% for disabled_cookie in disabled_cookie_list %}
# TODO-Caddy {{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }} # TODO-Caddy {{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{% endfor -%} {% endfor %}
{%- if prefer_gzip %} {% if prefer_gzip %}
# TODO-Caddy RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip" # TODO-Caddy RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
{% endif %} {% endif %}
{% if slave_type == 'zope' and backend_url -%} {% if slave_type == 'zope' and backend_url %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
# As backend is trusting REMOTE_USER header unset it always # As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER header_upstream -REMOTE_USER
{% if disable_via_header %} {% if disable_via_header %}
header_downstream -Via header_downstream -Via
{% endif -%} {% endif %}
{% if disable_no_cache_header %} {% if disable_no_cache_header %}
header_upstream -Cache-Control header_upstream -Cache-Control
header_upstream -Pragma header_upstream -Pragma
{% endif -%} {% endif %}
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {% if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %} {% if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }} # TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
# Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store" # Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%- endif %} {% endif %}
{%- else %} {% else %}
insecure_skip_verify insecure_skip_verify
{%- endif %} {% endif %}
} }
{% if 'default-path' in slave_parameter %} {% if 'default-path' in slave_parameter %}
redir 301 { redir 301 {
if {path} is / if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }} / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
} }
{% endif -%} {% endif %}
rewrite { rewrite {
regexp (.*) regexp (.*)
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1} to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
} }
{% elif slave_type == 'redirect' and backend_url -%} {% elif slave_type == 'redirect' and backend_url %}
redir 302 { redir 302 {
/ {{ backend_url}}{uri} / {{ backend_url}}{uri}
} }
{% else -%} {% else %}
{% if 'default-path' in slave_parameter %} {% if 'default-path' in slave_parameter %}
redir 301 { redir 301 {
if {path} is / if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }} / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
} }
{% endif -%} {% endif %}
{%- if backend_url %} {% if backend_url %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
# As backend is trusting REMOTE_USER header unset it always # As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER header_upstream -REMOTE_USER
{% if disable_via_header %} {% if disable_via_header %}
header_downstream -Via header_downstream -Via
{% endif -%} {% endif %}
{% if disable_no_cache_header %} {% if disable_no_cache_header %}
header_upstream -Cache-Control header_upstream -Cache-Control
header_upstream -Pragma header_upstream -Pragma
{% endif -%} {% endif %}
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {% if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %} {% if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }} # TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
# Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store" # Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%- endif %} {% endif %}
{%- else %} {% else %}
insecure_skip_verify insecure_skip_verify
{%- endif %} {% endif %}
} }
{%- endif %} {% endif %}
{% endif -%} {% endif %}
} }
{{ http_host_list|join(', ') }} { {{ http_host_list|join(', ') }} {
...@@ -125,87 +125,87 @@ ...@@ -125,87 +125,87 @@
# TODO-Caddy # Remove "Secure" from cookies, as backend may be https # TODO-Caddy # Remove "Secure" from cookies, as backend may be https
# TODO-Caddy Header edit Set-Cookie "(?i)^(.+);secure$" "$1" # TODO-Caddy Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
{%- for disabled_cookie in disabled_cookie_list %} {% for disabled_cookie in disabled_cookie_list %}
# TODO-Caddy {{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }} # TODO-Caddy {{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{% endfor -%} {% endfor %}
{%- if prefer_gzip %} {% if prefer_gzip %}
# TODO-Caddy RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip" # TODO-Caddy RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
{% endif %} {% endif %}
{%- if https_only %} {% if https_only %}
redir / https://{host}{uri} redir / https://{host}{uri}
{% elif slave_type == 'redirect' and backend_url -%} {% elif slave_type == 'redirect' and backend_url %}
redir 302 { redir 302 {
/ {{ backend_url }}{uri} / {{ backend_url }}{uri}
} }
{% elif slave_type == 'zope' and backend_url -%} {% elif slave_type == 'zope' and backend_url %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
# As backend is trusting REMOTE_USER header unset it always # As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER header_upstream -REMOTE_USER
{% if disable_via_header %} {% if disable_via_header %}
header_downstream -Via header_downstream -Via
{% endif -%} {% endif %}
{% if disable_no_cache_header %} {% if disable_no_cache_header %}
header_upstream -Cache-Control header_upstream -Cache-Control
header_upstream -Pragma header_upstream -Pragma
{% endif -%} {% endif %}
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {% if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %} {% if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }} # TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
# Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store" # Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%- endif %} {% endif %}
{%- else %} {% else %}
insecure_skip_verify insecure_skip_verify
{%- endif %} {% endif %}
} }
{% if 'default-path' in slave_parameter %} {% if 'default-path' in slave_parameter %}
redir 301 { redir 301 {
if {path} is / if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }} / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
} }
{% endif -%} {% endif %}
rewrite { rewrite {
regexp (.*) regexp (.*)
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1} to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
} }
{% else -%} {% else %}
{% if 'default-path' in slave_parameter %} {% if 'default-path' in slave_parameter %}
redir 301 { redir 301 {
if {path} is / if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }} / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
} }
{% endif -%} {% endif %}
{%- if slave_parameter.get('url', '') %} {% if slave_parameter.get('url', '') %}
proxy / {{ slave_parameter.get('url', '') }} { proxy / {{ slave_parameter.get('url', '') }} {
# As backend is trusting REMOTE_USER header unset it always # As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER header_upstream -REMOTE_USER
{% if disable_via_header %} {% if disable_via_header %}
header_downstream -Via header_downstream -Via
{% endif -%} {% endif %}
{% if disable_no_cache_header %} {% if disable_no_cache_header %}
header_upstream -Cache-Control header_upstream -Cache-Control
header_upstream -Pragma header_upstream -Pragma
{% endif -%} {% endif %}
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {% if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %} {% if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }} # TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
# Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store" # Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%- endif %} {% endif %}
{%- else %} {% else %}
insecure_skip_verify insecure_skip_verify
{%- endif %} {% endif %}
} }
{% endif -%} {% endif %}
{% endif -%} {% endif %}
# If nothing exist : put a nice error # If nothing exist : put a nice error
# ErrorDocument 404 /notfound.html # ErrorDocument 404 /notfound.html
# Dadiboom # Dadiboom
......
software/caddy-frontend/templates/nginx-eventsource-slave.conf.in
View file @ 5dc76934
{% set url = slave_parameter.get('url') -%} {% set url = slave_parameter.get('url') %}
{% set https_url = slave_parameter.get('https-url', url) -%} {% set https_url = slave_parameter.get('https-url', url) %}
{% if url.startswith("http://") or url.startswith("https://") -%} {% if url.startswith("http://") or url.startswith("https://") %}
{% set upstream = url.split("/")[2] -%} {% set upstream = url.split("/")[2] %}
{% set https_upstream = https_url.split("/")[2] -%} {% set https_upstream = https_url.split("/")[2] %}
{% set protocol = url.split("/")[0] -%} {% set protocol = url.split("/")[0] %}
{% set https_protocol = https_url.split("/")[0] -%} {% set https_protocol = https_url.split("/")[0] %}
{% set proxy_pass = '%s//%s' % (protocol, slave_parameter.get('slave_reference')) -%} {% set proxy_pass = '%s//%s' % (protocol, slave_parameter.get('slave_reference')) %}
{% set https_proxy_pass = '%s//https_%s' % (protocol, slave_parameter.get('slave_reference')) -%} {% set https_proxy_pass = '%s//https_%s' % (protocol, slave_parameter.get('slave_reference')) %}
{%- set ssl_configuration_list = [('ssl_certificate', 'path_to_ssl_crt'), {% set ssl_configuration_list = [('ssl_certificate', 'path_to_ssl_crt'),
('ssl_certificate_key', 'path_to_ssl_key')] -%} ('ssl_certificate_key', 'path_to_ssl_key')] %}
# TODO-Caddy upstream {{ slave_parameter.get('slave_reference') }} { # TODO-Caddy upstream {{ slave_parameter.get('slave_reference') }} {
...@@ -75,10 +75,10 @@ ...@@ -75,10 +75,10 @@
# TODO-Caddy ssl_prefer_server_ciphers on; # TODO-Caddy ssl_prefer_server_ciphers on;
# TODO-Caddy ssl_session_cache shared:SSL:10m; # TODO-Caddy ssl_session_cache shared:SSL:10m;
{% for key, value in ssl_configuration_list -%} {% for key, value in ssl_configuration_list %}
{% if value in slave_parameter -%} {% if value in slave_parameter %}
# TODO-Caddy {{ ' %s' % key }} {{ slave_parameter.get(value) }}; # TODO-Caddy {{ ' %s' % key }} {{ slave_parameter.get(value) }};
{% endif -%} {% endif %}
{% endfor %} {% endfor %}
# TODO-Caddy location /pub { # TODO-Caddy location /pub {
...@@ -110,4 +110,4 @@ ...@@ -110,4 +110,4 @@
# TODO-Caddy default_type "text/event-stream; charset=utf-8"; # TODO-Caddy default_type "text/event-stream; charset=utf-8";
# TODO-Caddy } # TODO-Caddy }
# TODO-Caddy} # TODO-Caddy}
{% endif -%} {% endif %}
software/caddy-frontend/templates/nginx-notebook-slave.conf.in
View file @ 5dc76934
{% set url = slave_parameter.get('url') -%} {% set url = slave_parameter.get('url') %}
{% set https_url = slave_parameter.get('https-url', url) -%} {% set https_url = slave_parameter.get('https-url', url) %}
{% if url.startswith("http://") or url.startswith("https://") -%} {% if url.startswith("http://") or url.startswith("https://") %}
{% set upstream = url.split("/")[2] -%} {% set upstream = url.split("/")[2] %}
{% set https_upstream = https_url.split("/")[2] -%} {% set https_upstream = https_url.split("/")[2] %}
{% set protocol = url.split("/")[0] -%} {% set protocol = url.split("/")[0] %}
{% set https_protocol = https_url.split("/")[0] -%} {% set https_protocol = https_url.split("/")[0] %}
{% set proxy_pass = '%s//%s' % (protocol, slave_parameter.get('slave_reference')) -%} {% set proxy_pass = '%s//%s' % (protocol, slave_parameter.get('slave_reference')) %}
{% set https_proxy_pass = '%s//https_%s' % (protocol, slave_parameter.get('slave_reference')) -%} {% set https_proxy_pass = '%s//https_%s' % (protocol, slave_parameter.get('slave_reference')) %}
{%- set ssl_configuration_list = [('ssl_certificate', 'path_to_ssl_crt'), {% set ssl_configuration_list = [('ssl_certificate', 'path_to_ssl_crt'),
('ssl_certificate_key', 'path_to_ssl_key')] -%} ('ssl_certificate_key', 'path_to_ssl_key')] %}
# TODO-Caddy upstream {{ slave_parameter.get('slave_reference') }} { # TODO-Caddy upstream {{ slave_parameter.get('slave_reference') }} {
...@@ -70,10 +70,10 @@ ...@@ -70,10 +70,10 @@
# TODO-Caddy ssl_prefer_server_ciphers on; # TODO-Caddy ssl_prefer_server_ciphers on;
# TODO-Caddy ssl_session_cache shared:SSL:10m; # TODO-Caddy ssl_session_cache shared:SSL:10m;
{% for key, value in ssl_configuration_list -%} {% for key, value in ssl_configuration_list %}
{% if value in slave_parameter -%} {% if value in slave_parameter %}
# TODO-Caddy {{ ' %s' % key }} {{ slave_parameter.get(value) }}; # TODO-Caddy {{ ' %s' % key }} {{ slave_parameter.get(value) }};
{% endif -%} {% endif %}
{% endfor %} {% endfor %}
# TODO-Caddy location / { # TODO-Caddy location / {
...@@ -101,4 +101,4 @@ ...@@ -101,4 +101,4 @@
# TODO-Caddy proxy_read_timeout 86400; # TODO-Caddy proxy_read_timeout 86400;
# TODO-Caddy } # TODO-Caddy }
# TODO-Caddy } # TODO-Caddy }
{% endif -%} {% endif %}
software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in
View file @ 5dc76934
{% set part_list = [] -%} {% set part_list = [] %}
{% set slave_information_dict = {} -%} {% set slave_information_dict = {} %}
# regroup slave information from all frontends # regroup slave information from all frontends
{%- for frontend, slave_list_raw in slave_information.iteritems() -%} {% for frontend, slave_list_raw in slave_information.iteritems() %}
{% if slave_list_raw %} {% if slave_list_raw %}
{% set slave_list = json_module.loads(slave_list_raw) -%} {% set slave_list = json_module.loads(slave_list_raw) %}
{% else %} {% else %}
{% set slave_list = [] %} {% set slave_list = [] %}
{% endif %} {% endif %}
{% for slave_dict in slave_list -%} {% for slave_dict in slave_list %}
{% set slave_reference = slave_dict.pop('slave-reference') %} {% set slave_reference = slave_dict.pop('slave-reference') %}
{% set log_access_url = slave_dict.pop('log-access', '') %} {% set log_access_url = slave_dict.pop('log-access', '') %}
{% set current_slave_dict = slave_information_dict.get(slave_reference, {}) %} {% set current_slave_dict = slave_information_dict.get(slave_reference, {}) %}
{% do current_slave_dict.update(slave_dict) -%} {% do current_slave_dict.update(slave_dict) %}
{% set log_access_list = current_slave_dict.get('log-access-urls', []) %} {% set log_access_list = current_slave_dict.get('log-access-urls', []) %}
{% do log_access_list.append( frontend + ': ' + log_access_url) %} {% do log_access_list.append( frontend + ': ' + log_access_url) %}
{% do current_slave_dict.__setitem__( {% do current_slave_dict.__setitem__(
...@@ -22,22 +22,22 @@ ...@@ -22,22 +22,22 @@
{% do current_slave_dict.__setitem__( {% do current_slave_dict.__setitem__(
'replication_number', 'replication_number',
current_slave_dict.get('replication_number', 0) + 1 current_slave_dict.get('replication_number', 0) + 1
) -%} ) %}
{% do slave_information_dict.__setitem__(slave_reference, current_slave_dict) -%} {% do slave_information_dict.__setitem__(slave_reference, current_slave_dict) %}
{% endfor -%} {% endfor %}
{% endfor %} {% endfor %}
# Publish information for each slave # Publish information for each slave
{% for slave_reference, slave_information in slave_information_dict.iteritems() %} {% for slave_reference, slave_information in slave_information_dict.iteritems() %}
{% set publish_section_title = 'publish-%s' % slave_reference -%} {% set publish_section_title = 'publish-%s' % slave_reference %}
{% do part_list.append(publish_section_title) -%} {% do part_list.append(publish_section_title) %}
[{{ publish_section_title }}] [{{ publish_section_title }}]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
-slave-reference = {{ slave_reference }} -slave-reference = {{ slave_reference }}
log-access-url = {{ json_module.dumps(slave_information.pop('log-access-urls', 1000)) }} log-access-url = {{ json_module.dumps(slave_information.pop('log-access-urls', 1000)) }}
{% for key, value in slave_information.iteritems() -%} {% for key, value in slave_information.iteritems() %}
{{ key }} = {{ value }} {{ key }} = {{ value }}
{% endfor -%} {% endfor %}
{% endfor %} {% endfor %}
[buildout] [buildout]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7