Skip to content

slapos-caddy
slapos-caddy
Commit 8182a586 authored by Łukasz Nowak's avatar Łukasz Nowak
Browse files
Options

caddy-frontend: Use jinja2 to generate caddy-wrapper 

As infromation passed to caddy-wrapper comes also from the network it
has to be templated using jinja2 in order to dump variables correctly.
parent 678a7e47
Show whitespace changes
Inline Side-by-side
Showing with 53 additions and 34 deletions
software/caddy-frontend/buildout.hash.cfg
View file @ 8182a586
...@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e ...@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg filename = instance-apache-frontend.cfg
md5sum = 0f9d764e1c4c5e345cdb90390c9d90b6 md5sum = e9e6417eda276a48badfdddc9f01f522
[template-apache-replicate] [template-apache-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
...@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913 ...@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913
[template-slave-list] [template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = 3e7350f9f27cddc63ee9711b548790fa md5sum = 1867c268830af61bcc245d0c88b634fb
[template-slave-configuration] [template-slave-configuration]
filename = templates/custom-virtualhost.conf.in filename = templates/custom-virtualhost.conf.in
...@@ -43,7 +43,7 @@ md5sum = edfdd21d712f4ba4c2e1fcb9ea096554 ...@@ -43,7 +43,7 @@ md5sum = edfdd21d712f4ba4c2e1fcb9ea096554
[template-custom-slave-list] [template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = 3e7350f9f27cddc63ee9711b548790fa md5sum = 1867c268830af61bcc245d0c88b634fb
[template-not-found-html] [template-not-found-html]
filename = templates/notfound.html filename = templates/notfound.html
...@@ -55,7 +55,7 @@ md5sum = 88a31d5a26c26408443fa5c2550ff8ac ...@@ -55,7 +55,7 @@ md5sum = 88a31d5a26c26408443fa5c2550ff8ac
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = 831d2eb5a0489b340dcf244025e579b0 md5sum = bb80ef5a195b841a071c7104544ae776
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
...@@ -73,6 +73,10 @@ md5sum = c2314c3a9c3412a38d14b312d3df83c1 ...@@ -73,6 +73,10 @@ md5sum = c2314c3a9c3412a38d14b312d3df83c1
filename = templates/wrapper.in filename = templates/wrapper.in
md5sum = 8cde04bfd0c0e9bd56744b988275cfd8 md5sum = 8cde04bfd0c0e9bd56744b988275cfd8
[template-caddy-wrapper]
filename = templates/caddy-wrapper.in
md5sum = c5816275757124613920078b6bec1caf
[template-trafficserver-records-config] [template-trafficserver-records-config]
filename = templates/trafficserver/records.config.jinja2 filename = templates/trafficserver/records.config.jinja2
md5sum = 84baef0a49c9a65e8f2d2ffdb8c1d39c md5sum = 84baef0a49c9a65e8f2d2ffdb8c1d39c
......
software/caddy-frontend/common.cfg
View file @ 8182a586
...@@ -100,6 +100,12 @@ filename = template-log-access.conf.in ...@@ -100,6 +100,12 @@ filename = template-log-access.conf.in
<=download-template <=download-template
filename = empty.in filename = empty.in
[template-caddy-wrapper]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/templates/caddy-wrapper.in
output = ${buildout:directory}/template-caddy-wrapper.cfg
mode = 0644
[template-wrapper] [template-wrapper]
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/templates/wrapper.in url = ${:_profile_base_location_}/templates/wrapper.in
......
software/caddy-frontend/instance-apache-frontend.cfg
View file @ 8182a586
...@@ -212,6 +212,8 @@ extra-context = ...@@ -212,6 +212,8 @@ extra-context =
key login_ca_crt ca-custom-frontend:rendered key login_ca_crt ca-custom-frontend:rendered
raw sixtunnel_executable ${6tunnel:location}/bin/6tunnel raw sixtunnel_executable ${6tunnel:location}/bin/6tunnel
raw service_directory $${directory:service} raw service_directory $${directory:service}
key enable_http2_by_default instance-parameter:configuration.enable-http2-by-default
[dynamic-virtualhost-template-slave] [dynamic-virtualhost-template-slave]
<= jinja2-template-base <= jinja2-template-base
template = ${template-slave-configuration:target} template = ${template-slave-configuration:target}
...@@ -250,24 +252,19 @@ extra-context = ...@@ -250,24 +252,19 @@ extra-context =
section frontend_configuration frontend-configuration section frontend_configuration frontend-configuration
[caddy-wrapper] [caddy-wrapper]
recipe = slapos.cookbook:wrapper < = jinja2-template-base
command-line = ${caddy:output} template = ${template-caddy-wrapper:output}
-conf $${dynamic-apache-frontend-template:rendered} rendered = $${directory:bin}/caddy-wrapper
-root $${caddy-directory:document-root} mode = 0700
-host $${instance-parameter:configuration.domain} extra-context =
-http-port $${instance-parameter:configuration.plain_http_port} raw caddy ${caddy:output}
-https-port $${instance-parameter:configuration.port} key conf dynamic-apache-frontend-template:rendered
-log $${apache-configuration:error-log} key log apache-configuration:error-log
-http2=$${instance-parameter:configuration.enable-http2-by-default} key grace instance-parameter:configuration.mpm-graceful-shutdown-timeout
-grace $${instance-parameter:configuration.mpm-graceful-shutdown-timeout}s
-pidfile $${apache-configuration:pid-file}
-disable-http-challenge
-disable-tls-sni-challenge
wrapper-path = $${directory:bin}/caddy-wrapper
[apache-frontend] [apache-frontend]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = $${caddy-wrapper:wrapper-path} command-line = $${caddy-wrapper:rendered} -pidfile $${caddy-configuration:pid-file}
wrapper-path = $${directory:service}/frontend_caddy wrapper-path = $${directory:service}/frontend_caddy
wait-for-files = wait-for-files =
$${ca-frontend:cert-file} $${ca-frontend:cert-file}
...@@ -297,7 +294,7 @@ error-log = $${directory:log}/frontend-apache-error.log ...@@ -297,7 +294,7 @@ error-log = $${directory:log}/frontend-apache-error.log
pid-file = $${directory:run}/httpd.pid pid-file = $${directory:run}/httpd.pid
protected-path = / protected-path = /
access-control-string = none access-control-string = none
frontend-configuration-verification = $${caddy-wrapper:wrapper-path} -validate > /dev/null frontend-configuration-verification = $${caddy-wrapper:rendered} -validate > /dev/null
frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi
# Comunication with ats # Comunication with ats
...@@ -308,7 +305,7 @@ ssl-cache-through-port = 26012 ...@@ -308,7 +305,7 @@ ssl-cache-through-port = 26012
# Create wrapper for "apachectl conftest" in bin # Create wrapper for "apachectl conftest" in bin
[configtest] [configtest]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = $${caddy-wrapper:wrapper-path} -validate command-line = $${caddy-wrapper:rendered} -validate
wrapper-path = $${directory:bin}/caddy-configtest wrapper-path = $${directory:bin}/caddy-configtest
[certificate-authority] [certificate-authority]
...@@ -696,19 +693,20 @@ curl_path = ${curl:location}/bin/curl ...@@ -696,19 +693,20 @@ curl_path = ${curl:location}/bin/curl
####################### #######################
# Nginx # Nginx
# #
[nginx-wrapper]
< = jinja2-template-base
template = ${template-caddy-wrapper:output}
rendered = $${directory:bin}/nginx-wrapper
mode = 0700
extra-context =
raw caddy ${caddy:output}
key conf nginx-configuration:output
key log nginx-configuration:error_log
key grace instance-parameter:configuration.mpm-graceful-shutdown-timeout
[nginx-frontend] [nginx-frontend]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = ${caddy:output} command-line = $${nginx-wrapper:rendered} -pidfile $${nginx-configuration:pid-file}
-conf $${nginx-configuration:output}
-host $${instance-parameter:configuration.domain}
-root $${caddy-directory:document-root}
-http-port $${nginx-configuration:plain_port}
-https-port $${nginx-configuration:port}
-log $${nginx-configuration:error_log}
-http2=$${instance-parameter:configuration.enable-http2-by-default}
-pidfile $${nginx-configuration:pid-file}
-disable-http-challenge
-disable-tls-sni-challenge
wrapper-path = $${directory:service}/frontend_nginx wrapper-path = $${directory:service}/frontend_nginx
[nginx-configuration] [nginx-configuration]
...@@ -727,7 +725,7 @@ worker_connections = 1024 ...@@ -727,7 +725,7 @@ worker_connections = 1024
slave-configuration-directory = $${caddy-directory:nginx-slave-configuration} slave-configuration-directory = $${caddy-directory:nginx-slave-configuration}
pid-file = $${directory:run}/nginx.pid pid-file = $${directory:run}/nginx.pid
nginx-graceful-command = $${:nginx-configuration-verification}; if [ $? -eq 0 ]; then kill -HUP $(cat $${:pid-file}); fi nginx-graceful-command = $${:nginx-configuration-verification}; if [ $? -eq 0 ]; then kill -HUP $(cat $${:pid-file}); fi
nginx-configuration-verification = $${nginx-frontend:wrapper-path} -validate nginx-configuration-verification = $${nginx-wrapper:rendered} -validate
ssl_certificate = $${ca-frontend:cert-file} ssl_certificate = $${ca-frontend:cert-file}
ssl_key = $${ca-frontend:key-file} ssl_key = $${ca-frontend:key-file}
......
software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
View file @ 8182a586
...@@ -161,6 +161,7 @@ value = {{ dumps(slave_instance.get(cert_name)) }} ...@@ -161,6 +161,7 @@ value = {{ dumps(slave_instance.get(cert_name)) }}
{%- do slave_instance.__setitem__('login_certificate', login_certificate) %} {%- do slave_instance.__setitem__('login_certificate', login_certificate) %}
{%- do slave_instance.__setitem__('login_key', login_key) %} {%- do slave_instance.__setitem__('login_key', login_key) %}
{%- do slave_instance.__setitem__('login_ca_crt', login_ca_crt) %} {%- do slave_instance.__setitem__('login_ca_crt', login_ca_crt) %}
{%- do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %}
{%- do slave_parameter_dict.__setitem__('ssl_crt', login_certificate) %} {%- do slave_parameter_dict.__setitem__('ssl_crt', login_certificate) %}
{%- do slave_parameter_dict.__setitem__('ssl_key', login_key) %} {%- do slave_parameter_dict.__setitem__('ssl_key', login_key) %}
{% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance -%} {% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance -%}
......
software/caddy-frontend/templates/caddy-wrapper.in 0 → 100644
View file @ 8182a586
#!${dash-output:dash}
exec {{ caddy }} \
-conf {{ conf }} \
-log {{ log }} \
-http2=true \
-grace {{ grace }}s \
-disable-http-challenge \
-disable-tls-sni-challenge \
"$@"
software/caddy-frontend/templates/default-virtualhost.conf.in
View file @ 8182a586
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
{%- set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%} {%- set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
{%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%} {%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
{%- set server_alias_list = slave_parameter.get('server-alias', '').split() -%} {%- set server_alias_list = slave_parameter.get('server-alias', '').split() -%}
{%- set enable_h2 = ('' ~ slave_parameter.get('enable-http2', 'true')).lower() in TRUE_VALUES -%} {%- set enable_h2 = ('' ~ slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default'])).lower() in TRUE_VALUES -%}
{%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%} {%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
{%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() -%} {%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() -%}
{%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%} {%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7