Commit 8b903c04 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Implement access to log files

parent fc41a948
...@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e ...@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg filename = instance-apache-frontend.cfg
md5sum = df34d8398a5f19ac7a828e1c85c22867 md5sum = 6416ce7ffa3e856f8ba06722ab9232fe
[template-apache-replicate] [template-apache-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
...@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913 ...@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913
[template-slave-list] [template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = 0643a19572f65e496e1656df0971d8bd md5sum = 8333871e68e76c7792b4624a2a90b707
[template-slave-configuration] [template-slave-configuration]
filename = templates/custom-virtualhost.conf.in filename = templates/custom-virtualhost.conf.in
...@@ -43,7 +43,7 @@ md5sum = d1a7a759aa2801c96ecf4445a33203f2 ...@@ -43,7 +43,7 @@ md5sum = d1a7a759aa2801c96ecf4445a33203f2
[template-custom-slave-list] [template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = 0643a19572f65e496e1656df0971d8bd md5sum = 8333871e68e76c7792b4624a2a90b707
[template-not-found-html] [template-not-found-html]
filename = templates/notfound.html filename = templates/notfound.html
...@@ -63,7 +63,7 @@ md5sum = b66ebb546e1762419a22ac853437a9c2 ...@@ -63,7 +63,7 @@ md5sum = b66ebb546e1762419a22ac853437a9c2
[template-log-access] [template-log-access]
filename = templates/template-log-access.conf.in filename = templates/template-log-access.conf.in
md5sum = 50541094dd3ee6c240a9c7a0590fcff8 md5sum = cd3043964ae7fd8489e545ba0d4fc603
[template-empty] [template-empty]
filename = templates/empty.in filename = templates/empty.in
...@@ -99,4 +99,4 @@ md5sum = ebe5d3d19923eb812a40019cb11276d8 ...@@ -99,4 +99,4 @@ md5sum = ebe5d3d19923eb812a40019cb11276d8
[template-caddy-graceful-script] [template-caddy-graceful-script]
filename = templates/caddy-graceful-script.sh.in filename = templates/caddy-graceful-script.sh.in
md5sum = 0b96d401252e3c38a552c51569457929 md5sum = add097b3cb757675787a87c8ae7fb0cc
...@@ -132,9 +132,6 @@ log-access-configuration = $${directory:etc}/apache-log-access.conf ...@@ -132,9 +132,6 @@ log-access-configuration = $${directory:etc}/apache-log-access.conf
caddy-directory = ${caddy:location} caddy-directory = ${caddy:location}
caddy-ipv6 = $${instance-parameter:ipv6-random} caddy-ipv6 = $${instance-parameter:ipv6-random}
caddy-https-port = $${instance-parameter:configuration.port} caddy-https-port = $${instance-parameter:configuration.port}
# XXX: Maybe it is not the best way to redirect -- anyway instantiation
# will fail ASA Apache will be removed
htpasswd = ${buildout:bin-directory}/htpasswd
[jinja2-template-base] [jinja2-template-base]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
......
...@@ -57,10 +57,9 @@ crl = {{ custom_ssl_directory }}/crl/ ...@@ -57,10 +57,9 @@ crl = {{ custom_ssl_directory }}/crl/
{% set slave_logrotate_section = slave_reference + "-logs" -%} {% set slave_logrotate_section = slave_reference + "-logs" -%}
{% set slave_password_section = slave_reference + "-password" -%} {% set slave_password_section = slave_reference + "-password" -%}
{% set slave_ln_section = slave_reference + "-ln" -%} {% set slave_ln_section = slave_reference + "-ln" -%}
{% set slave_htaccess_section = slave_reference + '-htaccess' %}
{# extend parts #} {# extend parts #}
{% do part_list.extend([slave_htaccess_section, slave_ln_section]) -%} {% do part_list.extend([slave_ln_section]) -%}
{% do part_list.extend([slave_logrotate_section, slave_section_title]) -%} {% do part_list.extend([slave_logrotate_section, slave_section_title]) -%}
{% set slave_log_folder = logrotate_dict.get('backup') + '/' + slave_reference + "-logs" -%} {% set slave_log_folder = logrotate_dict.get('backup') + '/' + slave_reference + "-logs" -%}
...@@ -108,9 +107,12 @@ crl = {{ custom_ssl_directory }}/crl/ ...@@ -108,9 +107,12 @@ crl = {{ custom_ssl_directory }}/crl/
{% do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) -%} {% do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) -%}
{% endif -%} {% endif -%}
[slave-log-directories] [slave-log-directory-dict]
{{slave_reference}} = {{ slave_log_folder }} {{slave_reference}} = {{ slave_log_folder }}
[slave-password]
{{ slave_reference }} = {{ '${' + slave_password_section + ':passwd}' }}
{# Set slave logrotate entry #} {# Set slave logrotate entry #}
[{{slave_logrotate_section}}] [{{slave_logrotate_section}}]
<= logrotate <= logrotate
...@@ -131,13 +133,6 @@ recipe = slapos.cookbook:generate.password ...@@ -131,13 +133,6 @@ recipe = slapos.cookbook:generate.password
storage-path = {{apache_configuration_directory}}/.{{slave_reference}}.passwd storage-path = {{apache_configuration_directory}}/.{{slave_reference}}.passwd
bytes = 8 bytes = 8
{# Set up htaccess file for slave #}
[{{slave_htaccess_section}}]
recipe = plone.recipe.command
stop-on-error = true
htaccess-path = {{apache_configuration_directory}}/.{{slave_reference}}.htaccess
command = {{frontend_configuration.get('htpasswd')}} -cb ${:htaccess-path} {{ slave_reference }} {{ '${' + slave_password_section + ':passwd}' }}
{# ################################################## #} {# ################################################## #}
{# Set Slave Certificates if needed #} {# Set Slave Certificates if needed #}
...@@ -329,6 +324,7 @@ extra-context = ...@@ -329,6 +324,7 @@ extra-context =
{% endfor %} {% endfor %}
[slave-log-directories] [slave-log-directories]
<= slave-log-directory-dict
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
{# Define log access #} {# Define log access #}
...@@ -337,9 +333,17 @@ recipe = slapos.cookbook:mkdirectory ...@@ -337,9 +333,17 @@ recipe = slapos.cookbook:mkdirectory
template = {{frontend_configuration.get('template-log-access')}} template = {{frontend_configuration.get('template-log-access')}}
rendered = {{frontend_configuration.get('log-access-configuration')}} rendered = {{frontend_configuration.get('log-access-configuration')}}
extra-context = extra-context =
section slave_log_directory slave-log-directories section slave_log_directory slave-log-directory-dict
section slave_password slave-password
raw apache_log_directory {{apache_log_directory}} raw apache_log_directory {{apache_log_directory}}
raw apache_configuration_directory {{apache_configuration_directory}} raw apache_configuration_directory {{apache_configuration_directory}}
raw local_ipv4 {{ local_ipv4 }}
raw local_ipv6 {{ local_ipv6 }}
raw https_port {{ https_port }}
raw http_port {{ http_port }}
raw global_ipv6 {{ global_ipv6 }}
raw login_certificate {{ login_certificate }}
raw login_key {{ login_key }}
{# Publish information for the instance #} {# Publish information for the instance #}
[publish-apache-information] [publish-apache-information]
......
...@@ -8,7 +8,7 @@ CADDY_SIGNATURE_FILE=$RUN_DIR/caddy_configuration.signature ...@@ -8,7 +8,7 @@ CADDY_SIGNATURE_FILE=$RUN_DIR/caddy_configuration.signature
NCADDY_SIGNATURE_FILE=$RUN_DIR/ncaddy_configuration.signature NCADDY_SIGNATURE_FILE=$RUN_DIR/ncaddy_configuration.signature
touch $CADDY_SIGNATURE_FILE touch $CADDY_SIGNATURE_FILE
sha256sum $BIN_DIR/caddy-wrapper $ETC_DIR/Caddyfile $ETC_DIR/caddy-*.d/*.conf $ETC_DIR/caddy-*.d/ssl/*.*key $ETC_DIR/caddy-*.d/ssl/*.*crt* | sort -k 66 > $NCADDY_SIGNATURE_FILE sha256sum $BIN_DIR/caddy-wrapper $ETC_DIR/Caddyfile $ETC_DIR/*-log-access.conf $ETC_DIR/caddy-*.d/*.conf $ETC_DIR/caddy-*.d/ssl/*.*key $ETC_DIR/caddy-*.d/ssl/*.*crt* | sort -k 66 > $NCADDY_SIGNATURE_FILE
# If no diff, no restart for now # If no diff, no restart for now
if diff "$CADDY_SIGNATURE_FILE" "$NCADDY_SIGNATURE_FILE"; then if diff "$CADDY_SIGNATURE_FILE" "$NCADDY_SIGNATURE_FILE"; then
......
{% for slave, directory in slave_log_directory.iteritems() %} {% for slave, directory in slave_log_directory.iteritems() %}
# TODO-Caddy Alias /{{slave}}/ {{directory}}/ https://[{{ global_ipv6 }}]:{{ https_port }}/{{ slave }}, https://{{ local_ipv4 }}:{{ https_port }}/{{ slave }} {
# TODO-Caddy <Directory {{directory}}> bind {{ local_ipv4 }}
# TODO-Caddy Order Deny,Allow #bind {{ global_ipv6 }}
# TODO-Caddy Deny from env=AUTHREQUIRED root {{directory}}/
# TODO-Caddy <Files ".??*"> browse
# TODO-Caddy Order Allow,Deny tls {{ login_certificate }} {{ login_key }}
# TODO-Caddy Deny from all basicauth "{{ slave.upper() }}" {{ slave_password[slave] }} {
# TODO-Caddy </Files> "Log Access {{ slave }}"
# TODO-Caddy AuthType Basic /
# TODO-Caddy AuthName "Log Access {{slave}}" }
# TODO-Caddy AuthUserFile "{{ apache_configuration_directory + '/.' + slave.upper() + '.htaccess'}}" }
# TODO-Caddy Require user {{slave.upper()}}
# TODO-Caddy Options Indexes FollowSymLinks
# TODO-Caddy Satisfy all
# TODO-Caddy </Directory>
{% endfor %} {% endfor %}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment