Commit c1485d65 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Implement access to log files

parent 0b53209e
......@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
[template-apache-frontend]
filename = instance-apache-frontend.cfg
md5sum = df34d8398a5f19ac7a828e1c85c22867
md5sum = 6416ce7ffa3e856f8ba06722ab9232fe
[template-apache-replicate]
filename = instance-apache-replicate.cfg.in
......@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913
[template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
md5sum = 0643a19572f65e496e1656df0971d8bd
md5sum = 8333871e68e76c7792b4624a2a90b707
[template-slave-configuration]
filename = templates/custom-virtualhost.conf.in
......@@ -43,7 +43,7 @@ md5sum = d1a7a759aa2801c96ecf4445a33203f2
[template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
md5sum = 0643a19572f65e496e1656df0971d8bd
md5sum = 8333871e68e76c7792b4624a2a90b707
[template-not-found-html]
filename = templates/notfound.html
......@@ -63,7 +63,7 @@ md5sum = b66ebb546e1762419a22ac853437a9c2
[template-log-access]
filename = templates/template-log-access.conf.in
md5sum = 50541094dd3ee6c240a9c7a0590fcff8
md5sum = cd3043964ae7fd8489e545ba0d4fc603
[template-empty]
filename = templates/empty.in
......@@ -99,4 +99,4 @@ md5sum = ebe5d3d19923eb812a40019cb11276d8
[template-caddy-graceful-script]
filename = templates/caddy-graceful-script.sh.in
md5sum = 0b96d401252e3c38a552c51569457929
md5sum = add097b3cb757675787a87c8ae7fb0cc
......@@ -132,9 +132,6 @@ log-access-configuration = $${directory:etc}/apache-log-access.conf
caddy-directory = ${caddy:location}
caddy-ipv6 = $${instance-parameter:ipv6-random}
caddy-https-port = $${instance-parameter:configuration.port}
# XXX: Maybe it is not the best way to redirect -- anyway instantiation
# will fail ASA Apache will be removed
htpasswd = ${buildout:bin-directory}/htpasswd
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
......
......@@ -57,10 +57,9 @@ crl = {{ custom_ssl_directory }}/crl/
{% set slave_logrotate_section = slave_reference + "-logs" -%}
{% set slave_password_section = slave_reference + "-password" -%}
{% set slave_ln_section = slave_reference + "-ln" -%}
{% set slave_htaccess_section = slave_reference + '-htaccess' %}
{# extend parts #}
{% do part_list.extend([slave_htaccess_section, slave_ln_section]) -%}
{% do part_list.extend([slave_ln_section]) -%}
{% do part_list.extend([slave_logrotate_section, slave_section_title]) -%}
{% set slave_log_folder = logrotate_dict.get('backup') + '/' + slave_reference + "-logs" -%}
......@@ -108,9 +107,12 @@ crl = {{ custom_ssl_directory }}/crl/
{% do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) -%}
{% endif -%}
[slave-log-directories]
[slave-log-directory-dict]
{{slave_reference}} = {{ slave_log_folder }}
[slave-password]
{{ slave_reference }} = {{ '${' + slave_password_section + ':passwd}' }}
{# Set slave logrotate entry #}
[{{slave_logrotate_section}}]
<= logrotate
......@@ -131,13 +133,6 @@ recipe = slapos.cookbook:generate.password
storage-path = {{apache_configuration_directory}}/.{{slave_reference}}.passwd
bytes = 8
{# Set up htaccess file for slave #}
[{{slave_htaccess_section}}]
recipe = plone.recipe.command
stop-on-error = true
htaccess-path = {{apache_configuration_directory}}/.{{slave_reference}}.htaccess
command = {{frontend_configuration.get('htpasswd')}} -cb ${:htaccess-path} {{ slave_reference }} {{ '${' + slave_password_section + ':passwd}' }}
{# ################################################## #}
{# Set Slave Certificates if needed #}
......@@ -329,6 +324,7 @@ extra-context =
{% endfor %}
[slave-log-directories]
<= slave-log-directory-dict
recipe = slapos.cookbook:mkdirectory
{# Define log access #}
......@@ -337,9 +333,17 @@ recipe = slapos.cookbook:mkdirectory
template = {{frontend_configuration.get('template-log-access')}}
rendered = {{frontend_configuration.get('log-access-configuration')}}
extra-context =
section slave_log_directory slave-log-directories
section slave_log_directory slave-log-directory-dict
section slave_password slave-password
raw apache_log_directory {{apache_log_directory}}
raw apache_configuration_directory {{apache_configuration_directory}}
raw local_ipv4 {{ local_ipv4 }}
raw local_ipv6 {{ local_ipv6 }}
raw https_port {{ https_port }}
raw http_port {{ http_port }}
raw global_ipv6 {{ global_ipv6 }}
raw login_certificate {{ login_certificate }}
raw login_key {{ login_key }}
{# Publish information for the instance #}
[publish-apache-information]
......
......@@ -8,7 +8,7 @@ CADDY_SIGNATURE_FILE=$RUN_DIR/caddy_configuration.signature
NCADDY_SIGNATURE_FILE=$RUN_DIR/ncaddy_configuration.signature
touch $CADDY_SIGNATURE_FILE
sha256sum $BIN_DIR/caddy-wrapper $ETC_DIR/Caddyfile $ETC_DIR/caddy-*.d/*.conf $ETC_DIR/caddy-*.d/ssl/*.*key $ETC_DIR/caddy-*.d/ssl/*.*crt* | sort -k 66 > $NCADDY_SIGNATURE_FILE
sha256sum $BIN_DIR/caddy-wrapper $ETC_DIR/Caddyfile $ETC_DIR/*-log-access.conf $ETC_DIR/caddy-*.d/*.conf $ETC_DIR/caddy-*.d/ssl/*.*key $ETC_DIR/caddy-*.d/ssl/*.*crt* | sort -k 66 > $NCADDY_SIGNATURE_FILE
# If no diff, no restart for now
if diff "$CADDY_SIGNATURE_FILE" "$NCADDY_SIGNATURE_FILE"; then
......
{% for slave, directory in slave_log_directory.iteritems() %}
# TODO-Caddy Alias /{{slave}}/ {{directory}}/
# TODO-Caddy <Directory {{directory}}>
# TODO-Caddy Order Deny,Allow
# TODO-Caddy Deny from env=AUTHREQUIRED
# TODO-Caddy <Files ".??*">
# TODO-Caddy Order Allow,Deny
# TODO-Caddy Deny from all
# TODO-Caddy </Files>
# TODO-Caddy AuthType Basic
# TODO-Caddy AuthName "Log Access {{slave}}"
# TODO-Caddy AuthUserFile "{{ apache_configuration_directory + '/.' + slave.upper() + '.htaccess'}}"
# TODO-Caddy Require user {{slave.upper()}}
# TODO-Caddy Options Indexes FollowSymLinks
# TODO-Caddy Satisfy all
# TODO-Caddy </Directory>
https://[{{ global_ipv6 }}]:{{ https_port }}/{{ slave }}, https://{{ local_ipv4 }}:{{ https_port }}/{{ slave }} {
bind {{ local_ipv4 }}
#bind {{ global_ipv6 }}
root {{directory}}/
browse
tls {{ login_certificate }} {{ login_key }}
basicauth "{{ slave.upper() }}" {{ slave_password[slave] }} {
"Log Access {{ slave }}"
/
}
}
{% endfor %}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment