caddy-frontend: Move parameters to caddy executable

Caddy, dislike apache, uses a lot of parameters on comand line instead of
Caddyfile, so move them there.

software/caddy-frontend/buildout.hash.cfg

@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
 
 [template-apache-frontend]
 filename = instance-apache-frontend.cfg
-md5sum = 99799dd57aff3a803debcac3d2f27b61
+md5sum = 6828f1bf17083033731c9936070e53f0
 
 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -31,7 +31,7 @@ md5sum = 0dc922c2cafe99b16c9debe0fd5461a7
 
 [template-slave-configuration]
 filename = templates/custom-virtualhost.conf.in
-md5sum = d103143e5d50682bd5ad43117d82e2fa
+md5sum = ab322884ae45085c6468bd4556a5b4ba
 
 [template-replicate-publish-slave-information]
 filename = templates/replicate-publish-slave-information.cfg.in
@@ -39,7 +39,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e
 
 [template-caddy-frontend-configuration]
 filename = templates/Caddyfile.in
-md5sum = 75ba24f0447240db20250a88a1ebc524
+md5sum = 1e79ab65f616424fb893c63e8a2fe962
 
 [template-custom-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
@@ -51,11 +51,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
 
 [template-default-virtualhost]
 filename = templates/000.conf.in
-md5sum = d98a01182f38868612948c87d5231428
+md5sum = 3b5e20b48112a2cf070481966506d9bf
 
 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = 7f38084af107034bedefba971abe165c
+md5sum = b302fc0a44ffac068902b1fb37c96bd7
 
 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
@@ -63,7 +63,7 @@ md5sum = 1a1a53d9ac4a1591c017d86850a94796
 
 [template-log-access]
 filename = templates/template-log-access.conf.in
-md5sum = f85005b430978f3bd24ee7ce11b0e304
+md5sum = 50541094dd3ee6c240a9c7a0590fcff8
 
 [template-empty]
 filename = templates/empty.in
@@ -87,4 +87,4 @@ md5sum = ebe5d3d19923eb812a40019cb11276d8
 
 [template-caddy-graceful-script]
 filename = templates/caddy-graceful-script.sh.in
-md5sum = d5a00bde52b0720e210fcd8ef352a583
+md5sum = 0b96d401252e3c38a552c51569457929

software/caddy-frontend/instance-apache-frontend.cfg

@@ -107,6 +107,8 @@ configuration.ram-cache-size = 1G
 configuration.trafficserver-autoconf-port = 8083
 configuration.trafficserver-mgmt-port = 8084
 configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html
+configuration.enable-http2-by-default = true
+configuration.mpm-graceful-shutdown-timeout = 5
 
 [frontend-configuration]
 template-log-access = ${template-log-access:target}
@@ -198,13 +200,10 @@ rendered = $${apache-configuration:frontend-configuration}
 extra-context =
     key httpd_home software-release-path:caddy-location
     key httpd_mod_ssl_cache_directory caddy-directory:mod-ssl
-    key domain instance-parameter:configuration.domain
     key document_root caddy-directory:document-root
     key instance_home buildout:directory
     key ipv4_addr instance-parameter:ipv4-random
     key ipv6_addr instance-parameter:ipv6-random
-    key http_port instance-parameter:configuration.plain_http_port
-    key https_port instance-parameter:configuration.port
     key server_admin instance-parameter:configuration.server-admin
     key protected_path apache-configuration:protected-path
     key access_control_string apache-configuration:access-control-string
@@ -214,21 +213,29 @@ extra-context =
     key ca_dir  certificate-authority:ca-dir
     key ca_crl certificate-authority:ca-crl
     key access_log apache-configuration:access-log
-    key error_log apache-configuration:error-log
-    key pid_file apache-configuration:pid-file
     key slave_configuration_directory caddy-directory:slave-configuration
     key cached_port apache-configuration:cache-through-port
     key ssl_cached_port apache-configuration:ssl-cache-through-port
     key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
     section frontend_configuration frontend-configuration
 
-[caddy-wrapper-common]
+[caddy-wrapper]
+recipe = slapos.cookbook:wrapper
 command-line = ${caddy:output}
   -conf $${dynamic-apache-frontend-template:rendered}
+  -root $${caddy-directory:document-root}
+  -host $${instance-parameter:configuration.domain}
+  -http-port $${instance-parameter:configuration.plain_http_port}
+  -https-port $${instance-parameter:configuration.port}
+  -log $${apache-configuration:error-log}
+  -http2=$${instance-parameter:configuration.enable-http2-by-default}
+  -grace $${instance-parameter:configuration.mpm-graceful-shutdown-timeout}s
+  -pidfile $${apache-configuration:pid-file}
+wrapper-path = $${directory:bin}/caddy-wrapper
 
 [apache-frontend]
 recipe = slapos.cookbook:wrapper
-command-line = $${caddy-wrapper-common:command-line}
+command-line = $${caddy-wrapper:wrapper-path}
 wrapper-path = $${directory:service}/frontend_caddy
 wait-for-files =
 	       $${ca-frontend:cert-file}
@@ -257,7 +264,7 @@ error-log = $${directory:log}/frontend-apache-error.log
 pid-file = $${directory:run}/httpd.pid
 protected-path = /
 access-control-string = none
-frontend-configuration-verification = $${caddy-wrapper-common:command-line} -validate > /dev/null
+frontend-configuration-verification = $${caddy-wrapper:wrapper-path} -validate > /dev/null
 frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi
 
 # Comunication with ats
@@ -268,7 +275,7 @@ ssl-cache-through-port = 26012
 # Create wrapper for "apachectl conftest" in bin
 [configtest]
 recipe = slapos.cookbook:wrapper
-command-line = $${caddy-wrapper-common:command-line} -validate
+command-line = $${caddy-wrapper:wrapper-path} -validate
 wrapper-path = $${directory:bin}/caddy-configtest
 
 [certificate-authority]
@@ -482,6 +489,7 @@ mode = 0700
 extra-context =
     key directory_run directory:run
     key directory_etc directory:etc
+    key directory_bin directory:bin
     key caddy_graceful_reload_command apache-configuration:frontend-graceful-command
 
 [frontend-caddy-lazy-graceful]

software/caddy-frontend/templates/000.conf.in

-<VirtualHost *:{{ https_port }}>
-  ServerName www.example.org
-  SSLEngine on
-  SSLProxyEngine on
-  SSLProtocol all -SSLv2 -SSLv3
-  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
-  SSLHonorCipherOrder on
-
-  # Rewrite part
-  ProxyPreserveHost On
-  ProxyTimeout 600
-  RewriteEngine On
-
-  ErrorDocument 404 /notfound.html
-
-</VirtualHost>
-
-<VirtualHost *:{{ http_port }}>
-
-  ServerName www.example.org
-  ErrorDocument 404 /notfound.html
-</VirtualHost>
\ No newline at end of file
+# TODO-Caddy <VirtualHost *:{{ https_port }}>
+# TODO-Caddy   ServerName www.example.org
+# TODO-Caddy   SSLEngine on
+# TODO-Caddy   SSLProxyEngine on
+# TODO-Caddy   SSLProtocol all -SSLv2 -SSLv3
+# TODO-Caddy   SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
+# TODO-Caddy   SSLHonorCipherOrder on
+# TODO-Caddy 
+# TODO-Caddy   # Rewrite part
+# TODO-Caddy   ProxyPreserveHost On
+# TODO-Caddy   ProxyTimeout 600
+# TODO-Caddy   RewriteEngine On
+# TODO-Caddy 
+# TODO-Caddy   ErrorDocument 404 /notfound.html
+# TODO-Caddy 
+# TODO-Caddy </VirtualHost>
+# TODO-Caddy 
+# TODO-Caddy <VirtualHost *:{{ http_port }}>
+# TODO-Caddy 
+# TODO-Caddy   ServerName www.example.org
+# TODO-Caddy   ErrorDocument 404 /notfound.html
+# TODO-Caddy </VirtualHost>

software/caddy-frontend/templates/Caddyfile.in

@@ -2,165 +2,154 @@
 # Automatically generated
 
 # Basic server configuration
-PidFile "{{ pid_file }}"
-ServerName {{ domain }}
-DocumentRoot {{ document_root }}
-ServerRoot {{ instance_home }}
-
-{{ "Listen %s:%s" % (ipv4_addr, cached_port)  }}
-{{ "Listen %s:%s" % (ipv4_addr, ssl_cached_port)  }}
-{% for ip in (ipv4_addr, "[%s]" % ipv6_addr) -%}
-{%   for port in (http_port, https_port) -%}
-{{ "Listen %s:%s" % (ip, port)  }}
-{%   endfor -%}
-{% endfor -%}
-
-ServerAdmin {{ server_admin }}
-TypesConfig {{ httpd_home }}/conf/mime.types
-AddType application/x-compress .Z
-AddType application/x-gzip .gz .tgz
+# XXX: Does Caddy need ServerRoot equavilence?
+#ServerRoot {{ instance_home }}
+
+
+# TODO-Caddy {{ "Listen %s:%s" % (ipv4_addr, cached_port)  }}
+# TODO-Caddy {{ "Listen %s:%s" % (ipv4_addr, ssl_cached_port)  }}
+bind ipv4_addr
+bind ipv6_addr
+
+# TODO-Caddy ServerAdmin {{ server_admin }}
+# TODO-Caddy TypesConfig {{ httpd_home }}/conf/mime.types
+# TODO-Caddy AddType application/x-compress .Z
+# TODO-Caddy AddType application/x-gzip .gz .tgz
 
 # As backend is trusting REMOTE_USER header unset it always
-RequestHeader unset REMOTE_USER
+# TODO-Caddy RequestHeader unset REMOTE_USER
 
-ServerTokens Prod
+# TODO-Caddy ServerTokens Prod
 
 # Disable TRACE Method
-TraceEnable off
+# TODO-Caddy TraceEnable off
 
 # Log configuration
-ErrorLog "{{ error_log }}"
-LogLevel notice
 # LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
 # LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b" common
 # CustomLog "{{ access_log }}" common
-LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
-CustomLog "{{ access_log }}" combined
-
-<Directory {{ protected_path }}>
-  Order Deny,Allow
-  Allow from {{ access_control_string }}
-</Directory>
-
-<Directory {{ document_root }}>
-  Require all granted
-  Options -Indexes
-  ErrorDocument 404 /notfound.html
-  RewriteEngine on
-  RewriteRule ^/?$ notfound.html [R=404,L]
-</Directory>
+# TODO-Caddy LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+# TODO-Caddy CustomLog "{{ access_log }}" combined
+
+# TODO-Caddy <Directory {{ protected_path }}>
+# TODO-Caddy   Order Deny,Allow
+# TODO-Caddy   Allow from {{ access_control_string }}
+# TODO-Caddy </Directory>
+
+# TODO-Caddy <Directory {{ document_root }}>
+# TODO-Caddy   Require all granted
+# TODO-Caddy   Options -Indexes
+# TODO-Caddy   ErrorDocument 404 /notfound.html
+# TODO-Caddy   RewriteEngine on
+# TODO-Caddy   RewriteRule ^/?$ notfound.html [R=404,L]
+# TODO-Caddy </Directory>
 
 # List of modules
-LoadModule unixd_module        {{ httpd_home }}/modules/mod_unixd.so
-LoadModule access_compat_module {{ httpd_home }}/modules/mod_access_compat.so
-LoadModule authz_core_module  {{ httpd_home }}/modules/mod_authz_core.so
-LoadModule authz_host_module  {{ httpd_home }}/modules/mod_authz_host.so
-LoadModule authn_core_module  {{ httpd_home }}/modules/mod_authn_core.so
-LoadModule log_config_module  {{ httpd_home }}/modules/mod_log_config.so
-LoadModule deflate_module     {{ httpd_home }}/modules/mod_deflate.so
-LoadModule setenvif_module    {{ httpd_home }}/modules/mod_setenvif.so
-LoadModule version_module     {{ httpd_home }}/modules/mod_version.so
-LoadModule proxy_module       {{ httpd_home }}/modules/mod_proxy.so
-LoadModule proxy_http_module  {{ httpd_home }}/modules/mod_proxy_http.so
-LoadModule ssl_module         {{ httpd_home }}/modules/mod_ssl.so
-LoadModule mime_module        {{ httpd_home }}/modules/mod_mime.so
-LoadModule dav_module         {{ httpd_home }}/modules/mod_dav.so
-LoadModule dav_fs_module      {{ httpd_home }}/modules/mod_dav_fs.so
-LoadModule negotiation_module {{ httpd_home }}/modules/mod_negotiation.so
-LoadModule rewrite_module     {{ httpd_home }}/modules/mod_rewrite.so
-LoadModule headers_module     {{ httpd_home }}/modules/mod_headers.so
-LoadModule cache_module       {{ httpd_home }}/modules/mod_cache.so
-LoadModule cache_socache_module   {{ httpd_home }}/modules/mod_cache_socache.so
-LoadModule socache_shmcb_module   {{ httpd_home }}/modules/mod_socache_shmcb.so
-LoadModule alias_module       {{ httpd_home }}/modules/mod_alias.so
-LoadModule autoindex_module   {{ httpd_home }}/modules/mod_autoindex.so
-LoadModule auth_basic_module  {{ httpd_home }}/modules/mod_auth_basic.so
-LoadModule authz_user_module  {{ httpd_home }}/modules/mod_authz_user.so
-LoadModule authn_file_module  {{ httpd_home }}/modules/mod_authn_file.so
-LoadModule filter_module       {{ httpd_home }}/modules/mod_filter.so
-LoadModule http2_module       {{ httpd_home }}/modules/mod_http2.so
-LoadModule info_module        {{ httpd_home }}/modules/mod_info.so
-LoadModule status_module      {{ httpd_home }}/modules/mod_status.so
-LoadModule reqtimeout_module  {{ httpd_home }}/modules/mod_reqtimeout.so
+# TODO-Caddy LoadModule unixd_module        {{ httpd_home }}/modules/mod_unixd.so
+# TODO-Caddy LoadModule access_compat_module {{ httpd_home }}/modules/mod_access_compat.so
+# TODO-Caddy LoadModule authz_core_module  {{ httpd_home }}/modules/mod_authz_core.so
+# TODO-Caddy LoadModule authz_host_module  {{ httpd_home }}/modules/mod_authz_host.so
+# TODO-Caddy LoadModule authn_core_module  {{ httpd_home }}/modules/mod_authn_core.so
+# TODO-Caddy LoadModule log_config_module  {{ httpd_home }}/modules/mod_log_config.so
+# TODO-Caddy LoadModule deflate_module     {{ httpd_home }}/modules/mod_deflate.so
+# TODO-Caddy LoadModule setenvif_module    {{ httpd_home }}/modules/mod_setenvif.so
+# TODO-Caddy LoadModule version_module     {{ httpd_home }}/modules/mod_version.so
+# TODO-Caddy LoadModule proxy_module       {{ httpd_home }}/modules/mod_proxy.so
+# TODO-Caddy LoadModule proxy_http_module  {{ httpd_home }}/modules/mod_proxy_http.so
+# TODO-Caddy LoadModule ssl_module         {{ httpd_home }}/modules/mod_ssl.so
+# TODO-Caddy LoadModule mime_module        {{ httpd_home }}/modules/mod_mime.so
+# TODO-Caddy LoadModule dav_module         {{ httpd_home }}/modules/mod_dav.so
+# TODO-Caddy LoadModule dav_fs_module      {{ httpd_home }}/modules/mod_dav_fs.so
+# TODO-Caddy LoadModule negotiation_module {{ httpd_home }}/modules/mod_negotiation.so
+# TODO-Caddy LoadModule rewrite_module     {{ httpd_home }}/modules/mod_rewrite.so
+# TODO-Caddy LoadModule headers_module     {{ httpd_home }}/modules/mod_headers.so
+# TODO-Caddy LoadModule cache_module       {{ httpd_home }}/modules/mod_cache.so
+# TODO-Caddy LoadModule cache_socache_module   {{ httpd_home }}/modules/mod_cache_socache.so
+# TODO-Caddy LoadModule socache_shmcb_module   {{ httpd_home }}/modules/mod_socache_shmcb.so
+# TODO-Caddy LoadModule alias_module       {{ httpd_home }}/modules/mod_alias.so
+# TODO-Caddy LoadModule autoindex_module   {{ httpd_home }}/modules/mod_autoindex.so
+# TODO-Caddy LoadModule auth_basic_module  {{ httpd_home }}/modules/mod_auth_basic.so
+# TODO-Caddy LoadModule authz_user_module  {{ httpd_home }}/modules/mod_authz_user.so
+# TODO-Caddy LoadModule authn_file_module  {{ httpd_home }}/modules/mod_authn_file.so
+# TODO-Caddy LoadModule filter_module       {{ httpd_home }}/modules/mod_filter.so
+# TODO-Caddy LoadModule http2_module       {{ httpd_home }}/modules/mod_http2.so
+# TODO-Caddy LoadModule info_module        {{ httpd_home }}/modules/mod_info.so
+# TODO-Caddy LoadModule status_module      {{ httpd_home }}/modules/mod_status.so
+# TODO-Caddy LoadModule reqtimeout_module  {{ httpd_home }}/modules/mod_reqtimeout.so
 
 # The following directives modify normal HTTP response behavior to
 # handle known problems with browser implementations.
-BrowserMatch "Mozilla/2" nokeepalive
-BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
-                        downgrade-1.0 force-response-1.0
-BrowserMatch "RealPlayer 4\.0" force-response-1.0
-BrowserMatch "Java/1\.0" force-response-1.0
-BrowserMatch "JDK/1\.0" force-response-1.0
+# TODO-Caddy BrowserMatch "Mozilla/2" nokeepalive
+# TODO-Caddy BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
+# TODO-Caddy                         downgrade-1.0 force-response-1.0
+# TODO-Caddy BrowserMatch "RealPlayer 4\.0" force-response-1.0
+# TODO-Caddy BrowserMatch "Java/1\.0" force-response-1.0
+# TODO-Caddy BrowserMatch "JDK/1\.0" force-response-1.0
 # The following directive disables redirects on non-GET requests for
 # a directory that does not include the trailing slash.  This fixes a
 # problem with Microsoft WebFolders which does not appropriately handle
 # redirects for folders with DAV methods.
 # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
-BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
-BrowserMatch "MS FrontPage" redirect-carefully
-BrowserMatch "^WebDrive" redirect-carefully
-BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
-BrowserMatch "^gnome-vfs" redirect-carefully
-BrowserMatch "^XML Spy" redirect-carefully
-BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
-
-
-{% if slapparameter_dict.get('enable-http2-by-default', 'true') == 'true' %}
-Protocols h2 http/1.1
-{% endif %}
-
-ExtendedStatus On
-<Location /server-status>
-    SetHandler server-status
-    Order Deny,Allow
-    Deny from all
-    Allow from All
-
-    AuthType basic
-    AuthName "Apache Server Status"
-    AuthBasicProvider file
-    AuthUserFile {{ instance_home }}/etc/monitor-htpasswd
-    Require valid-user
-</Location>
-
-ServerLimit {{ slapparameter_dict.get('mpm-server-limit', '16') }}
-MaxClients {{ slapparameter_dict.get('mpm-max-clients', '400') }}
-StartServers {{ slapparameter_dict.get('mpm-start-servers', '3') }}
-ThreadsPerChild {{ slapparameter_dict.get('mpm-thread-per-child', '25') }}
+# TODO-Caddy BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+# TODO-Caddy BrowserMatch "MS FrontPage" redirect-carefully
+# TODO-Caddy BrowserMatch "^WebDrive" redirect-carefully
+# TODO-Caddy BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
+# TODO-Caddy BrowserMatch "^gnome-vfs" redirect-carefully
+# TODO-Caddy BrowserMatch "^XML Spy" redirect-carefully
+# TODO-Caddy BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+
+
+# TODO-Caddy ExtendedStatus On
+# TODO-Caddy <Location /server-status>
+# TODO-Caddy     SetHandler server-status
+# TODO-Caddy     Order Deny,Allow
+# TODO-Caddy     Deny from all
+# TODO-Caddy     Allow from All
+# TODO-Caddy 
+# TODO-Caddy     AuthType basic
+# TODO-Caddy     AuthName "Apache Server Status"
+# TODO-Caddy     AuthBasicProvider file
+# TODO-Caddy     AuthUserFile {{ instance_home }}/etc/monitor-htpasswd
+# TODO-Caddy     Require valid-user
+# TODO-Caddy </Location>
+
+# TODO-Caddy ServerLimit {{ slapparameter_dict.get('mpm-server-limit', '16') }}
+# TODO-Caddy MaxClients {{ slapparameter_dict.get('mpm-max-clients', '400') }}
+# TODO-Caddy StartServers {{ slapparameter_dict.get('mpm-start-servers', '3') }}
+# TODO-Caddy ThreadsPerChild {{ slapparameter_dict.get('mpm-thread-per-child', '25') }}
 #MaxRequestsPerChild 0 // Default value is 0
-GracefulShutdownTimeout {{ slapparameter_dict.get('mpm-graceful-shutdown-timeout', '5') }}
 
 # Deflate
-AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
-BrowserMatch ^Mozilla/4 gzip-only-text/html
-BrowserMatch ^Mozilla/4\.0[678] no-gzip
-BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+# TODO-Caddy AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
+# TODO-Caddy BrowserMatch ^Mozilla/4 gzip-only-text/html
+# TODO-Caddy BrowserMatch ^Mozilla/4\.0[678] no-gzip
+# TODO-Caddy BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
 
 # SSL Configuration
-SSLCertificateFile {{ login_certificate }}
-SSLCertificateKeyFile {{ login_key }}
-{% if slapparameter_dict.get('apache-ca-certificate') %}
-SSLCACertificateFile {{ login_ca_crt }}
-{% endif %}
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
-SSLSessionCacheTimeout  300
-SSLRandomSeed startup /dev/urandom 256
-SSLRandomSeed connect builtin
-SSLProtocol all -SSLv2 -SSLv3
-SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
-SSLHonorCipherOrder on
-<FilesMatch "\.(cgi|shtml|phtml|php)$">
-      SSLOptions +StdEnvVars
-</FilesMatch>
+# TODO-Caddy SSLCertificateFile {{ login_certificate }}
+# TODO-Caddy SSLCertificateKeyFile {{ login_key }}
+# TODO-Caddy {% if slapparameter_dict.get('apache-ca-certificate') %}
+# TODO-Caddy SSLCACertificateFile {{ login_ca_crt }}
+# TODO-Caddy {% endif %}
+# TODO-Caddy SSLRandomSeed startup builtin
+# TODO-Caddy SSLRandomSeed connect builtin
+# TODO-Caddy SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
+# TODO-Caddy SSLSessionCacheTimeout  300
+# TODO-Caddy SSLRandomSeed startup /dev/urandom 256
+# TODO-Caddy SSLRandomSeed connect builtin
+# TODO-Caddy SSLProtocol all -SSLv2 -SSLv3
+# TODO-Caddy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
+# TODO-Caddy SSLHonorCipherOrder on
+# TODO-Caddy <FilesMatch "\.(cgi|shtml|phtml|php)$">
+# TODO-Caddy       SSLOptions +StdEnvVars
+# TODO-Caddy </FilesMatch>
 # Accept proxy to sites using self-signed SSL certificates
-SSLProxyCheckPeerCN off
-SSLProxyCheckPeerExpire off
+# TODO-Caddy SSLProxyCheckPeerCN off
+# TODO-Caddy SSLProxyCheckPeerExpire off
 
-include {{frontend_configuration.get('log-access-configuration')}}
-includeoptional {{ slave_configuration_directory }}/*.conf
-includeoptional {{ slave_with_cache_configuration_directory }}/*.conf
+import {{frontend_configuration.get('log-access-configuration')}}
+import {{ slave_configuration_directory }}/*.conf
+import {{ slave_with_cache_configuration_directory }}/*.conf
 
-ErrorDocument 404 /notfound.html
-RewriteRule (.*) /notfound.html [R=404,L]
+# TODO-Caddy ErrorDocument 404 /notfound.html
+# TODO-Caddy RewriteRule (.*) /notfound.html [R=404,L]

software/caddy-frontend/templates/caddy-graceful-script.sh.in

@@ -2,12 +2,13 @@
 
 RUN_DIR={{ directory_run }}
 ETC_DIR={{ directory_etc }}
+BIN_DIR={{ directory_bin }}
 
 CADDY_SIGNATURE_FILE=$RUN_DIR/caddy_configuration.signature
 NCADDY_SIGNATURE_FILE=$RUN_DIR/ncaddy_configuration.signature
 
 touch $CADDY_SIGNATURE_FILE
-sha256sum $ETC_DIR/Caddyfile $ETC_DIR/caddy-*.d/*.conf $ETC_DIR/caddy-*.d/ssl/*.*key $ETC_DIR/caddy-*.d/ssl/*.*crt* | sort -k 66 > $NCADDY_SIGNATURE_FILE
+sha256sum $BIN_DIR/caddy-wrapper $ETC_DIR/Caddyfile $ETC_DIR/caddy-*.d/*.conf $ETC_DIR/caddy-*.d/ssl/*.*key $ETC_DIR/caddy-*.d/ssl/*.*crt* | sort -k 66 > $NCADDY_SIGNATURE_FILE
 
 # If no diff, no restart for now
 if diff "$CADDY_SIGNATURE_FILE" "$NCADDY_SIGNATURE_FILE"; then

software/caddy-frontend/templates/custom-virtualhost.conf.in

-<VirtualHost *:{{ https_port }}>
-{{ slave_parameter.get('apache_custom_https', '') }}
-</VirtualHost>
-
-<VirtualHost *:{{ http_port }}>
-{{ slave_parameter.get('apache_custom_https', '') }}
-</VirtualHost>
+# TODO-Caddy <VirtualHost *:{{ https_port }}>
+# TODO-Caddy {{ slave_parameter.get('apache_custom_https', '') }}
+# TODO-Caddy </VirtualHost>
+# TODO-Caddy 
+# TODO-Caddy <VirtualHost *:{{ http_port }}>
+# TODO-Caddy {{ slave_parameter.get('apache_custom_https', '') }}
+# TODO-Caddy </VirtualHost>

software/caddy-frontend/templates/default-virtualhost.conf.in

@@ -13,134 +13,134 @@
                                  ('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
                                  ('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
 
-<VirtualHost *:{{ https_port }}>
-  ServerName {{ slave_parameter.get('custom_domain') }}
-  ServerAlias {{ slave_parameter.get('custom_domain') }}
+# TODO-Caddy <VirtualHost *:{{ https_port }}>
+# TODO-Caddy   ServerName {{ slave_parameter.get('custom_domain') }}
+# TODO-Caddy   ServerAlias {{ slave_parameter.get('custom_domain') }}
 
 {%- for server_alias in server_alias_list %}
-  ServerAlias {{ server_alias }}
+# TODO-Caddy   ServerAlias {{ server_alias }}
 {% endfor %}
 
-  SSLEngine on
-  SSLProxyEngine on
+# TODO-Caddy   SSLEngine on
+# TODO-Caddy   SSLProxyEngine on
 {% if ssl_proxy_verify -%}
 {%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
-  SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
+# TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
 {%   endif %}
-  SSLProxyVerify require
-  #SSLProxyCheckPeerCN on
-  SSLProxyCheckPeerExpire on
+# TODO-Caddy   SSLProxyVerify require
+# TODO-Caddy   #SSLProxyCheckPeerCN on
+# TODO-Caddy   SSLProxyCheckPeerExpire on
 {% endif %}
-  SSLProtocol all -SSLv2 -SSLv3
-  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
-  SSLHonorCipherOrder on
+# TODO-Caddy   SSLProtocol all -SSLv2 -SSLv3
+# TODO-Caddy   SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
+# TODO-Caddy   SSLHonorCipherOrder on
 
 {% if enable_h2 %}
-  Protocols h2 http/1.1
+# TODO-Caddy   Protocols h2 http/1.1
 {% endif -%}
 
 {% for key, value in ssl_configuration_list -%}
 {%   if value in slave_parameter -%}
-{{ '  %s' % key }} {{ slave_parameter.get(value) }}
+# TODO-Caddy {{ '  %s' % key }} {{ slave_parameter.get(value) }}
 {% endif -%}
 {% endfor -%}
 
-  # One Slave two logs
-  ErrorLog "{{ slave_parameter.get('error_log') }}"
-  LogLevel notice
-  LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
-  CustomLog "{{ slave_parameter.get('access_log') }}" combined
+# TODO-Caddy   # One Slave two logs
+# TODO-Caddy   ErrorLog "{{ slave_parameter.get('error_log') }}"
+# TODO-Caddy   LogLevel notice
+# TODO-Caddy   LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+# TODO-Caddy   CustomLog "{{ slave_parameter.get('access_log') }}" combined
 
-  # Rewrite part
-  ProxyPreserveHost On
-  ProxyTimeout 600
-  RewriteEngine On
+# TODO-Caddy   # Rewrite part
+# TODO-Caddy   ProxyPreserveHost On
+# TODO-Caddy   ProxyTimeout 600
+# TODO-Caddy   RewriteEngine On
 
 {% if disable_via_header %}
-  Header unset Via
+# TODO-Caddy   Header unset Via
 {% endif -%}
 
 {% if disable_no_cache_header %}
-  RequestHeader unset Cache-Control
-  RequestHeader unset Pragma
+# TODO-Caddy   RequestHeader unset Cache-Control
+# TODO-Caddy   RequestHeader unset Pragma
 {% endif -%}
 
 {%- for disabled_cookie in disabled_cookie_list %}
-{{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
+# TODO-Caddy {{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
 {% endfor -%}
 
 {%- if prefer_gzip %}
-  RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
+# TODO-Caddy   RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
 {% endif %}
 
 {% if slave_type ==  'zope' -%}
   {% if 'default-path' in slave_parameter %}
-  RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
+# TODO-Caddy   RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
   {% endif -%}
   # First, we check if we have a zope backend server
   # If so, let's use Virtual Host Monster rewrite
   # We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
-  RewriteRule ^/(.*)$ {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }}/VirtualHostBase/https//%{SERVER_NAME}:{{ slave_parameter.get('virtualhostroot-https-port', '443') }}/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
+# TODO-Caddy   RewriteRule ^/(.*)$ {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }}/VirtualHostBase/https//%{SERVER_NAME}:{{ slave_parameter.get('virtualhostroot-https-port', '443') }}/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
 {% elif slave_type ==  'redirect' -%}
-  RewriteRule  (.*)  {{ slave_parameter.get('https-url', slave_parameter.get('url', ''))}}$1 [R,L]
+# TODO-Caddy   RewriteRule  (.*)  {{ slave_parameter.get('https-url', slave_parameter.get('url', ''))}}$1 [R,L]
 {% else -%}
   {% if 'default-path' in slave_parameter %}
-  RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
+# TODO-Caddy   RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
   {% endif -%}
-  RewriteRule ^/(.*)$ {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }}/$1 [L,P]
+# TODO-Caddy   RewriteRule ^/(.*)$ {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }}/$1 [L,P]
 {% endif -%}
-</VirtualHost>
+# TODO-Caddy </VirtualHost>
 
-<VirtualHost *:{{ http_port }}>
-  ServerName {{ slave_parameter.get('custom_domain') }}
-  ServerAlias {{ slave_parameter.get('custom_domain') }}
+# TODO-Caddy <VirtualHost *:{{ http_port }}>
+# TODO-Caddy   ServerName {{ slave_parameter.get('custom_domain') }}
+# TODO-Caddy   ServerAlias {{ slave_parameter.get('custom_domain') }}
 
 {%-  for server_alias in server_alias_list %}
-  ServerAlias {{ server_alias }}
+# TODO-Caddy   ServerAlias {{ server_alias }}
 {% endfor %}
 
-  SSLProxyEngine on
+# TODO-Caddy   SSLProxyEngine on
 {% if ssl_proxy_verify -%}
 {%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
-  SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
+# TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
 {%   endif %}
-  SSLProxyVerify require
-  #SSLProxyCheckPeerCN on
-  SSLProxyCheckPeerExpire on
+# TODO-Caddy   SSLProxyVerify require
+# TODO-Caddy   #SSLProxyCheckPeerCN on
+# TODO-Caddy   SSLProxyCheckPeerExpire on
 {% endif %}
-  # Rewrite part
-  ProxyPreserveHost On
-  ProxyTimeout 600
+# TODO-Caddy   # Rewrite part
+# TODO-Caddy   ProxyPreserveHost On
+# TODO-Caddy   ProxyTimeout 600
 
 {% if disable_via_header %}
-  Header unset Via
+# TODO-Caddy   Header unset Via
 {% endif -%}
-  RewriteEngine On
+# TODO-Caddy   RewriteEngine On
 
-  # One Slave two logs
-  ErrorLog "{{ slave_parameter.get('error_log') }}"
-  LogLevel notice
-  LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
-  CustomLog "{{ slave_parameter.get('access_log') }}" combined
+# TODO-Caddy   # One Slave two logs
+# TODO-Caddy   ErrorLog "{{ slave_parameter.get('error_log') }}"
+# TODO-Caddy   LogLevel notice
+# TODO-Caddy   LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+# TODO-Caddy   CustomLog "{{ slave_parameter.get('access_log') }}" combined
 
-  # Remove "Secure" from cookies, as backend may be https
-  Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
+# TODO-Caddy   # Remove "Secure" from cookies, as backend may be https
+# TODO-Caddy   Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
 
 {% if enable_h2 %}
-  Protocols h2 http/1.1
+# TODO-Caddy   Protocols h2 http/1.1
 {% endif -%}
 
 {% if disable_no_cache_header %}
-  RequestHeader unset Cache-Control
-  RequestHeader unset Pragma
+# TODO-Caddy   RequestHeader unset Cache-Control
+# TODO-Caddy   RequestHeader unset Pragma
 {% endif -%}
 
 {%- for disabled_cookie in disabled_cookie_list %}
-{{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
+# TODO-Caddy {{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
 {% endfor -%}
 
 {%- if prefer_gzip %}
-  RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
+# TODO-Caddy   RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
 {% endif %}
 
 # Next line is forbidden and people who copy it will be hanged short
@@ -148,26 +148,26 @@
   # Not using HTTPS? Ask that guy over there.
   # Dummy redirection to https. Note: will work only if https listens
   # on standard port (443).
-  RewriteCond     %{SERVER_PORT}  !^{{ https_port }}$
-  RewriteRule     ^/(.*)          https://%{SERVER_NAME}/$1 [NC,R,L]
+# TODO-Caddy   RewriteCond     %{SERVER_PORT}  !^{{ https_port }}$
+# TODO-Caddy   RewriteRule     ^/(.*)          https://%{SERVER_NAME}/$1 [NC,R,L]
 {% elif slave_type ==  'redirect' -%}
-  RewriteRule     (.*)  {{slave_parameter.get('url', '')}}$1 [R,L]
+# TODO-Caddy   RewriteRule     (.*)  {{slave_parameter.get('url', '')}}$1 [R,L]
 {% elif slave_type ==  'zope' -%}
   {% if 'default-path' in slave_parameter %}
-  RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
+# TODO-Caddy   RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
   {% endif -%}
   # First, we check if we have a zope backend server
   # If so, let's use Virtual Host Daemon rewrite
   # We suppose that Apache listens to 80 (even indirectly thanks to things like iptables)
-  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http/%{SERVER_NAME}:{{ slave_parameter.get('virtualhostroot-http-port', '80') }}/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
+# TODO-Caddy   RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http/%{SERVER_NAME}:{{ slave_parameter.get('virtualhostroot-http-port', '80') }}/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
 {% else -%}
   {% if 'default-path' in slave_parameter %}
-  RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
+# TODO-Caddy   RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
   {% endif -%}
-  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
+# TODO-Caddy   RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
 {% endif -%}
   # If nothing exist : put a nice error
 #  ErrorDocument 404 /notfound.html
 # Dadiboom
 
-</VirtualHost>
+# TODO-Caddy </VirtualHost>

software/caddy-frontend/templates/template-log-access.conf.in

 {% for slave, directory in slave_log_directory.iteritems() %}
-Alias /{{slave}}/ {{directory}}/
-<Directory {{directory}}>
-  Order Deny,Allow
-  Deny from env=AUTHREQUIRED
-  <Files ".??*">
-    Order Allow,Deny
-    Deny from all
-  </Files>
-  AuthType Basic
-  AuthName "Log Access {{slave}}"
-  AuthUserFile "{{ apache_configuration_directory + '/.' + slave.upper() + '.htaccess'}}"
-  Require user {{slave.upper()}}
-  Options Indexes FollowSymLinks
-  Satisfy all
-</Directory>
+# TODO-Caddy Alias /{{slave}}/ {{directory}}/
+# TODO-Caddy <Directory {{directory}}>
+# TODO-Caddy   Order Deny,Allow
+# TODO-Caddy   Deny from env=AUTHREQUIRED
+# TODO-Caddy   <Files ".??*">
+# TODO-Caddy     Order Allow,Deny
+# TODO-Caddy     Deny from all
+# TODO-Caddy   </Files>
+# TODO-Caddy   AuthType Basic
+# TODO-Caddy   AuthName "Log Access {{slave}}"
+# TODO-Caddy   AuthUserFile "{{ apache_configuration_directory + '/.' + slave.upper() + '.htaccess'}}"
+# TODO-Caddy   Require user {{slave.upper()}}
+# TODO-Caddy   Options Indexes FollowSymLinks
+# TODO-Caddy   Satisfy all
+# TODO-Caddy </Directory>
 
 {% endfor %}