Commit d2648882 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Move parameters to caddy executable

Caddy, dislike apache, uses a lot of parameters on comand line instead of
Caddyfile, so move them there.
parent 70a936fc
...@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e ...@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg filename = instance-apache-frontend.cfg
md5sum = c1788e86063b9dffc0c024be06456679 md5sum = 293498fe5c61a72baaf15f9287d36abb
[template-apache-replicate] [template-apache-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
...@@ -31,7 +31,7 @@ md5sum = b016f416ce5390213afef56c4a41aaa1 ...@@ -31,7 +31,7 @@ md5sum = b016f416ce5390213afef56c4a41aaa1
[template-slave-configuration] [template-slave-configuration]
filename = templates/custom-virtualhost.conf.in filename = templates/custom-virtualhost.conf.in
md5sum = d103143e5d50682bd5ad43117d82e2fa md5sum = ab322884ae45085c6468bd4556a5b4ba
[template-replicate-publish-slave-information] [template-replicate-publish-slave-information]
filename = templates/replicate-publish-slave-information.cfg.in filename = templates/replicate-publish-slave-information.cfg.in
...@@ -39,7 +39,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e ...@@ -39,7 +39,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e
[template-caddy-frontend-configuration] [template-caddy-frontend-configuration]
filename = templates/Caddyfile.in filename = templates/Caddyfile.in
md5sum = 75ba24f0447240db20250a88a1ebc524 md5sum = 1e79ab65f616424fb893c63e8a2fe962
[template-custom-slave-list] [template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
...@@ -51,11 +51,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b ...@@ -51,11 +51,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-virtualhost] [template-default-virtualhost]
filename = templates/000.conf.in filename = templates/000.conf.in
md5sum = d98a01182f38868612948c87d5231428 md5sum = 3b5e20b48112a2cf070481966506d9bf
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = 7f38084af107034bedefba971abe165c md5sum = b302fc0a44ffac068902b1fb37c96bd7
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
...@@ -63,7 +63,7 @@ md5sum = 1a1a53d9ac4a1591c017d86850a94796 ...@@ -63,7 +63,7 @@ md5sum = 1a1a53d9ac4a1591c017d86850a94796
[template-log-access] [template-log-access]
filename = templates/template-log-access.conf.in filename = templates/template-log-access.conf.in
md5sum = f85005b430978f3bd24ee7ce11b0e304 md5sum = 50541094dd3ee6c240a9c7a0590fcff8
[template-empty] [template-empty]
filename = templates/empty.in filename = templates/empty.in
...@@ -99,4 +99,4 @@ md5sum = ebe5d3d19923eb812a40019cb11276d8 ...@@ -99,4 +99,4 @@ md5sum = ebe5d3d19923eb812a40019cb11276d8
[template-caddy-graceful-script] [template-caddy-graceful-script]
filename = templates/caddy-graceful-script.sh.in filename = templates/caddy-graceful-script.sh.in
md5sum = d5a00bde52b0720e210fcd8ef352a583 md5sum = 0b96d401252e3c38a552c51569457929
...@@ -123,6 +123,8 @@ configuration.ram-cache-size = 1G ...@@ -123,6 +123,8 @@ configuration.ram-cache-size = 1G
configuration.trafficserver-autoconf-port = 8083 configuration.trafficserver-autoconf-port = 8083
configuration.trafficserver-mgmt-port = 8084 configuration.trafficserver-mgmt-port = 8084
configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html
configuration.enable-http2-by-default = true
configuration.mpm-graceful-shutdown-timeout = 5
[frontend-configuration] [frontend-configuration]
template-log-access = ${template-log-access:target} template-log-access = ${template-log-access:target}
...@@ -223,13 +225,10 @@ rendered = $${apache-configuration:frontend-configuration} ...@@ -223,13 +225,10 @@ rendered = $${apache-configuration:frontend-configuration}
extra-context = extra-context =
key httpd_home software-release-path:caddy-location key httpd_home software-release-path:caddy-location
key httpd_mod_ssl_cache_directory caddy-directory:mod-ssl key httpd_mod_ssl_cache_directory caddy-directory:mod-ssl
key domain instance-parameter:configuration.domain
key document_root caddy-directory:document-root key document_root caddy-directory:document-root
key instance_home buildout:directory key instance_home buildout:directory
key ipv4_addr instance-parameter:ipv4-random key ipv4_addr instance-parameter:ipv4-random
key ipv6_addr instance-parameter:ipv6-random key ipv6_addr instance-parameter:ipv6-random
key http_port instance-parameter:configuration.plain_http_port
key https_port instance-parameter:configuration.port
key server_admin instance-parameter:configuration.server-admin key server_admin instance-parameter:configuration.server-admin
key protected_path apache-configuration:protected-path key protected_path apache-configuration:protected-path
key access_control_string apache-configuration:access-control-string key access_control_string apache-configuration:access-control-string
...@@ -239,21 +238,29 @@ extra-context = ...@@ -239,21 +238,29 @@ extra-context =
key ca_dir certificate-authority:ca-dir key ca_dir certificate-authority:ca-dir
key ca_crl certificate-authority:ca-crl key ca_crl certificate-authority:ca-crl
key access_log apache-configuration:access-log key access_log apache-configuration:access-log
key error_log apache-configuration:error-log
key pid_file apache-configuration:pid-file
key slave_configuration_directory caddy-directory:slave-configuration key slave_configuration_directory caddy-directory:slave-configuration
key cached_port apache-configuration:cache-through-port key cached_port apache-configuration:cache-through-port
key ssl_cached_port apache-configuration:ssl-cache-through-port key ssl_cached_port apache-configuration:ssl-cache-through-port
key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
section frontend_configuration frontend-configuration section frontend_configuration frontend-configuration
[caddy-wrapper-common] [caddy-wrapper]
recipe = slapos.cookbook:wrapper
command-line = ${caddy:output} command-line = ${caddy:output}
-conf $${dynamic-apache-frontend-template:rendered} -conf $${dynamic-apache-frontend-template:rendered}
-root $${caddy-directory:document-root}
-host $${instance-parameter:configuration.domain}
-http-port $${instance-parameter:configuration.plain_http_port}
-https-port $${instance-parameter:configuration.port}
-log $${apache-configuration:error-log}
-http2=$${instance-parameter:configuration.enable-http2-by-default}
-grace $${instance-parameter:configuration.mpm-graceful-shutdown-timeout}s
-pidfile $${apache-configuration:pid-file}
wrapper-path = $${directory:bin}/caddy-wrapper
[apache-frontend] [apache-frontend]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = $${caddy-wrapper-common:command-line} command-line = $${caddy-wrapper:wrapper-path}
wrapper-path = $${directory:service}/frontend_caddy wrapper-path = $${directory:service}/frontend_caddy
wait-for-files = wait-for-files =
$${ca-frontend:cert-file} $${ca-frontend:cert-file}
...@@ -283,7 +290,7 @@ error-log = $${directory:log}/frontend-apache-error.log ...@@ -283,7 +290,7 @@ error-log = $${directory:log}/frontend-apache-error.log
pid-file = $${directory:run}/httpd.pid pid-file = $${directory:run}/httpd.pid
protected-path = / protected-path = /
access-control-string = none access-control-string = none
frontend-configuration-verification = $${caddy-wrapper-common:command-line} -validate > /dev/null frontend-configuration-verification = $${caddy-wrapper:wrapper-path} -validate > /dev/null
frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi
# Comunication with ats # Comunication with ats
...@@ -294,7 +301,7 @@ ssl-cache-through-port = 26012 ...@@ -294,7 +301,7 @@ ssl-cache-through-port = 26012
# Create wrapper for "apachectl conftest" in bin # Create wrapper for "apachectl conftest" in bin
[configtest] [configtest]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = $${caddy-wrapper-common:command-line} -validate command-line = $${caddy-wrapper:wrapper-path} -validate
wrapper-path = $${directory:bin}/caddy-configtest wrapper-path = $${directory:bin}/caddy-configtest
[certificate-authority] [certificate-authority]
...@@ -520,6 +527,7 @@ mode = 0700 ...@@ -520,6 +527,7 @@ mode = 0700
extra-context = extra-context =
key directory_run directory:run key directory_run directory:run
key directory_etc directory:etc key directory_etc directory:etc
key directory_bin directory:bin
key caddy_graceful_reload_command apache-configuration:frontend-graceful-command key caddy_graceful_reload_command apache-configuration:frontend-graceful-command
[frontend-caddy-lazy-graceful] [frontend-caddy-lazy-graceful]
......
<VirtualHost *:{{ https_port }}> # TODO-Caddy <VirtualHost *:{{ https_port }}>
ServerName www.example.org # TODO-Caddy ServerName www.example.org
SSLEngine on # TODO-Caddy SSLEngine on
SSLProxyEngine on # TODO-Caddy SSLProxyEngine on
SSLProtocol all -SSLv2 -SSLv3 # TODO-Caddy SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5 # TODO-Caddy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on # TODO-Caddy SSLHonorCipherOrder on
# TODO-Caddy
# Rewrite part # TODO-Caddy # Rewrite part
ProxyPreserveHost On # TODO-Caddy ProxyPreserveHost On
ProxyTimeout 600 # TODO-Caddy ProxyTimeout 600
RewriteEngine On # TODO-Caddy RewriteEngine On
# TODO-Caddy
ErrorDocument 404 /notfound.html # TODO-Caddy ErrorDocument 404 /notfound.html
# TODO-Caddy
</VirtualHost> # TODO-Caddy </VirtualHost>
# TODO-Caddy
<VirtualHost *:{{ http_port }}> # TODO-Caddy <VirtualHost *:{{ http_port }}>
# TODO-Caddy
ServerName www.example.org # TODO-Caddy ServerName www.example.org
ErrorDocument 404 /notfound.html # TODO-Caddy ErrorDocument 404 /notfound.html
</VirtualHost> # TODO-Caddy </VirtualHost>
\ No newline at end of file
...@@ -2,12 +2,13 @@ ...@@ -2,12 +2,13 @@
RUN_DIR={{ directory_run }} RUN_DIR={{ directory_run }}
ETC_DIR={{ directory_etc }} ETC_DIR={{ directory_etc }}
BIN_DIR={{ directory_bin }}
CADDY_SIGNATURE_FILE=$RUN_DIR/caddy_configuration.signature CADDY_SIGNATURE_FILE=$RUN_DIR/caddy_configuration.signature
NCADDY_SIGNATURE_FILE=$RUN_DIR/ncaddy_configuration.signature NCADDY_SIGNATURE_FILE=$RUN_DIR/ncaddy_configuration.signature
touch $CADDY_SIGNATURE_FILE touch $CADDY_SIGNATURE_FILE
sha256sum $ETC_DIR/Caddyfile $ETC_DIR/caddy-*.d/*.conf $ETC_DIR/caddy-*.d/ssl/*.*key $ETC_DIR/caddy-*.d/ssl/*.*crt* | sort -k 66 > $NCADDY_SIGNATURE_FILE sha256sum $BIN_DIR/caddy-wrapper $ETC_DIR/Caddyfile $ETC_DIR/caddy-*.d/*.conf $ETC_DIR/caddy-*.d/ssl/*.*key $ETC_DIR/caddy-*.d/ssl/*.*crt* | sort -k 66 > $NCADDY_SIGNATURE_FILE
# If no diff, no restart for now # If no diff, no restart for now
if diff "$CADDY_SIGNATURE_FILE" "$NCADDY_SIGNATURE_FILE"; then if diff "$CADDY_SIGNATURE_FILE" "$NCADDY_SIGNATURE_FILE"; then
......
<VirtualHost *:{{ https_port }}> # TODO-Caddy <VirtualHost *:{{ https_port }}>
{{ slave_parameter.get('apache_custom_https', '') }} # TODO-Caddy {{ slave_parameter.get('apache_custom_https', '') }}
</VirtualHost> # TODO-Caddy </VirtualHost>
# TODO-Caddy
<VirtualHost *:{{ http_port }}> # TODO-Caddy <VirtualHost *:{{ http_port }}>
{{ slave_parameter.get('apache_custom_https', '') }} # TODO-Caddy {{ slave_parameter.get('apache_custom_https', '') }}
</VirtualHost> # TODO-Caddy </VirtualHost>
{% for slave, directory in slave_log_directory.iteritems() %} {% for slave, directory in slave_log_directory.iteritems() %}
Alias /{{slave}}/ {{directory}}/ # TODO-Caddy Alias /{{slave}}/ {{directory}}/
<Directory {{directory}}> # TODO-Caddy <Directory {{directory}}>
Order Deny,Allow # TODO-Caddy Order Deny,Allow
Deny from env=AUTHREQUIRED # TODO-Caddy Deny from env=AUTHREQUIRED
<Files ".??*"> # TODO-Caddy <Files ".??*">
Order Allow,Deny # TODO-Caddy Order Allow,Deny
Deny from all # TODO-Caddy Deny from all
</Files> # TODO-Caddy </Files>
AuthType Basic # TODO-Caddy AuthType Basic
AuthName "Log Access {{slave}}" # TODO-Caddy AuthName "Log Access {{slave}}"
AuthUserFile "{{ apache_configuration_directory + '/.' + slave.upper() + '.htaccess'}}" # TODO-Caddy AuthUserFile "{{ apache_configuration_directory + '/.' + slave.upper() + '.htaccess'}}"
Require user {{slave.upper()}} # TODO-Caddy Require user {{slave.upper()}}
Options Indexes FollowSymLinks # TODO-Caddy Options Indexes FollowSymLinks
Satisfy all # TODO-Caddy Satisfy all
</Directory> # TODO-Caddy </Directory>
{% endfor %} {% endfor %}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment