diff --git a/slapos/recipe/generic_varnish/__init__.py b/slapos/recipe/generic_varnish/__init__.py index 4f93407bb28d520841aff7a96f6b3de36344915e..1ede08aa8357b0c78232cd9ffa9b6f17e3c580c7 100644 --- a/slapos/recipe/generic_varnish/__init__.py +++ b/slapos/recipe/generic_varnish/__init__.py @@ -39,9 +39,28 @@ class Recipe(GenericSlapRecipe): ip = self.options['ip'] backend_url = self.parameter_dict['tidstorage-url'] backend_server, backend_port = self._getBackendServer(backend_url) + path_list = [] + if backend_url.startswith('https://'): + config = dict( + stunnel_binary=self.options['stunnel-binary'], + stunnel_server=ip, + stunnel_port=int(self.options['stunnel-port']), + stunnel_pid_file=self.options['stunnel-pid-file'], + stunnel_conf_file=self.options['stunnel-conf-file'], + shell_path=self.options['shell-path'], + backend_server=backend_server.replace('[', '').replace(']', ''), + backend_port=backend_port, + ) + path_list.append(self.createExecutable(self.options['stunnel-wrapper'], + self.substituteTemplate(self.getTemplateFilename('stunnel.in'), + config))) + path_list.append(self.createFile(self.options['stunnel-conf-file'], + self.substituteTemplate(self.getTemplateFilename('stunnel.conf.in'), + config))) + backend_server = ip + backend_port = int(self.options['stunnel-port']) varnishd_manager_port = int(self.options['manager-port']) varnishd_server_port = int(self.options['server-port']) - path_list = [] config = dict( varnishd_binary=self.options['varnishd-binary'], varnish_ip=ip, diff --git a/slapos/recipe/generic_varnish/template/stunnel.conf.in b/slapos/recipe/generic_varnish/template/stunnel.conf.in new file mode 100644 index 0000000000000000000000000000000000000000..83f305dffe1518cc00eea83cc81a2431669a950d --- /dev/null +++ b/slapos/recipe/generic_varnish/template/stunnel.conf.in @@ -0,0 +1,10 @@ +foreground = yes +output = /dev/stdout +pid = %(stunnel_pid_file)s +debug = 4 + +[remote] +accept = %(stunnel_server)s:%(stunnel_port)s +client = yes +connect = %(backend_server)s:%(backend_port)s +sni = %(stunnel_server)s diff --git a/slapos/recipe/generic_varnish/template/stunnel.in b/slapos/recipe/generic_varnish/template/stunnel.in new file mode 100644 index 0000000000000000000000000000000000000000..fad93d78c8fc060b071dd5f9de4af69e6ec69efe --- /dev/null +++ b/slapos/recipe/generic_varnish/template/stunnel.in @@ -0,0 +1,3 @@ +#!%(shell_path)s +DAEMON_OPTS="%(stunnel_conf_file)s" +exec %(stunnel_binary)s ${DAEMON_OPTS} 2>&1 diff --git a/stack/erp5/buildout.cfg b/stack/erp5/buildout.cfg index 708b8e15788cbe067aefc1623df35d3da5e75f04..ba6068267bd55f770fa3449d3cb7ba9c26e9b006 100644 --- a/stack/erp5/buildout.cfg +++ b/stack/erp5/buildout.cfg @@ -48,6 +48,7 @@ extends = ../../component/python-2.7/buildout.cfg ../../component/python-ldap-python/buildout.cfg ../../component/rdiff-backup/buildout.cfg + ../../component/stunnel/buildout.cfg ../../component/subversion/buildout.cfg ../../component/tesseract/buildout.cfg ../../component/varnish/buildout.cfg @@ -76,6 +77,7 @@ parts = graphviz haproxy jsl + stunnel varnish-3.0 w3m poppler @@ -235,7 +237,7 @@ mode = 640 # XXX: "template.cfg" is hardcoded in instanciation recipe filename = template.cfg template = ${:_profile_base_location_}/instance.cfg.in -md5sum = fbb7ea50d7ea6d4e25725801cc3fd5f9 +md5sum = a1a5a9983207e4a8128bab331cbd3cd5 extra-context = key apache_location apache:location key aspell_location aspell:location @@ -274,6 +276,7 @@ extra-context = key openssl_location openssl:location key poppler_location poppler:location key sed_location sed:location + key stunnel_location stunnel:location key template_cloudooo template-cloudooo:target key template_erp5_single template-erp5-single:target key template_erp5_cluster template-erp5-cluster:target @@ -316,7 +319,7 @@ mode = 640 [template-varnish] recipe = slapos.recipe.build:download url = ${:_profile_base_location_}/instance-varnish.cfg.in -md5sum = 728650f5d20ad637d8d824d1968865ca +md5sum = ae0465591c22c0cb316c1706965c6b18 mode = 640 [bt5-repository] diff --git a/stack/erp5/instance-varnish.cfg.in b/stack/erp5/instance-varnish.cfg.in index d4f0ef5ef7fdd805536b293a9ac269d2978e20ec..7867ba1c18316e9e0d45b264848da088202ce1c5 100644 --- a/stack/erp5/instance-varnish.cfg.in +++ b/stack/erp5/instance-varnish.cfg.in @@ -28,18 +28,23 @@ recipe = slapos.cookbook:generic.varnish ip = ${slap-network-information:local-ipv4} server-port = 6001 manager-port = 6002 +stunnel-port = 6003 # Paths: Running wrappers varnishd-wrapper = ${basedirectory:services}/varnishd varnishlog-wrapper = ${rootdirectory:bin}/varnishlog +stunnel-wrapper = ${basedirectory:services}/stunnel # Binary information varnishd-binary = {{ parameter_dict['varnish'] }}/sbin/varnishd varnishlog-binary = {{ parameter_dict['varnish'] }}/bin/varnishlog shell-path = {{ parameter_dict['dash'] }}/bin/dash +stunnel-binary = {{ parameter_dict['stunnel'] }}/bin/stunnel # Configuration by VCL vcl-file = ${rootdirectory:etc}/default.vcl pid-file = ${basedirectory:run}/varnishd.pid +stunnel-conf-file = ${rootdirectory:etc}/stunnel.conf +stunnel-pid-file = ${basedirectory:run}/stunnel.pid varnish-data = ${directory:varnish-data} # this will pass at -n option varnish-instance-name = ${directory:varnish-instance} diff --git a/stack/erp5/instance.cfg.in b/stack/erp5/instance.cfg.in index 96357d446a7b5a21ecfa158ffb3338a050412062..945345284b1e2a0554acb828e149d4be47ef495c 100644 --- a/stack/erp5/instance.cfg.in +++ b/stack/erp5/instance.cfg.in @@ -99,6 +99,7 @@ dash = {{ dash_location }} dcron = {{ dcron_location }} gzip = {{ gzip_location }} logrotate = {{ logrotate_location }} +stunnel = {{ stunnel_location }} varnish = {{ varnish_location }} wget = {{ wget_location }} buildout-bin-directory = {{ buildout_bin_directory }}