Remove stunnel from apache frontend recipe

66789ff2 · Cédric Le Ninivin · 9558db11 · 66789ff2 · 66789ff2
Commit 66789ff2 authored May 03, 2013 by Cédric Le Ninivin
Showing with 268 additions and 311 deletions

slapos/recipe/apache_frontend/__init__.py slapos/recipe/apache_frontend/__init__.py +239 -310

software/apache-frontend/instance.cfg software/apache-frontend/instance.cfg +29 -1

No files found.
--- a/slapos/recipe/apache_frontend/__init__.py
+++ b/slapos/recipe/apache_frontend/__init__.py
@@ -64,8 +64,6 @@ class Recipe(BaseSlapRecipe):
    self.path_list = []
    self.requirements, self.ws = self.egg.working_set()
-    # self.cron_d is a directory, where cron jobs can be registered
-    self.cron_d = self.installCrond()
    self.killpidfromfile = zc.buildout.easy_install.scripts(
        [('killpidfromfile', 'slapos.toolbox.killpidfromfile',
          'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0]
@@ -163,27 +161,30 @@ class Recipe(BaseSlapRecipe):
            rewrite_rule_list.append(rewrite_rule)
    # Certificate stuff
-    valid_certificate_str = self.parameter_dict.get("domain_ssl_ca_cert")
+    #valid_certificate_str = self.parameter_dict.get("domain_ssl_ca_cert")
-    valid_key_str = self.parameter_dict.get("domain_ssl_ca_key")
+    #valid_key_str = self.parameter_dict.get("domain_ssl_ca_key")
-    if valid_certificate_str is None and valid_key_str is None:
+    #if valid_certificate_str is None and valid_key_str is None:
-      ca_conf = self.installCertificateAuthority()
+    #  ca_conf = self.installCertificateAuthority()
-      key, certificate = self.requestCertificate(frontend_domain_name)
+    #  key, certificate = self.requestCertificate(frontend_domain_name)
-    else:
+    #else:
-      ca_conf = self.installValidCertificateAuthority(
+    #  ca_conf = self.installValidCertificateAuthority(
-          frontend_domain_name, valid_certificate_str, valid_key_str)
+    #      frontend_domain_name, valid_certificate_str, valid_key_str)
-      key = ca_conf.pop("key")
+    #  key = ca_conf.pop("key")
-      certificate = ca_conf.pop("certificate")
+    #  certificate = ca_conf.pop("certificate")
-    if service_dict != {}:
+    #if service_dict != {}:
-      if valid_certificate_str is not None and valid_key_str is not None:
+    #  if valid_certificate_str is not None and valid_key_str is not None:
-        self.installCertificateAuthority()
+    #    self.installCertificateAuthority()
-        stunnel_key, stunnel_certificate = \
+    #    stunnel_key, stunnel_certificate = \
-            self.requestCertificate(frontend_domain_name)
+    #        self.requestCertificate(frontend_domain_name)
-      else:
+    #  else:
-        stunnel_key, stunnel_certificate = key, certificate
+    #    stunnel_key, stunnel_certificate = key, certificate
-      self.installStunnel(service_dict,
+      stunnel_key, stunnel_certificate = self.options['key_path'], self.options['cert_path']
-        stunnel_certificate, stunnel_key,
-        ca_conf["ca_crl"],
+    key, certificate = self.options['key_path'], self.options['cert_path']
-        ca_conf["certificate_authority_path"])
+    #self.installStunnel(service_dict,
+    #    stunnel_certificate, stunnel_key,
+    #    self.options["ca_crl"],
+    #    self.options["ca_dir"])
    apache_parameter_dict = self.installFrontendApache(
        ip_list=["[%s]" % self.getGlobalIPv6Address(),
@@ -272,13 +273,13 @@ class Recipe(BaseSlapRecipe):
    service_name = "squid_%s" % reference
    squid_ip = self.getLocalIPv4Address()
    stunnel_port = base_squid_port + 1
-    #self.installSquidCache(service_name,
+#    self.installSquidCache(service_name,
-    #  ip=squid_ip,
+#      ip=squid_ip,
-    #  port=base_squid_port,
+#      port=base_squid_port,
-    #  backend_host=squid_ip,
+#      backend_host=squid_ip,
-    #  backend_port=stunnel_port,
+#      backend_port=stunnel_port,
-    #  domain=domain,
+#      domain=domain,
-    #  size="1G")
+#      size="1G")
    service_dict[service_name] = dict(public_ip=squid_ip,
        public_port=stunnel_port,
        private_ip=slave_host.replace("[", "").replace("]", ""),
@@ -286,245 +287,208 @@ class Recipe(BaseSlapRecipe):
    return "%s http://%s:%s" % \
        (domain, squid_ip, base_squid_port)
-  def installSquidCache(self, name, ip, port, backend_host,
+#  def installSquidCache(self, name, ip, port, backend_host,
-                                backend_port, domain, size="1G"):
+#                                backend_port, domain, size="1G"):
-    """
+#    """
-      Install a squid daemon for a certain address
+#      Install a squid daemon for a certain address
-    """
+#    """
-#     directory = self.createDataDirectory(name)
+##     directory = self.createDataDirectory(name)
-#     squid_config = dict(
+##     squid_config = dict(
-#       directory=directory,
+##       directory=directory,
-#       pid = "%s/squid.pid" % directory,
+##       pid = "%s/squid.pid" % directory,
-#       port="%s:%s" % (ip, port),
+##       port="%s:%s" % (ip, port),
-#       squidd_binary=self.options["squidd_binary"],
+##       squidd_binary=self.options["squidd_binary"],
-#       control_port="%s:%s" % (ip, control_port),
+##       control_port="%s:%s" % (ip, control_port),
-#       storage="file,%s/storage.bin,%s" % (directory, size))
+##       storage="file,%s/storage.bin,%s" % (directory, size))
+#
-# 
+## 
-#     squid_argument_list = [squid_config['squidd_binary'].strip(),
+##     squid_argument_list = [squid_config['squidd_binary'].strip(),
-#         "-F", "-n", directory, "-P", squid_config["pid"], "-p",
+##         "-F", "-n", directory, "-P", squid_config["pid"], "-p",
-#         "cc_command=exec %s " % self.options["gcc_binary"] +\
+##         "cc_command=exec %s " % self.options["gcc_binary"] +\
-#             "-fpic -shared -o %o %s",
+##             "-fpic -shared -o %o %s",
-#         "-f", config_file,
+##         "-f", config_file,
-#         "-a", squid_config["port"], "-T", squid_config["control_port"],
+##         "-a", squid_config["port"], "-T", squid_config["control_port"],
-#         "-s", squid_config["storage"]]
+##         "-s", squid_config["storage"]]
-#     environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
+##     environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
-#                                        os.environ.get('PATH')))
+##                                        os.environ.get('PATH')))
-#     wrapper = zc.buildout.easy_install.scripts([(name,
+##     wrapper = zc.buildout.easy_install.scripts([(name,
-#       'slapos.recipe.librecipe.execute', 'executee')], self.ws,
+##       'slapos.recipe.librecipe.execute', 'executee')], self.ws,
-#       sys.executable, self.service_directory, arguments=[squid_argument_list,
+##       sys.executable, self.service_directory, arguments=[squid_argument_list,
-#       environment])[0]
+##       environment])[0]
-#     self.path_list.append(wrapper)
+##     self.path_list.append(wrapper)
+#
+#
-#     directory = self.createDataDirectory(name)
+##     directory = self.createDataDirectory(name)
-    config = dict(
+#    config = dict(
-      ip=ip,
+#      ip=ip,
-      port=port,
+#      port=port,
-      backend_ip=backend_host,
+#      backend_ip=backend_host,
-      backend_port=backend_port,
+#      backend_port=backend_port,
-      domain=domain,
+#      domain=domain,
-      # XXX Hardcoded
+#      # XXX Hardcoded
-      access_log_path = os.path.join(self.log_directory, 'squid.access.log'),
+#      access_log_path = os.path.join(self.log_directory, 'squid.access.log'),
-      # XXX Hardcoded
+#      # XXX Hardcoded
-      cache_log_path = os.path.join(self.log_directory, 'squid.cache.log'),
+#      cache_log_path = os.path.join(self.log_directory, 'squid.cache.log'),
-#       cache_path=self.options['cache-path'],
+##       cache_path=self.options['cache-path'],
-      # XXX Hardcoded
+#      # XXX Hardcoded
-      pid_filename_path=os.path.join(self.run_directory, 'squid.pid'),
+#      pid_filename_path=os.path.join(self.run_directory, 'squid.pid'),
-      squid_binary=self.options["squid_binary"],
+#      squid_binary=self.options["squid_binary"],
-      )
+#      )
+#    
-    template_filename = self.getTemplateFilename('squid.conf.in')
+#    template_filename = self.getTemplateFilename('squid.conf.in')
-    config_file = self.createConfigurationFile("%s.conf" % name,
+#    config_file = self.createConfigurationFile("%s.conf" % name,
-      self.substituteTemplate(self.getTemplateFilename('squid.conf.in'),
+#      self.substituteTemplate(self.getTemplateFilename('squid.conf.in'),
-                              config))
+#                              config))
+#
-#     # Prepare directories
+##     # Prepare directories
-#     prepare_path = self.createPythonScript(
+##     prepare_path = self.createPythonScript(
-#       self.options['prepare-path'],
+##       self.options['prepare-path'],
-#       'slapos.recipe.librecipe.execute.execute',
+##       'slapos.recipe.librecipe.execute.execute',
-#       arguments=[self.options['binary-path'].strip(),
+##       arguments=[self.options['binary-path'].strip(),
-#                  '-z',
+##                  '-z',
-#                  '-f', configuration_path,
+##                  '-f', configuration_path,
-#                  ],)
+##                  ],)
-# 
+## 
-#     # Create running wrapper
+##     # Create running wrapper
-#     wrapper_path = self.createPythonScript(
+##     wrapper_path = self.createPythonScript(
-#       self.options['wrapper-path'],
+##       self.options['wrapper-path'],
-#       'slapos.recipe.librecipe.execute.execute',
+##       'slapos.recipe.librecipe.execute.execute',
-#       arguments=[self.options['binary-path'].strip(),
+##       arguments=[self.options['binary-path'].strip(),
-#                  '-N',
+##                  '-N',
-#                  '-f', configuration_path,
+##                  '-f', configuration_path,
-#                  ],)
+##                  ],)
-# 
+## 
-#     return [configuration_path, wrapper_path, prepare_path]
+##     return [configuration_path, wrapper_path, prepare_path]
+#
-    squid_argument_list = [config['squid_binary'].strip(),
+#    squid_argument_list = [config['squid_binary'].strip(),
-        "-N", "-f", config_file]
+#        "-N", "-f", config_file]
-#         "cc_command=exec %s " % self.options["gcc_binary"] +\
+##         "cc_command=exec %s " % self.options["gcc_binary"] +\
-#             "-fpic -shared -o %o %s",
+##             "-fpic -shared -o %o %s",
-#         "-f", config_file,
+##         "-f", config_file,
-#         "-a", config["port"], "-T", config["control_port"],
+##         "-a", config["port"], "-T", config["control_port"],
-#         "-s", config["storage"]]
+##         "-s", config["storage"]]
-    environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
+#    environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
-                                       os.environ.get('PATH')))
+#                                       os.environ.get('PATH')))
-    wrapper = zc.buildout.easy_install.scripts([(name,
+#    wrapper = zc.buildout.easy_install.scripts([(name,
-      'slapos.recipe.librecipe.execute', 'executee')], self.ws,
+#      'slapos.recipe.librecipe.execute', 'executee')], self.ws,
-      sys.executable, self.service_directory, arguments=[squid_argument_list,
+#      sys.executable, self.service_directory, arguments=[squid_argument_list,
-      environment])[0]
+#      environment])[0]
-    self.path_list.append(wrapper)
+#    self.path_list.append(wrapper)
+#
-    return config
+#    return config
+#  def requestCertificate(self, name):
+#    hash = hashlib.sha512(name).hexdigest()
+#    key = os.path.join(self.ca_private, hash + self.ca_key_ext)
-  def configureVarnishSlave(self, base_varnish_port, url, reference,
+#    certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
-      service_dict, domain):
+#    parser = ConfigParser.RawConfigParser()
-    # Varnish should use stunnel to connect to the backend
+#    parser.add_section('certificate')
-    base_varnish_control_port = base_varnish_port
+#    parser.set('certificate', 'name', name)
-    base_varnish_port += 1
+#    parser.set('certificate', 'key_file', key)
-    # Use regex
+#    parser.set('certificate', 'certificate_file', certificate)
-    host_regex = "((\[\w*|[0-9]+\.)(\:|)).*(\]|\.[0-9]+)"
+#    parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
-    slave_host = re.search(host_regex, url).group(0)
+#    return key, certificate
-    port_regex = "\w+(\/|)$"
-    matcher = re.search(port_regex, url)
+#  def installCrond(self):
-    if matcher is not None:
+#   timestamps = self.createDataDirectory('cronstamps')
-      slave_port = matcher.group(0)
+#   cron_output = os.path.join(self.log_directory, 'cron-output')
-      slave_port = slave_port.replace("/", "")
+#   self._createDirectory(cron_output)
-    elif url.startswith("https://"):
+#   catcher = zc.buildout.easy_install.scripts([('catchcron',
-      slave_port = 443
+#     __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
-    else:
+#     self.bin_directory, arguments=[cron_output])[0]
-      slave_port = 80
+#   self.path_list.append(catcher)
-    service_name = "varnish_%s" % reference
+#   cron_d = os.path.join(self.etc_directory, 'cron.d')
-    varnish_ip = self.getLocalIPv4Address()
+#   crontabs = os.path.join(self.etc_directory, 'crontabs')
-    stunnel_port = base_varnish_port + 1
+#   self._createDirectory(cron_d)
-    self.installVarnishCache(service_name,
+#   self._createDirectory(crontabs)
-      ip=varnish_ip,
+#   wrapper = zc.buildout.easy_install.scripts([('crond',
-      port=base_varnish_port,
+#     'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
-      control_port=base_varnish_control_port,
+#     self.service_directory, arguments=[
-      backend_host=varnish_ip,
+#       self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
-      backend_port=stunnel_port,
+#       '-t', timestamps, '-f', '-l', '5', '-M', catcher]
-      size="1G")
+#     )[0]
-    service_dict[service_name] = dict(public_ip=varnish_ip,
+#   self.path_list.append(wrapper)
-        public_port=stunnel_port,
+#   return cron_d
-        private_ip=slave_host.replace("[", "").replace("]", ""),
-        private_port=slave_port)
+#  def installValidCertificateAuthority(self, domain_name, certificate, key):
-    return "%s http://%s:%s" % \
+#    ca_dir = os.path.join(self.data_root_directory, 'ca')
-        (domain, varnish_ip, base_varnish_port)
+#    ca_private = os.path.join(ca_dir, 'private')
+#    ca_certs = os.path.join(ca_dir, 'certs')
-  def requestCertificate(self, name):
+#    ca_crl = os.path.join(ca_dir, 'crl')
-    hash = hashlib.sha512(name).hexdigest()
+#    self._createDirectory(ca_dir)
-    key = os.path.join(self.ca_private, hash + self.ca_key_ext)
+#    for path in (ca_private, ca_certs, ca_crl):
-    certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
+#      self._createDirectory(path)
-    parser = ConfigParser.RawConfigParser()
+#    key_path = os.path.join(ca_private, domain_name + ".key")
-    parser.add_section('certificate')
+#    certificate_path = os.path.join(ca_certs, domain_name + ".crt")
-    parser.set('certificate', 'name', name)
+#    self._writeFile(key_path, key)
-    parser.set('certificate', 'key_file', key)
+#    self._writeFile(certificate_path, certificate)
-    parser.set('certificate', 'certificate_file', certificate)
+#    return dict(certificate_authority_path=ca_dir,
-    parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
+#        ca_crl=ca_crl,
-    return key, certificate
+#        certificate=certificate_path,
+#        key=key_path)
-  def installCrond(self):
+#
-   timestamps = self.createDataDirectory('cronstamps')
+#  def installCertificateAuthority(self, ca_country_code='XX',
-   cron_output = os.path.join(self.log_directory, 'cron-output')
+#      ca_email='xx@example.com', ca_state='State', ca_city='City',
-   self._createDirectory(cron_output)
+#      ca_company='Company'):
-   catcher = zc.buildout.easy_install.scripts([('catchcron',
+#    backup_path = self.createBackupDirectory('ca')
-     __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
+#    self.ca_dir = os.path.join(self.data_root_directory, 'ca')
-     self.bin_directory, arguments=[cron_output])[0]
+#    self._createDirectory(self.ca_dir)
-   self.path_list.append(catcher)
+#    self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
-   cron_d = os.path.join(self.etc_directory, 'cron.d')
+#    self._createDirectory(self.ca_request_dir)
-   crontabs = os.path.join(self.etc_directory, 'crontabs')
+#    config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
-   self._createDirectory(cron_d)
+#    self.ca_private = os.path.join(self.ca_dir, 'private')
-   self._createDirectory(crontabs)
+#    self.ca_certs = os.path.join(self.ca_dir, 'certs')
-   wrapper = zc.buildout.easy_install.scripts([('crond',
+#    self.ca_crl = os.path.join(self.ca_dir, 'crl')
-     'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+#    self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
-     self.service_directory, arguments=[
+#    self.ca_key_ext = '.key'
-       self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
+#    self.ca_crt_ext = '.crt'
-       '-t', timestamps, '-f', '-l', '5', '-M', catcher]
+#    for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
-     )[0]
+#      self._createDirectory(d)
-   self.path_list.append(wrapper)
+#    for f in ['crlnumber', 'serial']:
-   return cron_d
+#      if not os.path.exists(os.path.join(self.ca_dir, f)):
+#        open(os.path.join(self.ca_dir, f), 'w').write('01')
-  def installValidCertificateAuthority(self, domain_name, certificate, key):
+#    if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
-    ca_dir = os.path.join(self.data_root_directory, 'ca')
+#      open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
-    ca_private = os.path.join(ca_dir, 'private')
+#    openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
-    ca_certs = os.path.join(ca_dir, 'certs')
+#    config.update(
-    ca_crl = os.path.join(ca_dir, 'crl')
+#        working_directory=self.ca_dir,
-    self._createDirectory(ca_dir)
+#        country_code=ca_country_code,
-    for path in (ca_private, ca_certs, ca_crl):
+#        state=ca_state,
-      self._createDirectory(path)
+#        city=ca_city,
-    key_path = os.path.join(ca_private, domain_name + ".key")
+#        company=ca_company,
-    certificate_path = os.path.join(ca_certs, domain_name + ".crt")
+#        email_address=ca_email,
-    self._writeFile(key_path, key)
+#    )
-    self._writeFile(certificate_path, certificate)
+#    self._writeFile(openssl_configuration, pkg_resources.resource_string(
-    return dict(certificate_authority_path=ca_dir,
+#      __name__, 'template/openssl.cnf.ca.in') % config)
-        ca_crl=ca_crl,
+#
-        certificate=certificate_path,
+#    # XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
-        key=key_path)
+#    #             from the instance profile.
+#    self.path_list.extend(zc.buildout.easy_install.scripts([
-  def installCertificateAuthority(self, ca_country_code='XX',
+#      ('certificate_authority', __name__ + '.certificate_authority',
-      ca_email='xx@example.com', ca_state='State', ca_city='City',
+#         'runCertificateAuthority')],
-      ca_company='Company'):
+#        self.ws, sys.executable, self.service_directory, arguments=[dict(
-    backup_path = self.createBackupDirectory('ca')
+#          openssl_configuration=openssl_configuration,
-    self.ca_dir = os.path.join(self.data_root_directory, 'ca')
+#          openssl_binary=self.options['openssl_binary'],
-    self._createDirectory(self.ca_dir)
+#          certificate=os.path.join(self.ca_dir, 'cacert.pem'),
-    self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
+#          key=os.path.join(self.ca_private, 'cakey.pem'),
-    self._createDirectory(self.ca_request_dir)
+#          crl=os.path.join(self.ca_crl),
-    config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
+#          request_dir=self.ca_request_dir
-    self.ca_private = os.path.join(self.ca_dir, 'private')
+#          )]))
-    self.ca_certs = os.path.join(self.ca_dir, 'certs')
-    self.ca_crl = os.path.join(self.ca_dir, 'crl')
-    self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
-    self.ca_key_ext = '.key'
-    self.ca_crt_ext = '.crt'
-    for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
-      self._createDirectory(d)
-    for f in ['crlnumber', 'serial']:
-      if not os.path.exists(os.path.join(self.ca_dir, f)):
-        open(os.path.join(self.ca_dir, f), 'w').write('01')
-    if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
-      open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
-    openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
-    config.update(
-        working_directory=self.ca_dir,
-        country_code=ca_country_code,
-        state=ca_state,
-        city=ca_city,
-        company=ca_company,
-        email_address=ca_email,
-    )
-    self._writeFile(openssl_configuration, pkg_resources.resource_string(
-      __name__, 'template/openssl.cnf.ca.in') % config)
-    # XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
-    #             from the instance profile.
-    self.path_list.extend(zc.buildout.easy_install.scripts([
-      ('certificate_authority', __name__ + '.certificate_authority',
-         'runCertificateAuthority')],
-        self.ws, sys.executable, self.service_directory, arguments=[dict(
-          openssl_configuration=openssl_configuration,
-          openssl_binary=self.options['openssl_binary'],
-          certificate=os.path.join(self.ca_dir, 'cacert.pem'),
-          key=os.path.join(self.ca_private, 'cakey.pem'),
-          crl=os.path.join(self.ca_crl),
-          request_dir=self.ca_request_dir
-          )]))
    # configure backup
-    backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
+    #backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
-    open(backup_cron, 'w').write(
+    #open(backup_cron, 'w').write(
-        '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
+    #    '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
-          rdiff_backup=self.options['rdiff_backup_binary'],
+    #      rdiff_backup=self.options['rdiff_backup_binary'],
-          source=self.ca_dir,
+    #      source=self.ca_dir,
-          destination=backup_path))
+    #      destination=backup_path))
-    self.path_list.append(backup_cron)
+    #self.path_list.append(backup_cron)
-    return dict(
+#    return dict(
-      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
+#      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
-      ca_crl=os.path.join(config['ca_dir'], 'crl'),
+#      ca_crl=os.path.join(config['ca_dir'], 'crl'),
-      certificate_authority_path=config['ca_dir']
+#      certificate_authority_path=config['ca_dir']
-    )
+#    )
  def _getApacheConfigurationDict(self, name, ip_list, port):
    apache_conf = dict()
@@ -543,41 +507,6 @@ class Recipe(BaseSlapRecipe):
    apache_conf['access_log'] = self.options['access-log']
    return apache_conf
-  def installVarnishCache(self, name, ip, port, control_port, backend_host,
-                                backend_port, size="1G"):
-    """
-      Install a varnish daemon for a certain address
-    """
-    directory = self.createDataDirectory(name)
-    varnish_config = dict(
-      directory=directory,
-      pid = "%s/varnish.pid" % directory,
-      port="%s:%s" % (ip, port),
-      varnishd_binary=self.options["varnishd_binary"],
-      control_port="%s:%s" % (ip, control_port),
-      storage="file,%s/storage.bin,%s" % (directory, size))
-    config_file = self.createConfigurationFile("%s.conf" % name,
-      self.substituteTemplate(self.getTemplateFilename('varnish.vcl.in'),
-        dict(backend_host=backend_host, backend_port=backend_port)))
-    varnish_argument_list = [varnish_config['varnishd_binary'].strip(),
-        "-F", "-n", directory, "-P", varnish_config["pid"], "-p",
-        "cc_command=exec %s " % self.options["gcc_binary"] +\
-            "-fpic -shared -o %o %s",
-        "-f", config_file,
-        "-a", varnish_config["port"], "-T", varnish_config["control_port"],
-        "-s", varnish_config["storage"]]
-    environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
-                                       os.environ.get('PATH')))
-    wrapper = zc.buildout.easy_install.scripts([(name,
-      'slapos.recipe.librecipe.execute', 'executee')], self.ws,
-      sys.executable, self.service_directory, arguments=[varnish_argument_list,
-      environment])[0]
-    self.path_list.append(wrapper)
-    return varnish_config
  def installStunnel(self, service_dict, certificate,
      key, ca_crl, ca_path):
    """Installs stunnel
@@ -669,14 +598,14 @@ class Recipe(BaseSlapRecipe):
      open(custom_apache_virtual_configuration_file_location, 'w')
    # Create backup of custom apache configuration
-    backup_path = self.createBackupDirectory('custom_apache_conf_backup')
+    #backup_path = self.createBackupDirectory('custom_apache_conf_backup')
-    backup_cron = os.path.join(self.cron_d, 'custom_apache_conf_backup')
+    #backup_cron = os.path.join(self.cron_d, 'custom_apache_conf_backup')
-    open(backup_cron, 'w').write(
+    #open(backup_cron, 'w').write(
-        '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
+    #    '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
-          rdiff_backup=self.options['rdiff_backup_binary'],
+    #      rdiff_backup=self.options['rdiff_backup_binary'],
-          source=custom_apache_configuration_directory,
+    #      source=custom_apache_configuration_directory,
-          destination=backup_path))
+    #      destination=backup_path))
-    self.path_list.append(backup_cron)
+    #self.path_list.append(backup_cron)
    # Create configuration file and rewritemaps
    apachemap_path = self.createConfigurationFile(

--- a/software/apache-frontend/instance.cfg
+++ b/software/apache-frontend/instance.cfg
@@ -37,6 +37,7 @@ cronstamps = $${:etc}/cronstamps
 ca-dir = $${:srv}/ssl
 squid-cache = $${:srv}/squid_cache
+stunnel-conf = $${:etc}/stunnel
 [instance-parameter]
 # Fetches parameters defined in SlapOS Master for this instance.
@@ -115,6 +116,31 @@ wrapper = $${directory:service}/apache_frontend
 # Put domain name
 name = $${instance-parameter:configuration.domain}
+[ca-stunnel]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+key-file = $${directory:stunnel-conf}/stunnel.key
+cert-file = $${directory:stunnel-conf}/stunnel.crt
+executable = $${stunnel:wrapper}
+wrapper = $${basedirectory:services}/stunnel
+[stunnel]
+recipe = slapos.cookbook:stunnel
+stunnel-binary = ${stunnel:location}/bin/stunnel
+wrapper = $${directory:bin}/stunnel
+log-file = $${directory:log}/stunnel.log
+config-file = $${directory:etc}/stunnel.conf
+key-file = $${ca-stunnel:key-file}
+cert-file = $${ca-stunnel:cert-file}
+pid-file = $${directory:run}/stunnel.pid
+local-port = $${squid-hardcoded:backend-port}
+local-host = $${squid-hardcoded:backend-ip}
+remote-host = $${squid-hardcoded:remote-host}
+remote-port = $${squid-hardcoded:remote-port}
+client = false
+post-rotate-script = $${directory:bin}/stunnel_post_rotate
 [cron]
 recipe = slapos.cookbook:cron
 dcrond-binary = ${dcron:location}/sbin/crond
@@ -183,4 +209,6 @@ ip = 10.0.24.140
 port = 26010
 backend-ip = 10.0.24.140
 backend-port = 26011
 domain = softinst34784.bateau.org
\ No newline at end of file
+remote-host = 2001:470:1f14:169:d418:9eb7:1bea:8983
+remote-port = 16001
\ No newline at end of file