software/erp5testnode: Replace caddy with haproxy

software/erp5testnode/buildout.hash.cfg

@@ -18,4 +18,4 @@ md5sum = 5bd72da73a8b84f70f568686924d7d6c
 
 [template-default]
 filename = instance-default.cfg.jinja.in
-md5sum = 2aafd7708aac85847da3a8679b84fe34
+md5sum = 96fb2221c8a91fb44dc5b931c29e0af9

software/erp5testnode/instance-default.cfg.jinja.in

@@ -107,23 +107,43 @@ inline =
     --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \
     --service "/:$(id -u):$(id -g):HOME:$${shell-environment:shell} -l"
 
+[shellinabox-frontend-certificate]
+recipe = plone.recipe.command
+command =
+  if [ ! -e $${:cert-file} ]
+  then
+    ${openssl-output:openssl} req -x509 -nodes -days 3650 \
+      -subj "/C=AA/ST=X/L=X/O=Dis/CN=$${:common-name}" \
+      -newkey rsa:2048 -keyout $${:cert-file} \
+      -out $${:cert-file}
+  fi
+update-command = $${:command}
+cert-file = $${directory:var}/$${:_buildout_section_name_}.pem
+common-name = $${:ipv6}
+location =
+  $${:cert-file}
+ipv6 = {{ partition_ipv6 }}
+
 [shellinabox-frontend-config]
-recipe = slapos.recipe.template
+recipe = slapos.recipe.template:jinja2
+url = ${stack-haproxy-default-backend-config:target}
 output = $${directory:etc}/$${:_buildout_section_name_}
-inline =
-  https://$${:hostname}:$${:port} {
-    bind $${:ipv6}
-    tls self_signed
-    gzip
-    log stdout
-    errors stderr
-    proxy / unix:$${shellinabox:socket}
-    basicauth $${:username} $${:passwd} {
-      realm "Test Node $${testnode:test-node-title}"
-      /
-    }
-  }
-ipv6 = {{ partition_ipv6 }}
+context =
+  key pidfile :pidfile
+  key content :content
+pidfile = $${:pidfile}
+content =
+  userlist auth
+    user $${:username} insecure-password $${:passwd}
+
+  listen app
+    log global
+    acl auth_ok http_auth(auth)
+    http-request auth realm "Test Node $${testnode:test-node-title}" unless auth_ok
+    bind $${:ipv6}:$${:port} ssl crt $${shellinabox-frontend-certificate:cert-file} alpn h2,http/1.1
+    server app unix@$${shellinabox:socket}
+
+ipv6 = $${shellinabox-frontend-certificate:ipv6}
 hostname = [$${:ipv6}]
 port = 8080
 username = testnode
@@ -131,24 +151,24 @@ passwd = $${pwgen:passwd}
 cert-file = $${directory:shellinabox}/public.crt
 key-file = $${directory:shellinabox}/private.key
 backend-url = https://$${:username}:$${:passwd}@$${:hostname}:$${:port}
-
+pidfile = $${basedirectory:run}/shellinabox-haproxy.pid
 
 [shellinabox-frontend]
 recipe = slapos.cookbook:wrapper
 wrapper-path = $${rootdirectory:bin}/$${:_buildout_section_name_}
 command-line =
-  ${caddy:output} -conf $${shellinabox-frontend-config:output} -pidfile $${:pidfile}
+  ${haproxy:location}/sbin/haproxy -f $${shellinabox-frontend-config:output}
 url =  $${shellinabox-frontend-config:backend-url}
 hostname = $${shellinabox-frontend-config:ipv6}
 port = $${shellinabox-frontend-config:port}
-pidfile = $${basedirectory:run}/$${:_buildout_section_name_}.pid
+pidfile = $${shellinabox-frontend-config:pidfile}
 
 [shellinabox-frontend-reload]
 recipe = slapos.cookbook:wrapper
 wrapper-path = $${basedirectory:services}/$${:_buildout_section_name_}
 command-line =
   ${bash:location}/bin/bash -c
-  "kill -s USR1 $$(${coreutils:location}/bin/cat $${shellinabox-frontend:pidfile}) \
+  "kill -s USR2 $$(${coreutils:location}/bin/cat $${shellinabox-frontend:pidfile}) \
     && ${coreutils:location}/bin/sleep infinity"
 hash-files =
   $${shellinabox-frontend-config:output}

software/erp5testnode/software.cfg

@@ -2,11 +2,11 @@
 extends =
   buildout.hash.cfg
   ../../stack/slapos.cfg
+  ../../stack/haproxy/default-backend.cfg
   ../../component/git/buildout.cfg
   ../../component/lxml-python/buildout.cfg
   ../../component/zip/buildout.cfg
   ../../component/bash/buildout.cfg
-  ../../component/caddy/buildout.cfg
   ../../component/coreutils/buildout.cfg
   ../../component/shellinabox/buildout.cfg
   ../../component/pwgen/buildout.cfg