Commit 1cc2ae69 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Improve generated haproxy backend configuration

Avoid creating needless entries and minimise needless newlines, and reflect
this in test data, as in such case no backend_log is created, as nothing is
configured on backend Haproxy level.
parent 3469e864
...@@ -54,7 +54,7 @@ md5sum = 266f175dbdfc588af7a86b0b1884fe73 ...@@ -54,7 +54,7 @@ md5sum = 266f175dbdfc588af7a86b0b1884fe73
[template-backend-haproxy-configuration] [template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in _update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = 80081a7ded0029bb24b4fe2d06b6ae95 md5sum = 9b261b30eb7931e0e8f1e5dcba4696b8
[template-log-access] [template-log-access]
_update_hash_filename_ = templates/template-log-access.conf.in _update_hash_filename_ = templates/template-log-access.conf.in
......
...@@ -14,27 +14,30 @@ defaults ...@@ -14,27 +14,30 @@ defaults
timeout connect {{ configuration['backend-connect-timeout'] }}s timeout connect {{ configuration['backend-connect-timeout'] }}s
retries {{ configuration['backend-connect-retries'] }} retries {{ configuration['backend-connect-retries'] }}
{%- set SCHEME_PREFIX_MAPPING = { 'http': 'http_backend', 'https': 'https_backend'} %}
{%- macro frontend_entry(slave_instance, scheme, wildcard) %} {%- macro frontend_entry(slave_instance, scheme, wildcard) %}
{#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #} {#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
{%- set host_list = (slave_instance.get('server-alias') or '').split() %} {%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] %}
{%- if slave_instance.get('custom_domain') not in host_list %} {%- set host_list = (slave_instance.get('server-alias') or '').split() %}
{%- do host_list.append(slave_instance.get('custom_domain')) %} {%- if slave_instance.get('custom_domain') not in host_list %}
{%- endif %} {%- do host_list.append(slave_instance.get('custom_domain')) %}
{%- set matched = {'count': 0} %} {%- endif %}
{%- for host in host_list %} {%- set matched = {'count': 0} %}
{#- Match up to the end or optional port (starting with ':') #} {%- for host in host_list %}
{#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #} {#- Match up to the end or optional port (starting with ':') #}
{%- if wildcard and host.startswith('*.') %} {#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
{%- do matched.__setitem__('count', matched['count'] + 1) %} {%- if wildcard and host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
# match wildcard {{ host }} # match wildcard {{ host }}
acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i {{ host[2:] }}($|:.*) acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i {{ host[2:] }}($|:.*)
{%- elif not wildcard and not host.startswith('*.') %} {%- elif not wildcard and not host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %} {%- do matched.__setitem__('count', matched['count'] + 1) %}
acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i ^{{ host }}($|:.*) acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i ^{{ host }}($|:.*)
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
{%- if matched['count'] > 0 %} {%- if matched['count'] > 0 %}
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }} use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}
{%- endif %}
{%- endif %} {%- endif %}
{%- endmacro %} {%- endmacro %}
...@@ -49,59 +52,58 @@ frontend statistic ...@@ -49,59 +52,58 @@ frontend statistic
frontend http-backend frontend http-backend
bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }} bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
{%- for slave_instance in backend_slave_list %} {%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', False) }} {{ frontend_entry(slave_instance, 'http', False) }}
{%- endfor %} {%- endfor %}
{%- for slave_instance in backend_slave_list %} {%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', True) }} {{ frontend_entry(slave_instance, 'http', True) }}
{%- endfor %} {%- endfor %}
frontend https-backend frontend https-backend
bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }}
{%- for slave_instance in backend_slave_list %} {%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', False) }} {{ frontend_entry(slave_instance, 'https', False) }}
{%- endfor %} {%- endfor %}
{%- for slave_instance in backend_slave_list %} {%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', True) }} {{ frontend_entry(slave_instance, 'https', True) }}
{%- endfor %} {%- endfor %}
{%- for slave_instance in backend_slave_list %} {%- for slave_instance in backend_slave_list %}
{%- for (scheme, prefix) in [('http', 'http_backend'), ('https', 'https_backend')] %} {%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
{%- set info_dict = slave_instance[prefix] %} {%- set info_dict = slave_instance[prefix] %}
{%- if info_dict['scheme'] == 'https' %} {%- if info_dict['hostname'] and info_dict['port'] %}
{%- set ssl = [] %} {%- set ssl_list = [] %}
{%- if slave_instance['authenticate-to-backend'] %} {%- if info_dict['scheme'] == 'https' %}
{%- set ssl = ['crt %s' % (configuration['certificate'],)] %} {%- if slave_instance['authenticate-to-backend'] %}
{%- endif %} {%- do ssl_list.append('crt %s' % (configuration['certificate'],)) %}
{%- do ssl.append('ssl verify') %} {%- endif %}
{%- set path_to_ssl_proxy_ca_crt = slave_instance.get('path_to_ssl_proxy_ca_crt') %} {%- do ssl_list.append('ssl verify') %}
{%- if slave_instance['ssl_proxy_verify'] %} {%- set path_to_ssl_proxy_ca_crt = slave_instance.get('path_to_ssl_proxy_ca_crt') %}
{%- if path_to_ssl_proxy_ca_crt %} {%- if slave_instance['ssl_proxy_verify'] %}
{%- do ssl.append('required ca-file %s' % (path_to_ssl_proxy_ca_crt,)) %} {%- if path_to_ssl_proxy_ca_crt %}
{%- do ssl_list.append('required ca-file %s' % (path_to_ssl_proxy_ca_crt,)) %}
{%- else %}
{#- Backend SSL shall be verified, but not CA provided, disallow connection #}
{#- Simply dropping hostname from the dict will result with ignoring it... #}
{%- do info_dict.__setitem__('hostname', '') %}
{%- endif %}
{%- else %} {%- else %}
{#- Backend SSL shall be verified, but not CA provided, disallow connection #} {%- do ssl_list.append('none') %}
{#- Simply dropping hostname from the dict will result with ignoring it... #}
{%- do info_dict.__setitem__('hostname', '') %}
{%- endif %} {%- endif %}
{%- else %}
{%- do ssl.append('none') %}
{%- endif %} {%- endif %}
{%- set ssl = ' '.join(ssl) %}
{%- else %}
{%- set ssl = '' %}
{%- endif %}
backend {{ slave_instance['slave_reference'] }}-{{ scheme }} backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
{%- set hostname = info_dict['hostname'] %} {%- set hostname = info_dict['hostname'] %}
{%- set port = info_dict['port'] %} {%- set port = info_dict['port'] %}
{%- set path = info_dict['path'].rstrip('/') %} {%- set path = info_dict['path'].rstrip('/') %}
{%- if hostname and port %} {%- if hostname and port %}
timeout server {{ slave_instance['request-timeout'] }}s timeout server {{ slave_instance['request-timeout'] }}s
timeout connect {{ slave_instance['backend-connect-timeout'] }}s timeout connect {{ slave_instance['backend-connect-timeout'] }}s
retries {{ slave_instance['backend-connect-retries'] }} retries {{ slave_instance['backend-connect-retries'] }}
server backend {{ hostname }}:{{ port }} {{ ssl }} server backend {{ hostname }}:{{ port }} {{ ' '.join(ssl_list) }}
{%- if path %} {%- if path %}
http-request set-path {{ path }}%[path] http-request set-path {{ path }}%[path]
{%- endif %}
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
......
...@@ -1801,15 +1801,18 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1801,15 +1801,18 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.instance_path, '*', 'etc', 'backend-haproxy.cfg'))[0] self.instance_path, '*', 'etc', 'backend-haproxy.cfg'))[0]
with open(backend_configuration_file) as fh: with open(backend_configuration_file) as fh:
content = fh.read() content = fh.read()
self.assertTrue("""backend _Url-http self.assertIn("""backend _Url-http
timeout server 12s timeout server 12s
timeout connect 5s timeout connect 5s
retries 3""" in content) retries 3""", content)
self.assertTrue(""" timeout queue 60s self.assertIn(""" timeout queue 60s
timeout server 12s timeout server 12s
timeout client 12s timeout client 12s
timeout connect 5s timeout connect 5s
retries 3""" in content) retries 3""", content)
# check that no needless entries are generated
self.assertIn("backend _Url-http\n", content)
self.assertNotIn("backend _Url-https\n", content)
def test_auth_to_backend(self): def test_auth_to_backend(self):
parameter_dict = self.assertSlaveBase('auth-to-backend') parameter_dict = self.assertSlaveBase('auth-to-backend')
......
...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log ...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_backend_log
T-2/var/log/httpd/_enable-http2-default_error_log T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_backend_log
T-2/var/log/httpd/_enable-http2-false_error_log T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_backend_log
T-2/var/log/httpd/_enable-http2-true_error_log T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
......
...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log ...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_backend_log
T-2/var/log/httpd/_enable-http2-default_error_log T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_backend_log
T-2/var/log/httpd/_enable-http2-false_error_log T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_backend_log
T-2/var/log/httpd/_enable-http2-true_error_log T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
......
...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log ...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_backend_log
T-2/var/log/httpd/_enable-http2-default_error_log T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_backend_log
T-2/var/log/httpd/_enable-http2-false_error_log T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_backend_log
T-2/var/log/httpd/_enable-http2-true_error_log T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
......
...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log ...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_backend_log
T-2/var/log/httpd/_enable-http2-default_error_log T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_backend_log
T-2/var/log/httpd/_enable-http2-false_error_log T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_backend_log
T-2/var/log/httpd/_enable-http2-true_error_log T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
......
...@@ -22,7 +22,6 @@ T-2/var/log/httpd/_auth-to-backend_access_log ...@@ -22,7 +22,6 @@ T-2/var/log/httpd/_auth-to-backend_access_log
T-2/var/log/httpd/_auth-to-backend_backend_log T-2/var/log/httpd/_auth-to-backend_backend_log
T-2/var/log/httpd/_auth-to-backend_error_log T-2/var/log/httpd/_auth-to-backend_error_log
T-2/var/log/httpd/_ciphers_access_log T-2/var/log/httpd/_ciphers_access_log
T-2/var/log/httpd/_ciphers_backend_log
T-2/var/log/httpd/_ciphers_error_log T-2/var/log/httpd/_ciphers_error_log
T-2/var/log/httpd/_custom_domain_access_log T-2/var/log/httpd/_custom_domain_access_log
T-2/var/log/httpd/_custom_domain_backend_log T-2/var/log/httpd/_custom_domain_backend_log
...@@ -43,7 +42,6 @@ T-2/var/log/httpd/_disabled-cookie-list_access_log ...@@ -43,7 +42,6 @@ T-2/var/log/httpd/_disabled-cookie-list_access_log
T-2/var/log/httpd/_disabled-cookie-list_backend_log T-2/var/log/httpd/_disabled-cookie-list_backend_log
T-2/var/log/httpd/_disabled-cookie-list_error_log T-2/var/log/httpd/_disabled-cookie-list_error_log
T-2/var/log/httpd/_empty_access_log T-2/var/log/httpd/_empty_access_log
T-2/var/log/httpd/_empty_backend_log
T-2/var/log/httpd/_empty_error_log T-2/var/log/httpd/_empty_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_backend_log T-2/var/log/httpd/_enable-http2-default_backend_log
...@@ -79,10 +77,8 @@ T-2/var/log/httpd/_https-only_access_log ...@@ -79,10 +77,8 @@ T-2/var/log/httpd/_https-only_access_log
T-2/var/log/httpd/_https-only_backend_log T-2/var/log/httpd/_https-only_backend_log
T-2/var/log/httpd/_https-only_error_log T-2/var/log/httpd/_https-only_error_log
T-2/var/log/httpd/_monitor-ipv4-test_access_log T-2/var/log/httpd/_monitor-ipv4-test_access_log
T-2/var/log/httpd/_monitor-ipv4-test_backend_log
T-2/var/log/httpd/_monitor-ipv4-test_error_log T-2/var/log/httpd/_monitor-ipv4-test_error_log
T-2/var/log/httpd/_monitor-ipv6-test_access_log T-2/var/log/httpd/_monitor-ipv6-test_access_log
T-2/var/log/httpd/_monitor-ipv6-test_backend_log
T-2/var/log/httpd/_monitor-ipv6-test_error_log T-2/var/log/httpd/_monitor-ipv6-test_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log
......
...@@ -22,7 +22,6 @@ T-2/var/log/httpd/_auth-to-backend_access_log ...@@ -22,7 +22,6 @@ T-2/var/log/httpd/_auth-to-backend_access_log
T-2/var/log/httpd/_auth-to-backend_backend_log T-2/var/log/httpd/_auth-to-backend_backend_log
T-2/var/log/httpd/_auth-to-backend_error_log T-2/var/log/httpd/_auth-to-backend_error_log
T-2/var/log/httpd/_ciphers_access_log T-2/var/log/httpd/_ciphers_access_log
T-2/var/log/httpd/_ciphers_backend_log
T-2/var/log/httpd/_ciphers_error_log T-2/var/log/httpd/_ciphers_error_log
T-2/var/log/httpd/_custom_domain_access_log T-2/var/log/httpd/_custom_domain_access_log
T-2/var/log/httpd/_custom_domain_backend_log T-2/var/log/httpd/_custom_domain_backend_log
...@@ -43,7 +42,6 @@ T-2/var/log/httpd/_disabled-cookie-list_access_log ...@@ -43,7 +42,6 @@ T-2/var/log/httpd/_disabled-cookie-list_access_log
T-2/var/log/httpd/_disabled-cookie-list_backend_log T-2/var/log/httpd/_disabled-cookie-list_backend_log
T-2/var/log/httpd/_disabled-cookie-list_error_log T-2/var/log/httpd/_disabled-cookie-list_error_log
T-2/var/log/httpd/_empty_access_log T-2/var/log/httpd/_empty_access_log
T-2/var/log/httpd/_empty_backend_log
T-2/var/log/httpd/_empty_error_log T-2/var/log/httpd/_empty_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_backend_log T-2/var/log/httpd/_enable-http2-default_backend_log
...@@ -79,10 +77,8 @@ T-2/var/log/httpd/_https-only_access_log ...@@ -79,10 +77,8 @@ T-2/var/log/httpd/_https-only_access_log
T-2/var/log/httpd/_https-only_backend_log T-2/var/log/httpd/_https-only_backend_log
T-2/var/log/httpd/_https-only_error_log T-2/var/log/httpd/_https-only_error_log
T-2/var/log/httpd/_monitor-ipv4-test_access_log T-2/var/log/httpd/_monitor-ipv4-test_access_log
T-2/var/log/httpd/_monitor-ipv4-test_backend_log
T-2/var/log/httpd/_monitor-ipv4-test_error_log T-2/var/log/httpd/_monitor-ipv4-test_error_log
T-2/var/log/httpd/_monitor-ipv6-test_access_log T-2/var/log/httpd/_monitor-ipv6-test_access_log
T-2/var/log/httpd/_monitor-ipv6-test_backend_log
T-2/var/log/httpd/_monitor-ipv6-test_error_log T-2/var/log/httpd/_monitor-ipv6-test_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment