Commit 10bb3122 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Implement enable_cache

As the the feature ssl_proxy_ca_crt is not implemented serve immediately
501 Not Implemented.
parent 0ea908af
...@@ -26,7 +26,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913 ...@@ -26,7 +26,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913
[template-slave-list] [template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = 74bfedd670b05eb653804075fa7e0d86 md5sum = 22dddbf92be16cf08983fa58d3181e88
[template-slave-configuration] [template-slave-configuration]
filename = templates/custom-virtualhost.conf.in filename = templates/custom-virtualhost.conf.in
...@@ -42,7 +42,7 @@ md5sum = a8765b3c3af9f4f4f6437028aa42c58f ...@@ -42,7 +42,7 @@ md5sum = a8765b3c3af9f4f4f6437028aa42c58f
[template-custom-slave-list] [template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = 74bfedd670b05eb653804075fa7e0d86 md5sum = 22dddbf92be16cf08983fa58d3181e88
[template-not-found-html] [template-not-found-html]
filename = templates/notfound.html filename = templates/notfound.html
...@@ -50,11 +50,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b ...@@ -50,11 +50,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = 953444cb8b324bcd3cb3fecc14bee0ac md5sum = 5594ee35d76f94d23ed716d0d8a3dac6
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
md5sum = 42a574141f2d8e27669e3848d2e600a1 md5sum = ea62da3320c6a537d7508996283625bf
[template-log-access] [template-log-access]
filename = templates/template-log-access.conf.in filename = templates/template-log-access.conf.in
......
...@@ -317,6 +317,8 @@ extra-context = ...@@ -317,6 +317,8 @@ extra-context =
section slave_parameter {{ slave_configuration_section_name }} section slave_parameter {{ slave_configuration_section_name }}
raw cached_port {{ cached_port }} raw cached_port {{ cached_port }}
raw ssl_cached_port {{ ssl_cached_port }} raw ssl_cached_port {{ ssl_cached_port }}
raw local_ipv4 {{ local_ipv4 }}
raw local_ipv6 {{ local_ipv6 }}
{{ '\n' }} {{ '\n' }}
{% endfor %} {% endfor %}
......
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{% set server_alias_list = slave_parameter.get('server-alias', '').split() %} {% set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%} {% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
{%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%}
{%- set http_host_list = [] %}
{%- set https_host_list = [] %}
{%- for host in host_list %}
{%- do http_host_list.append('http://%s:%s' % (host, cached_port)) %}
{%- do https_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %}
{%- endfor %}
# TODO-Caddy # Only accept generic (i.e not Zope) backends on http # Only accept generic (i.e not Zope) backends on http
# TODO-Caddy <VirtualHost *:{{ cached_port }}> {{ http_host_list|join(', ') }} {
# TODO-Caddy ServerName {{ slave_parameter.get('custom_domain') }} bind {{ local_ipv4 }}
# TODO-Caddy {%- for server_alias in server_alias_list %} # TODO-Caddy bind {{ local_ipv6 }}
# TODO-Caddy ServerAlias {{ server_alias }} {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy {% endfor %} status 501 /
# TODO-Caddy SSLProxyEngine on {%- endif %}
# Rewrite part
# TODO-Caddy {% if ssl_proxy_verify -%} proxy / {{ slave_parameter.get('backend_url', '') }} {
# TODO-Caddy {% if 'ssl_proxy_ca_crt' in slave_parameter -%} transparent
timeout 600s
{%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }} # TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
# TODO-Caddy {% endif %} # Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
# TODO-Caddy SSLProxyVerify require {%- endif %}
# TODO-Caddy #SSLProxyCheckPeerCN on {%- else %}
# TODO-Caddy SSLProxyCheckPeerExpire on insecure_skip_verify
# TODO-Caddy {% endif %} {%- endif %}
# TODO-Caddy # Rewrite part }
# TODO-Caddy ProxyPreserveHost On }
# TODO-Caddy ProxyTimeout 600
# TODO-Caddy RewriteEngine On
# TODO-Caddy
# TODO-Caddy RewriteRule ^/(.*)$ {{ slave_parameter.get('backend_url', '') }}/$1 [L,P]
# TODO-Caddy </VirtualHost>
# TODO-Caddy <VirtualHost *:{{ ssl_cached_port }}> {{ https_host_list|join(', ') }} {
# TODO-Caddy ServerName {{ slave_parameter.get('custom_domain') }} bind {{ local_ipv4 }}
# TODO-Caddy {%- for server_alias in server_alias_list %} # TODO-Caddy bind {{ local_ipv6 }}
# TODO-Caddy ServerAlias {{ server_alias }} {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy {% endfor %} status 501 /
# TODO-Caddy SSLProxyEngine on {%- endif %}
# TODO-Caddy ## tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }}
# TODO-Caddy {% if ssl_proxy_verify -%} proxy / {{ slave_parameter.get('https_backend_url', '') }} {
# TODO-Caddy {% if 'ssl_proxy_ca_crt' in slave_parameter -%} transparent
timeout 600s
{%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }} # TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
# TODO-Caddy {% endif %} # Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
# TODO-Caddy SSLProxyVerify require {%- endif %}
# TODO-Caddy #SSLProxyCheckPeerCN on {%- else %}
# TODO-Caddy SSLProxyCheckPeerExpire on insecure_skip_verify
# TODO-Caddy {% endif %} {%- endif %}
# TODO-Caddy # Rewrite part }
# TODO-Caddy ProxyPreserveHost On }
# TODO-Caddy ProxyTimeout 600
# TODO-Caddy RewriteEngine On
# TODO-Caddy
# TODO-Caddy RewriteRule ^/(.*)$ {{ slave_parameter.get('https_backend_url', '') }}/$1 [L,P]
# TODO-Caddy </VirtualHost>
# TODO-Caddy
...@@ -42,15 +42,6 @@ ...@@ -42,15 +42,6 @@
# TODO-Caddy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5 # TODO-Caddy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
# TODO-Caddy SSLHonorCipherOrder on # TODO-Caddy SSLHonorCipherOrder on
{% if disable_via_header %}
# TODO-Caddy Header unset Via
{% endif -%}
{% if disable_no_cache_header %}
# TODO-Caddy RequestHeader unset Cache-Control
# TODO-Caddy RequestHeader unset Pragma
{% endif -%}
{%- for disabled_cookie in disabled_cookie_list %} {%- for disabled_cookie in disabled_cookie_list %}
# TODO-Caddy {{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }} # TODO-Caddy {{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{% endfor -%} {% endfor -%}
...@@ -61,6 +52,14 @@ ...@@ -61,6 +52,14 @@
{% if slave_type == 'zope' and backend_url %} {% if slave_type == 'zope' and backend_url %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
{% if disable_via_header %}
header_downstream -Via
{% endif -%}
{% if disable_no_cache_header %}
header_upstream -Cache-Control
header_upstream -Pragma
{% endif -%}
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
...@@ -96,6 +95,14 @@ ...@@ -96,6 +95,14 @@
{%- if backend_url %} {%- if backend_url %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
{% if disable_via_header %}
header_downstream -Via
{% endif -%}
{% if disable_no_cache_header %}
header_upstream -Cache-Control
header_upstream -Pragma
{% endif -%}
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
...@@ -121,9 +128,6 @@ ...@@ -121,9 +128,6 @@
log / {{ slave_parameter.get('access_log') }} {combined} log / {{ slave_parameter.get('access_log') }} {combined}
errors {{ slave_parameter.get('error_log') }} errors {{ slave_parameter.get('error_log') }}
{% if disable_via_header %}
# TODO-Caddy Header unset Via
{% endif -%}
# TODO-Caddy # One Slave two logs # TODO-Caddy # One Slave two logs
# TODO-Caddy LogLevel notice # TODO-Caddy LogLevel notice
# TODO-Caddy LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined # TODO-Caddy LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
...@@ -131,11 +135,6 @@ ...@@ -131,11 +135,6 @@
# TODO-Caddy # Remove "Secure" from cookies, as backend may be https # TODO-Caddy # Remove "Secure" from cookies, as backend may be https
# TODO-Caddy Header edit Set-Cookie "(?i)^(.+);secure$" "$1" # TODO-Caddy Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
{% if disable_no_cache_header %}
# TODO-Caddy RequestHeader unset Cache-Control
# TODO-Caddy RequestHeader unset Pragma
{% endif -%}
{%- for disabled_cookie in disabled_cookie_list %} {%- for disabled_cookie in disabled_cookie_list %}
# TODO-Caddy {{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }} # TODO-Caddy {{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{% endfor -%} {% endfor -%}
...@@ -152,6 +151,14 @@ ...@@ -152,6 +151,14 @@
} }
{% elif slave_type == 'zope' and backend_url %} {% elif slave_type == 'zope' and backend_url %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
{% if disable_via_header %}
header_downstream -Via
{% endif -%}
{% if disable_no_cache_header %}
header_upstream -Cache-Control
header_upstream -Pragma
{% endif -%}
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
...@@ -182,6 +189,14 @@ ...@@ -182,6 +189,14 @@
{% endif -%} {% endif -%}
{%- if slave_parameter.get('url', '') %} {%- if slave_parameter.get('url', '') %}
proxy / {{ slave_parameter.get('url', '') }} { proxy / {{ slave_parameter.get('url', '') }} {
{% if disable_via_header %}
header_downstream -Via
{% endif -%}
{% if disable_no_cache_header %}
header_upstream -Cache-Control
header_upstream -Pragma
{% endif -%}
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment