caddy-frontend: Implement enable_cache

As the the feature ssl_proxy_ca_crt is not implemented serve immediately 501 Not Implemented.

caddy-frontend: Implement enable_cache
As the the feature ssl_proxy_ca_crt is not implemented serve immediately 501 Not Implemented.
10bb3122 · Łukasz Nowak · 0ea908af · 10bb3122 · 10bb3122 · 10bb3122
Commit 10bb3122 authored May 22, 2018 by Łukasz Nowak
4 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -26,7 +26,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913

 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 74bfedd670b05eb653804075fa7e0d86
+md5sum = 22dddbf92be16cf08983fa58d3181e88

 [template-slave-configuration]
 filename = templates/custom-virtualhost.conf.in
@@ -42,7 +42,7 @@ md5sum = a8765b3c3af9f4f4f6437028aa42c58f

 [template-custom-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 74bfedd670b05eb653804075fa7e0d86
+md5sum = 22dddbf92be16cf08983fa58d3181e88

 [template-not-found-html]
 filename = templates/notfound.html
@@ -50,11 +50,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b

 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = 953444cb8b324bcd3cb3fecc14bee0ac
+md5sum = 5594ee35d76f94d23ed716d0d8a3dac6

 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
-md5sum = 42a574141f2d8e27669e3848d2e600a1
+md5sum = ea62da3320c6a537d7508996283625bf

 [template-log-access]
 filename = templates/template-log-access.conf.in

--- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
+++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
@@ -317,6 +317,8 @@ extra-context =
    section slave_parameter {{ slave_configuration_section_name }}
    raw cached_port {{ cached_port }}
    raw ssl_cached_port {{ ssl_cached_port }}
+    raw local_ipv4 {{ local_ipv4 }}
+    raw local_ipv6 {{ local_ipv6 }}
 {{ '\n' }}
 {% endfor %}


--- a/software/caddy-frontend/templates/cached-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/cached-virtualhost.conf.in
 {% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
 {% set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
 {% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
+{%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%}
+{%- set http_host_list = [] %}
+{%- set https_host_list = [] %}
+{%- for host in host_list %}
+{%-   do http_host_list.append('http://%s:%s' % (host, cached_port)) %}
+{%-   do https_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %}
+{%- endfor %}

-# TODO-Caddy # Only accept generic (i.e not Zope) backends on http
-# TODO-Caddy <VirtualHost *:{{ cached_port }}>
-# TODO-Caddy   ServerName {{ slave_parameter.get('custom_domain') }}
-# TODO-Caddy   {%- for server_alias in server_alias_list %}
-# TODO-Caddy   ServerAlias {{ server_alias }}
-# TODO-Caddy   {% endfor %}
-# TODO-Caddy   SSLProxyEngine on
-
-# TODO-Caddy {% if ssl_proxy_verify -%}
-# TODO-Caddy {%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
+# Only accept generic (i.e not Zope) backends on http
+{{ http_host_list|join(', ') }} {
+  bind {{ local_ipv4 }}
+# TODO-Caddy  bind {{ local_ipv6 }}
+{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
+    status 501 /
+{%- endif %}
+# Rewrite part
+  proxy / {{ slave_parameter.get('backend_url', '') }} {
+    transparent
+    timeout 600s
+{%- if ssl_proxy_verify %}
+{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
 # TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
-# TODO-Caddy {%   endif %}
-# TODO-Caddy   SSLProxyVerify require
-# TODO-Caddy   #SSLProxyCheckPeerCN on
-# TODO-Caddy   SSLProxyCheckPeerExpire on
-# TODO-Caddy {% endif %}
-# TODO-Caddy   # Rewrite part
-# TODO-Caddy   ProxyPreserveHost On
-# TODO-Caddy   ProxyTimeout 600
-# TODO-Caddy   RewriteEngine On
-# TODO-Caddy 
-# TODO-Caddy   RewriteRule ^/(.*)$ {{ slave_parameter.get('backend_url', '') }}/$1 [L,P]
-# TODO-Caddy </VirtualHost>
+#              Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
+{%-   endif %}
+{%- else %}
+    insecure_skip_verify
+{%- endif %}
+  }
+}

-# TODO-Caddy <VirtualHost *:{{ ssl_cached_port }}>
-# TODO-Caddy   ServerName {{ slave_parameter.get('custom_domain') }}
-# TODO-Caddy   {%- for server_alias in server_alias_list %}
-# TODO-Caddy   ServerAlias {{ server_alias }}
-# TODO-Caddy   {% endfor %}
-# TODO-Caddy   SSLProxyEngine on
-# TODO-Caddy 
-# TODO-Caddy {% if ssl_proxy_verify -%}
-# TODO-Caddy {%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
+{{ https_host_list|join(', ') }} {
+  bind {{ local_ipv4 }}
+# TODO-Caddy  bind {{ local_ipv6 }}
+{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
+    status 501 /
+{%- endif %}
+##  tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }}
+  proxy / {{ slave_parameter.get('https_backend_url', '') }} {
+    transparent
+    timeout 600s
+{%- if ssl_proxy_verify %}
+{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
 # TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
-# TODO-Caddy {%   endif %}
-# TODO-Caddy   SSLProxyVerify require
-# TODO-Caddy   #SSLProxyCheckPeerCN on
-# TODO-Caddy   SSLProxyCheckPeerExpire on
-# TODO-Caddy {% endif %}
-# TODO-Caddy   # Rewrite part
-# TODO-Caddy   ProxyPreserveHost On
-# TODO-Caddy   ProxyTimeout 600
-# TODO-Caddy   RewriteEngine On
-# TODO-Caddy 
-# TODO-Caddy   RewriteRule ^/(.*)$ {{ slave_parameter.get('https_backend_url', '') }}/$1 [L,P]
-# TODO-Caddy </VirtualHost>
-# TODO-Caddy 
+#              Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
+{%-   endif %}
+{%- else %}
+    insecure_skip_verify
+{%- endif %}
+  }
+}
--- a/software/caddy-frontend/templates/default-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/default-virtualhost.conf.in
@@ -42,15 +42,6 @@
 # TODO-Caddy   SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
 # TODO-Caddy   SSLHonorCipherOrder on

-{% if disable_via_header %}
-# TODO-Caddy   Header unset Via
-{% endif -%}
-
-{% if disable_no_cache_header %}
-# TODO-Caddy   RequestHeader unset Cache-Control
-# TODO-Caddy   RequestHeader unset Pragma
-{% endif -%}
-
 {%- for disabled_cookie in disabled_cookie_list %}
 # TODO-Caddy {{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
 {% endfor -%}
@@ -61,6 +52,14 @@

 {% if slave_type ==  'zope' and backend_url %}
  proxy / {{ backend_url }} {
+{% if disable_via_header %}
+    header_downstream -Via
+{% endif -%}
+
+{% if disable_no_cache_header %}
+    header_upstream -Cache-Control
+    header_upstream -Pragma
+{% endif -%}
    transparent
    timeout 600s
 {%- if ssl_proxy_verify %}
@@ -96,6 +95,14 @@
  {%- if backend_url %}

  proxy / {{ backend_url }} {
+{% if disable_via_header %}
+    header_downstream -Via
+{% endif -%}
+
+{% if disable_no_cache_header %}
+    header_upstream -Cache-Control
+    header_upstream -Pragma
+{% endif -%}
    transparent
    timeout 600s
 {%- if ssl_proxy_verify %}
@@ -121,9 +128,6 @@
  log / {{ slave_parameter.get('access_log') }} {combined}
  errors {{ slave_parameter.get('error_log') }}

-{% if disable_via_header %}
-# TODO-Caddy   Header unset Via
-{% endif -%}
 # TODO-Caddy   # One Slave two logs
 # TODO-Caddy   LogLevel notice
 # TODO-Caddy   LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
@@ -131,11 +135,6 @@
 # TODO-Caddy   # Remove "Secure" from cookies, as backend may be https
 # TODO-Caddy   Header edit Set-Cookie "(?i)^(.+);secure$" "$1"

-{% if disable_no_cache_header %}
-# TODO-Caddy   RequestHeader unset Cache-Control
-# TODO-Caddy   RequestHeader unset Pragma
-{% endif -%}
-
 {%- for disabled_cookie in disabled_cookie_list %}
 # TODO-Caddy {{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
 {% endfor -%}
@@ -152,6 +151,14 @@
  }
 {% elif slave_type ==  'zope' and backend_url %}
  proxy / {{ backend_url }} {
+{% if disable_via_header %}
+    header_downstream -Via
+{% endif -%}
+
+{% if disable_no_cache_header %}
+    header_upstream -Cache-Control
+    header_upstream -Pragma
+{% endif -%}
    transparent
    timeout 600s
 {%- if ssl_proxy_verify %}
@@ -182,6 +189,14 @@
  {% endif -%}
  {%- if slave_parameter.get('url', '') %}
  proxy / {{ slave_parameter.get('url', '') }} {
+{% if disable_via_header %}
+    header_downstream -Via
+{% endif -%}
+
+{% if disable_no_cache_header %}
+    header_upstream -Cache-Control
+    header_upstream -Pragma
+{% endif -%}
    transparent
    timeout 600s
 {%- if ssl_proxy_verify %}