Commit 34945832 authored by Cédric Le Ninivin's avatar Cédric Le Ninivin

apache-frontend: Introduce new architecture for apache frontend

parent 6bc5832d
......@@ -58,7 +58,7 @@ class Recipe(BaseSlapRecipe):
frontend_port_number = self.parameter_dict.get("port", 4443)
frontend_plain_http_port_number = self.parameter_dict.get(
"plain_http_port", 8080)
base_varnish_port = 26009
base_varnish_port = 26010
slave_instance_list = self.parameter_dict.get("slave_instance_list", [])
self.path_list = []
......@@ -70,6 +70,7 @@ class Recipe(BaseSlapRecipe):
self.path_list.append(self.killpidfromfile)
rewrite_rule_list = []
rewrite_rule_cached_list = []
rewrite_rule_https_only_list = []
rewrite_rule_zope_list = []
rewrite_rule_zope_path_list = []
......@@ -133,7 +134,7 @@ class Recipe(BaseSlapRecipe):
# base_varnish_port, backend_url, reference, service_dict, domain)
rewrite_rule = self.configureSquidSlave(
base_varnish_port, backend_url, reference, service_dict, domain)
base_varnish_port += 2
rewrite_rule_cached_list.append("%s %s" % (domain, backend_url))
else:
rewrite_rule = "%s %s" % (domain, backend_url)
# # Temporary forbid activation of cache until it is properly tested
......@@ -190,9 +191,11 @@ class Recipe(BaseSlapRecipe):
ip_list=["[%s]" % self.getGlobalIPv6Address(),
self.getLocalIPv4Address()],
port=frontend_port_number,
cached_port=base_varnish_port + 1,
plain_http_port=frontend_plain_http_port_number,
name=frontend_domain_name,
rewrite_rule_list=rewrite_rule_list,
rewrite_rule_cached_list=rewrite_rule_cached_list,
rewrite_rule_https_only_list=rewrite_rule_https_only_list,
rewrite_rule_zope_list=rewrite_rule_zope_list,
rewrite_rule_zope_path_list=rewrite_rule_zope_path_list,
......@@ -257,7 +260,6 @@ class Recipe(BaseSlapRecipe):
service_dict, domain):
# Squid should use stunnel to connect to the backend
base_squid_control_port = base_squid_port
base_squid_port += 1
# Use regex
host_regex = "((\[\w*|[0-9]+\.)(\:|)).*(\]|\.[0-9]+)"
slave_host = re.search(host_regex, url).group(0)
......@@ -282,218 +284,16 @@ class Recipe(BaseSlapRecipe):
# size="1G")
service_dict[service_name] = dict(public_ip=squid_ip,
public_port=stunnel_port,
private_ip=slave_host.replace("[", "").replace("]", ""),
private_ip=slave_host,
private_port=slave_port)
return "%s http://%s:%s" % \
(domain, squid_ip, base_squid_port)
# def installSquidCache(self, name, ip, port, backend_host,
# backend_port, domain, size="1G"):
# """
# Install a squid daemon for a certain address
# """
## directory = self.createDataDirectory(name)
## squid_config = dict(
## directory=directory,
## pid = "%s/squid.pid" % directory,
## port="%s:%s" % (ip, port),
## squidd_binary=self.options["squidd_binary"],
## control_port="%s:%s" % (ip, control_port),
## storage="file,%s/storage.bin,%s" % (directory, size))
#
##
## squid_argument_list = [squid_config['squidd_binary'].strip(),
## "-F", "-n", directory, "-P", squid_config["pid"], "-p",
## "cc_command=exec %s " % self.options["gcc_binary"] +\
## "-fpic -shared -o %o %s",
## "-f", config_file,
## "-a", squid_config["port"], "-T", squid_config["control_port"],
## "-s", squid_config["storage"]]
## environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
## os.environ.get('PATH')))
## wrapper = zc.buildout.easy_install.scripts([(name,
## 'slapos.recipe.librecipe.execute', 'executee')], self.ws,
## sys.executable, self.service_directory, arguments=[squid_argument_list,
## environment])[0]
## self.path_list.append(wrapper)
#
#
## directory = self.createDataDirectory(name)
# config = dict(
# ip=ip,
# port=port,
# backend_ip=backend_host,
# backend_port=backend_port,
# domain=domain,
# # XXX Hardcoded
# access_log_path = os.path.join(self.log_directory, 'squid.access.log'),
# # XXX Hardcoded
# cache_log_path = os.path.join(self.log_directory, 'squid.cache.log'),
## cache_path=self.options['cache-path'],
# # XXX Hardcoded
# pid_filename_path=os.path.join(self.run_directory, 'squid.pid'),
# squid_binary=self.options["squid_binary"],
# )
#
# template_filename = self.getTemplateFilename('squid.conf.in')
# config_file = self.createConfigurationFile("%s.conf" % name,
# self.substituteTemplate(self.getTemplateFilename('squid.conf.in'),
# config))
#
## # Prepare directories
## prepare_path = self.createPythonScript(
## self.options['prepare-path'],
## 'slapos.recipe.librecipe.execute.execute',
## arguments=[self.options['binary-path'].strip(),
## '-z',
## '-f', configuration_path,
## ],)
##
## # Create running wrapper
## wrapper_path = self.createPythonScript(
## self.options['wrapper-path'],
## 'slapos.recipe.librecipe.execute.execute',
## arguments=[self.options['binary-path'].strip(),
## '-N',
## '-f', configuration_path,
## ],)
##
## return [configuration_path, wrapper_path, prepare_path]
#
# squid_argument_list = [config['squid_binary'].strip(),
# "-N", "-f", config_file]
## "cc_command=exec %s " % self.options["gcc_binary"] +\
## "-fpic -shared -o %o %s",
## "-f", config_file,
## "-a", config["port"], "-T", config["control_port"],
## "-s", config["storage"]]
# environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
# os.environ.get('PATH')))
# wrapper = zc.buildout.easy_install.scripts([(name,
# 'slapos.recipe.librecipe.execute', 'executee')], self.ws,
# sys.executable, self.service_directory, arguments=[squid_argument_list,
# environment])[0]
# self.path_list.append(wrapper)
#
# return config
# def requestCertificate(self, name):
# hash = hashlib.sha512(name).hexdigest()
# key = os.path.join(self.ca_private, hash + self.ca_key_ext)
# certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
# parser = ConfigParser.RawConfigParser()
# parser.add_section('certificate')
# parser.set('certificate', 'name', name)
# parser.set('certificate', 'key_file', key)
# parser.set('certificate', 'certificate_file', certificate)
# parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
# return key, certificate
# def installCrond(self):
# timestamps = self.createDataDirectory('cronstamps')
# cron_output = os.path.join(self.log_directory, 'cron-output')
# self._createDirectory(cron_output)
# catcher = zc.buildout.easy_install.scripts([('catchcron',
# __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
# self.bin_directory, arguments=[cron_output])[0]
# self.path_list.append(catcher)
# cron_d = os.path.join(self.etc_directory, 'cron.d')
# crontabs = os.path.join(self.etc_directory, 'crontabs')
# self._createDirectory(cron_d)
# self._createDirectory(crontabs)
# wrapper = zc.buildout.easy_install.scripts([('crond',
# 'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
# self.service_directory, arguments=[
# self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
# '-t', timestamps, '-f', '-l', '5', '-M', catcher]
# )[0]
# self.path_list.append(wrapper)
# return cron_d
# def installValidCertificateAuthority(self, domain_name, certificate, key):
# ca_dir = os.path.join(self.data_root_directory, 'ca')
# ca_private = os.path.join(ca_dir, 'private')
# ca_certs = os.path.join(ca_dir, 'certs')
# ca_crl = os.path.join(ca_dir, 'crl')
# self._createDirectory(ca_dir)
# for path in (ca_private, ca_certs, ca_crl):
# self._createDirectory(path)
# key_path = os.path.join(ca_private, domain_name + ".key")
# certificate_path = os.path.join(ca_certs, domain_name + ".crt")
# self._writeFile(key_path, key)
# self._writeFile(certificate_path, certificate)
# return dict(certificate_authority_path=ca_dir,
# ca_crl=ca_crl,
# certificate=certificate_path,
# key=key_path)
#
# def installCertificateAuthority(self, ca_country_code='XX',
# ca_email='xx@example.com', ca_state='State', ca_city='City',
# ca_company='Company'):
# backup_path = self.createBackupDirectory('ca')
# self.ca_dir = os.path.join(self.data_root_directory, 'ca')
# self._createDirectory(self.ca_dir)
# self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
# self._createDirectory(self.ca_request_dir)
# config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
# self.ca_private = os.path.join(self.ca_dir, 'private')
# self.ca_certs = os.path.join(self.ca_dir, 'certs')
# self.ca_crl = os.path.join(self.ca_dir, 'crl')
# self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
# self.ca_key_ext = '.key'
# self.ca_crt_ext = '.crt'
# for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
# self._createDirectory(d)
# for f in ['crlnumber', 'serial']:
# if not os.path.exists(os.path.join(self.ca_dir, f)):
# open(os.path.join(self.ca_dir, f), 'w').write('01')
# if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
# open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
# openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
# config.update(
# working_directory=self.ca_dir,
# country_code=ca_country_code,
# state=ca_state,
# city=ca_city,
# company=ca_company,
# email_address=ca_email,
# )
# self._writeFile(openssl_configuration, pkg_resources.resource_string(
# __name__, 'template/openssl.cnf.ca.in') % config)
#
# # XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
# # from the instance profile.
# self.path_list.extend(zc.buildout.easy_install.scripts([
# ('certificate_authority', __name__ + '.certificate_authority',
# 'runCertificateAuthority')],
# self.ws, sys.executable, self.service_directory, arguments=[dict(
# openssl_configuration=openssl_configuration,
# openssl_binary=self.options['openssl_binary'],
# certificate=os.path.join(self.ca_dir, 'cacert.pem'),
# key=os.path.join(self.ca_private, 'cakey.pem'),
# crl=os.path.join(self.ca_crl),
# request_dir=self.ca_request_dir
# )]))
# configure backup
#backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
#open(backup_cron, 'w').write(
# '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
# rdiff_backup=self.options['rdiff_backup_binary'],
# source=self.ca_dir,
# destination=backup_path))
#self.path_list.append(backup_cron)
# return dict(
# ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
# ca_crl=os.path.join(config['ca_dir'], 'crl'),
# certificate_authority_path=config['ca_dir']
# )
def _getApacheConfigurationDict(self, name, ip_list, port):
apache_conf = dict()
apache_conf['server_name'] = name
apache_conf['pid_file'] = self.options['pid-file']
apache_conf['pid_cache_file'] = self.options['cache-pid-file']
apache_conf['lock_file'] = os.path.join(self.run_directory,
name + '.lock')
apache_conf['document_root'] = os.path.join(self.data_root_directory,
......@@ -505,57 +305,23 @@ class Recipe(BaseSlapRecipe):
apache_conf['server_admin'] = 'admin@'
apache_conf['error_log'] = self.options['error-log']
apache_conf['access_log'] = self.options['access-log']
apache_conf['error_cache_log'] = self.options['cache-error-log']
apache_conf['access_cache_log'] = self.options['cache-access-log']
return apache_conf
def installStunnel(self, service_dict, certificate,
key, ca_crl, ca_path):
"""Installs stunnel
service_dict =
{ name: (public_ip, private_ip, public_port, private_port),}
"""
template_filename = self.getTemplateFilename('stunnel.conf.in')
template_entry_filename = self.getTemplateFilename('stunnel.conf.entry.in')
log = os.path.join(self.log_directory, 'stunnel.log')
pid_file = os.path.join(self.run_directory, 'stunnel.pid')
stunnel_conf = dict(
pid_file=pid_file,
log=log,
cert = certificate,
key = key,
ca_crl = ca_crl,
ca_path = ca_path,
entry_str=''
)
entry_list = []
for name, parameter_dict in service_dict.iteritems():
parameter_dict["name"] = name
entry_str = self.substituteTemplate(template_entry_filename,
parameter_dict)
entry_list.append(entry_str)
stunnel_conf["entry_str"] = "\n".join(entry_list)
stunnel_conf_path = self.createConfigurationFile("stunnel.conf",
self.substituteTemplate(template_filename,
stunnel_conf))
wrapper = zc.buildout.easy_install.scripts([('stunnel',
'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
sys.executable, self.service_directory, arguments=[
[self.options['stunnel_binary'].strip(), stunnel_conf_path],
[certificate, key]]
)[0]
self.path_list.append(wrapper)
return stunnel_conf
def installFrontendApache(self, ip_list, key, certificate, name,
port=4443, plain_http_port=8080,
cached_port=26081,
rewrite_rule_list=None,
rewrite_rule_cached_list=None,
rewrite_rule_zope_list=None,
rewrite_rule_https_only_list=None,
rewrite_rule_zope_path_list=None,
access_control_string=None):
if rewrite_rule_list is None:
rewrite_rule_list = []
if rewrite_rule_cached_list is None:
rewrite_rule_cached_list = []
if rewrite_rule_https_only_list is None:
rewrite_rule_zope_path_list = []
if rewrite_rule_zope_list is None:
......@@ -597,21 +363,15 @@ class Recipe(BaseSlapRecipe):
if not os.path.exists(custom_apache_virtual_configuration_file_location):
open(custom_apache_virtual_configuration_file_location, 'w')
# Create backup of custom apache configuration
#backup_path = self.createBackupDirectory('custom_apache_conf_backup')
#backup_cron = os.path.join(self.cron_d, 'custom_apache_conf_backup')
#open(backup_cron, 'w').write(
# '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
# rdiff_backup=self.options['rdiff_backup_binary'],
# source=custom_apache_configuration_directory,
# destination=backup_path))
#self.path_list.append(backup_cron)
# Create configuration file and rewritemaps
apachemap_path = self.createConfigurationFile(
"apache_rewritemap_generic.txt",
"\n".join(rewrite_rule_list)
)
apachecachedmap_path = self.createConfigurationFile(
"apache_rewritemap_cached.txt",
"\n".join(rewrite_rule_cached_list)
)
apachemap_httpsonly_path = self.createConfigurationFile(
"apache_rewritemap_httpsonly.txt",
"\n".join(rewrite_rule_https_only_list)
......@@ -635,8 +395,14 @@ class Recipe(BaseSlapRecipe):
)
apache_conf["listen"] = "\n".join([
"Listen %s:%s" % (ip, port)
for port in (plain_http_port, port)
"Listen %s:%s" % (ip, tmp_port)
for tmp_port in (plain_http_port, port)
for ip in ip_list
])
apache_conf["listen_cache"] = "\n".join([
"Listen %s:%s" % (ip, tmp_port)
for tmp_port in (cached_port,)
for ip in ip_list
])
......@@ -651,12 +417,14 @@ class Recipe(BaseSlapRecipe):
apache_conf.update(**dict(
path_enable=path,
apachemap_path=apachemap_path,
apachecachedmap_path=apachecachedmap_path,
apachemap_httpsonly_path=apachemap_httpsonly_path,
apachemapzope_path=apachemap_zope_path,
apachemapzopepath_path=apachemap_zopepath_path,
apache_domain=name,
https_port=port,
plain_http_port=plain_http_port,
cached_port=cached_port,
custom_apache_conf=custom_apache_configuration_file_location,
custom_apache_virtualhost_conf=custom_apache_virtual_configuration_file_location,
))
......@@ -677,4 +445,20 @@ class Recipe(BaseSlapRecipe):
config=apache_config_file)
]))
apache_cached_conf_string = self.substituteTemplate(
self.getTemplateFilename('apache_cached.conf.in'), apache_conf)
apache_cached_config_file = self.createConfigurationFile('apache_frontend_cached.conf',
apache_cached_conf_string)
self.path_list.extend(zc.buildout.easy_install.scripts([(
'frontend_cached_apache', 'slapos.recipe.erp5.apache', 'runApache')], self.ws,
sys.executable, self.service_directory, arguments=[
dict(
required_path_list=[key, certificate],
binary=self.options['httpd_binary'],
config=apache_cached_config_file)
]))
return dict(site_url="https://%s:%s/" % (name, port))
......@@ -87,8 +87,6 @@ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javasc
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent
# SSL Configuration
%(ssl_snippet)s
......@@ -146,9 +144,6 @@ Header append Vary User-Agent
ProxyTimeout 600
RewriteEngine On
# Remove "Secure" from cookies, as backend may be https
Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
# Include configuration file not operated by slapos. This file won't be erased
# or changed when slapgrid is ran. It can be freely customized by node admin.
# Include %(custom_apache_virtualhost_conf)s
......
# Apache configuration file for Zope
# Automatically generated
# Basic server configuration
PidFile "%(pid_cache_file)s"
ServerName %(server_name)s
DocumentRoot %(document_root)s
ServerRoot %(instance_home)s
%(listen_cache)s
ServerAdmin %(server_admin)s
DefaultType text/plain
TypesConfig %(httpd_home)s/conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER
ServerTokens Prod
# Log configuration
ErrorLog "%(error_cache_log)s"
LogLevel warn
# LogFormat "%%h %%{REMOTE_USER}i %%{Host}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
# LogFormat "%%h %%{REMOTE_USER}i %%{Host}i %%l %%u %%t \"%%r\" %%>s %%b" common
# CustomLog "%(access_log)s" common
LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_cache_log)s" combined
%(path_enable)s
# List of modules
#LoadModule unixd_module modules/mod_unixd.so
#LoadModule access_compat_module modules/mod_access_compat.so
#LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module %(httpd_home)s/modules/mod_authz_host.so
LoadModule log_config_module %(httpd_home)s/modules/mod_log_config.so
LoadModule deflate_module %(httpd_home)s/modules/mod_deflate.so
LoadModule setenvif_module %(httpd_home)s/modules/mod_setenvif.so
LoadModule version_module %(httpd_home)s/modules/mod_version.so
LoadModule proxy_module %(httpd_home)s/modules/mod_proxy.so
LoadModule proxy_http_module %(httpd_home)s/modules/mod_proxy_http.so
LoadModule ssl_module %(httpd_home)s/modules/mod_ssl.so
LoadModule mime_module %(httpd_home)s/modules/mod_mime.so
LoadModule dav_module %(httpd_home)s/modules/mod_dav.so
LoadModule dav_fs_module %(httpd_home)s/modules/mod_dav_fs.so
LoadModule negotiation_module %(httpd_home)s/modules/mod_negotiation.so
LoadModule rewrite_module %(httpd_home)s/modules/mod_rewrite.so
LoadModule headers_module %(httpd_home)s/modules/mod_headers.so
LoadModule cache_module %(httpd_home)s/modules/mod_cache.so
LoadModule mem_cache_module %(httpd_home)s/modules/mod_mem_cache.so
LoadModule antiloris_module %(httpd_home)s/modules/mod_antiloris.so
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
# Cache directives
CacheEnable mem /
CacheDefaultExpire 3600
MCacheSize 8192
MCacheMaxObjectCount 1000
MCacheMaxObjectSize 8192
MCacheRemovalAlgorithm LRU
# Deflate
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# SSL Configuration
%(ssl_snippet)s
# Only accept generic (i.e not Zope) backends on http
<VirtualHost *:%(cached_port)s>
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Include configuration file not operated by slapos. This file won't be erased
# or changed when slapgrid is ran. It can be freely customized by node admin.
# Include %(custom_apache_virtualhost_conf)s
RewriteMap apachemapcached txt:%(apachecachedmap_path)s
RewriteCond ${apachemapcached:%%{SERVER_NAME}} >""
RewriteRule ^/(.*)$ ${apachemapcached:%%{SERVER_NAME}}/$1 [L,P]
# If nothing exist : put a nice error
ErrorDocument 404 /notfound.html
</VirtualHost>
......@@ -37,7 +37,7 @@ cronstamps = $${:etc}/cronstamps
ca-dir = $${:srv}/ssl
squid-cache = $${:srv}/squid_cache
stunnel-conf = $${:etc}/stunnel
[instance-parameter]
# Fetches parameters defined in SlapOS Master for this instance.
......@@ -79,6 +79,9 @@ ca_crl = $${certificate-authority:ca-crl}
access-log = $${directory:log}/frontend-apache-access.log
error-log = $${directory:log}/frontend-apache-error.log
pid-file = $${directory:run}/httpd.pid
cache-access-log = $${directory:log}/frontend-apache-access-cached.log
cache-error-log = $${directory:log}/frontend-apache-error-cached.log
cache-pid-file = $${directory:run}/httpd-cached.pid
# Create wrapper for "apachectl conftest" in bin
......@@ -106,40 +109,15 @@ certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/
[ca-frontend]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/apache_frontend.key
cert-file = $${cadirectory:certs}/apache_frontend.crt
executable = $${directory:service}/apache_frontend
wrapper = $${directory:service}/apache_frontend
# Put domain name
name = $${instance-parameter:configuration.domain}
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
[stunnel]
recipe = slapos.cookbook:stunnel
stunnel-binary = ${stunnel:location}/bin/stunnel
wrapper = $${directory:bin}/stunnel
log-file = $${directory:log}/stunnel.log
config-file = $${directory:etc}/stunnel.conf
key-file = $${ca-stunnel:key-file}
cert-file = $${ca-stunnel:cert-file}
pid-file = $${directory:run}/stunnel.pid
local-port = $${squid-hardcoded:backend-port}
local-host = $${squid-hardcoded:backend-ip}
remote-host = $${squid-hardcoded:remote-host}
remote-port = $${squid-hardcoded:remote-port}
client = false
post-rotate-script = $${directory:bin}/stunnel_post_rotate
#[ca-frontend]
#<= certificate-authority
#recipe = slapos.cookbook:certificate_authority.request
#key-file = $${cadirectory:certs}/apache_frontend.key
#cert-file = $${cadirectory:certs}/apache_frontend.crt
#executable = $${directory:service}/apache_frontend
#wrapper = $${directory:service}/apache_frontend
## Put domain name
#name = $${instance-parameter:configuration.domain}
[cron]
recipe = slapos.cookbook:cron
......@@ -182,7 +160,7 @@ recipe = slapos.cookbook:logrotate.d
name = apache
log = $${apache:error-log} $${apache:access-log}
frequency = daily
rotate-num = 30
rotatep-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${apache:pid-file} SIGUSR1
sharedscripts = true
notifempty = true
......@@ -199,7 +177,7 @@ ip = $${squid-hardcoded:ip}
port = $${squid-hardcoded:port}
backend-ip = $${squid-hardcoded:backend-ip}
backend-port = $${squid-hardcoded:backend-port}
domain = $${squid-hardcoded:domain}
public-ipv4 = $${instance-parameter:configuration.public-ipv4}
access-log-path = $${directory:log}/squid-access.log
cache-log-path = $${directory:log}/squid-cache.log
pid-filename-path = $${directory:run}/squid.pid
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment