Skip to content

slapos
slapos
Commit 17679616 authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Łukasz Nowak
Browse files
Options

caddy-frontend: Amend template and configuration blocks 

This will ease further development
parent 644319a8
Hide whitespace changes
Inline Side-by-side
Showing with 59 additions and 59 deletions
software/caddy-frontend/buildout.hash.cfg
View file @ 17679616
...@@ -50,7 +50,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b ...@@ -50,7 +50,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = e9eccaa99077d9bc12b538d40f5421b0 md5sum = aca244bf8792793800895bf2e5310787
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
......
software/caddy-frontend/templates/default-virtualhost.conf.in
View file @ 17679616
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
{%- for host in host_list %} {%- for host in host_list %}
{%- do http_host_list.append('http://%s:%s' % (host, http_port)) %} {%- do http_host_list.append('http://%s:%s' % (host, http_port)) %}
{%- do https_host_list.append('https://%s:%s' % (host, https_port)) %} {%- do https_host_list.append('https://%s:%s' % (host, https_port)) %}
{%- endfor %} {%- endfor %} {#- for host in host_list #}
# SSL enabled hosts # SSL enabled hosts
{{ https_host_list|join(', ') }} { {{ https_host_list|join(', ') }} {
...@@ -24,28 +24,28 @@ ...@@ -24,28 +24,28 @@
gzip gzip
{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %} {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
status 501 / status 501 /
{%- endif %} {%- endif %} {#- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter #}
tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} { tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} {
{%- if slave_parameter.get('path_to_ssl_ca_crt') %} {%- if slave_parameter.get('path_to_ssl_ca_crt') %}
# Configuration of accepted clients # Configuration of accepted clients
clients {{ slave_parameter.get('path_to_ssl_ca_crt') }} clients {{ slave_parameter.get('path_to_ssl_ca_crt') }}
{%- endif %} {%- endif %} {#- if slave_parameter.get('path_to_ssl_ca_crt') #}
{%- if enable_h2 %} {%- if enable_h2 %}
# Allow HTTP2 # Allow HTTP2
alpn h2 http/1.1 alpn h2 http/1.1
{%- else %} {%- else %} {#- if enable_h2 #}
# Disallow HTTP2 # Disallow HTTP2
alpn http/1.1 alpn http/1.1
{%- endif %} {%- endif %} {#- if enable_h2 #}
} } {# tls #}
log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
errors {{ slave_parameter.get('error_log') }} errors {{ slave_parameter.get('error_log') }}
{%- for disabled_cookie in disabled_cookie_list %} {%- for disabled_cookie in disabled_cookie_list %}
{%- endfor %} {%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
{%- if prefer_gzip %} {%- if prefer_gzip %}
{%- endif %} {%- endif %} {#- if prefer_gzip #}
{%- if slave_type == 'zope' and backend_url %} {%- if slave_type == 'zope' and backend_url %}
# Zope configuration # Zope configuration
...@@ -55,44 +55,44 @@ ...@@ -55,44 +55,44 @@
{%- if disable_via_header %} {%- if disable_via_header %}
header_downstream -Via header_downstream -Via
{%- endif %} {%- endif %} {#- if disable_via_header #}
{%- if disable_no_cache_header %} {%- if disable_no_cache_header %}
header_upstream -Cache-Control header_upstream -Cache-Control
header_upstream -Pragma header_upstream -Pragma
{%- endif %} {%- endif %} {#- if disable_no_cache_header #}
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %} {%- if 'ssl_proxy_ca_crt' in slave_parameter %}
{%- endif %} {%- endif %} {#- if 'ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify insecure_skip_verify
{%- endif %} {%- endif %} {#- if ssl_proxy_verify #}
} } {# proxy #}
{%- if 'default-path' in slave_parameter %} {%- if 'default-path' in slave_parameter %}
redir 301 { redir 301 {
if {path} is / if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }} / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
} } {# redir #}
{%- endif %} {%- endif %} {#- if 'default-path' in slave_parameter #}
rewrite { rewrite {
regexp (.*) regexp (.*)
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1} to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
} } {# rewrite #}
{%- elif slave_type == 'redirect' and backend_url %} {%- elif slave_type == 'redirect' and backend_url %} {#- if slave_type == 'zope' and backend_url #}
# Redirect configuration # Redirect configuration
redir 302 { redir 302 {
/ {{ backend_url }}{uri} / {{ backend_url }}{uri}
} } {# redir #}
{%- else %} {%- else %} {#- if slave_type == 'zope' and backend_url #}
# Default configuration # Default configuration
{%- if 'default-path' in slave_parameter %} {%- if 'default-path' in slave_parameter %}
redir 301 { redir 301 {
if {path} is / if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }} / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
} } {# redir #}
{%- endif %} {%- endif %} {#- if 'default-path' in slave_parameter #}
{%- if backend_url %} {%- if backend_url %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
...@@ -101,24 +101,24 @@ ...@@ -101,24 +101,24 @@
{%- if disable_via_header %} {%- if disable_via_header %}
header_downstream -Via header_downstream -Via
{%- endif %} {%- endif %} {#- if disable_via_header #}
{%- if disable_no_cache_header %} {%- if disable_no_cache_header %}
header_upstream -Cache-Control header_upstream -Cache-Control
header_upstream -Pragma header_upstream -Pragma
{%- endif %} {%- endif %} {#- if disable_no_cache_header #}
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %} {%- if 'ssl_proxy_ca_crt' in slave_parameter %}
{%- endif %} {%- endif %} {#- if 'ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify insecure_skip_verify
{%- endif %} {%- endif %} {#- if ssl_proxy_verify #}
} } {# proxy #}
{%- endif %} {%- endif %} {#- if backend_url #}
{%- endif %} {%- endif %} {#- if slave_type == 'zope' and backend_url #}
} } {# https_host_list|join(', ') #}
# SSL-disabled hosts # SSL-disabled hosts
{{ http_host_list|join(', ') }} { {{ http_host_list|join(', ') }} {
...@@ -127,26 +127,26 @@ ...@@ -127,26 +127,26 @@
gzip gzip
{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %} {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
status 501 / status 501 /
{%- endif %} {%- endif %} {#- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter #}
log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
errors {{ slave_parameter.get('error_log') }} errors {{ slave_parameter.get('error_log') }}
{%- for disabled_cookie in disabled_cookie_list %} {%- for disabled_cookie in disabled_cookie_list %}
{%- endfor %} {%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
{%- if prefer_gzip %} {%- if prefer_gzip %}
{%- endif %} {%- endif %} {#- if prefer_gzip #}
{%- if https_only %} {%- if https_only %}
# Enforced redirection to SSL-enabled host # Enforced redirection to SSL-enabled host
redir / https://{host}{uri} redir / https://{host}{uri}
{%- elif slave_type == 'redirect' and slave_parameter.get('url', '') %} {%- elif slave_type == 'redirect' and slave_parameter.get('url', '') %} {#- if https_only #}
# Redirect configuration # Redirect configuration
redir 302 { redir 302 {
/ {{ slave_parameter.get('url', '') }}{uri} / {{ slave_parameter.get('url', '') }}{uri}
} } {# redir #}
{%- elif slave_type == 'zope' and backend_url %} {%- elif slave_type == 'zope' and backend_url %} {#- if https_only #}
# Zope configuration # Zope configuration
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
# As backend is trusting REMOTE_USER header unset it always # As backend is trusting REMOTE_USER header unset it always
...@@ -154,39 +154,39 @@ ...@@ -154,39 +154,39 @@
{%- if disable_via_header %} {%- if disable_via_header %}
header_downstream -Via header_downstream -Via
{%- endif %} {%- endif %} {#- if disable_via_header #}
{%- if disable_no_cache_header %} {%- if disable_no_cache_header %}
header_upstream -Cache-Control header_upstream -Cache-Control
header_upstream -Pragma header_upstream -Pragma
{%- endif %} {%- endif %} {#- if disable_no_cache_header #}
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %} {%- if 'ssl_proxy_ca_crt' in slave_parameter %}
{%- endif %} {%- endif %} {#- if 'ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify insecure_skip_verify
{%- endif %} {%- endif %} {#- if ssl_proxy_verify #}
} } {# proxy #}
{%- if 'default-path' in slave_parameter %} {%- if 'default-path' in slave_parameter %}
redir 301 { redir 301 {
if {path} is / if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }} / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
} } {# redir #}
{%- endif %} {%- endif %} {#- if 'default-path' in slave_parameter #}
rewrite { rewrite {
regexp (.*) regexp (.*)
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1} to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
} } {# rewrite #}
{%- else %} {%- else %} {#- if https_only #}
# Default configuration # Default configuration
{%- if 'default-path' in slave_parameter %} {%- if 'default-path' in slave_parameter %}
redir 301 { redir 301 {
if {path} is / if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }} / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
} } {# redir #}
{%- endif %} {%- endif %} {#- if 'default-path' in slave_parameter #}
{%- if slave_parameter.get('url', '') %} {%- if slave_parameter.get('url', '') %}
proxy / {{ slave_parameter.get('url', '') }} { proxy / {{ slave_parameter.get('url', '') }} {
# As backend is trusting REMOTE_USER header unset it always # As backend is trusting REMOTE_USER header unset it always
...@@ -194,21 +194,21 @@ ...@@ -194,21 +194,21 @@
{%- if disable_via_header %} {%- if disable_via_header %}
header_downstream -Via header_downstream -Via
{%- endif %} {%- endif %} {#- if disable_via_header #}
{%- if disable_no_cache_header %} {%- if disable_no_cache_header %}
header_upstream -Cache-Control header_upstream -Cache-Control
header_upstream -Pragma header_upstream -Pragma
{%- endif %} {%- endif %} {#- if disable_no_cache_header #}
transparent transparent
timeout 600s timeout 600s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %} {%- if 'ssl_proxy_ca_crt' in slave_parameter %}
{%- endif %} {%- endif %} {#- if 'ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify insecure_skip_verify
{%- endif %} {%- endif %} {#- if ssl_proxy_verify #}
} } {# proxy #}
{%- endif %} {%- endif %} {#- if slave_parameter.get('url', '') #}
{%- endif %} {%- endif %} {#- if https_only #}
} } {# http_host_list|join(', ') #}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7