caddy-frontend: Start using caddy

546f8be1 · Łukasz Nowak · 8f781c5b · 546f8be1 · 546f8be1 · 546f8be1
Commit 546f8be1 authored May 10, 2018 by Łukasz Nowak
7 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e

 [template-apache-frontend]
 filename = instance-apache-frontend.cfg
-md5sum = b6a2c860ea1cd4bc9d185c7108c52d0a
+md5sum = 597dd12fd1449c62df84677d9734e624

 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913

 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 24e514ad6f15859229db46f24a8cd280
+md5sum = a18268224f0a9fac251041fb5883417c

 [template-slave-configuration]
 filename = templates/custom-virtualhost.conf.in
@@ -37,13 +37,13 @@ md5sum = d103143e5d50682bd5ad43117d82e2fa
 filename = templates/replicate-publish-slave-information.cfg.in
 md5sum = 665e83d660c9b779249b2179d7ce4b4e

-[template-apache-frontend-configuration]
-filename = templates/apache.conf.in
+[template-caddy-frontend-configuration]
+filename = templates/Caddyfile.in
 md5sum = 75ba24f0447240db20250a88a1ebc524

 [template-custom-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 24e514ad6f15859229db46f24a8cd280
+md5sum = a18268224f0a9fac251041fb5883417c

 [template-not-found-html]
 filename = templates/notfound.html
@@ -97,6 +97,6 @@ md5sum = 82d74a7f2aceb2b4a7acc6259291b7f2
 filename = templates/apache-lazy-script-call.sh.in
 md5sum = ebe5d3d19923eb812a40019cb11276d8

-[template-apache-graceful-script]
-filename = templates/apache-graceful-script.sh.in
-md5sum = 41299cc64200e7b8217fb9dec20bb8b9
+[template-caddy-graceful-script]
+filename = templates/caddy-graceful-script.sh.in
+md5sum = d5a00bde52b0720e210fcd8ef352a583
--- a/software/caddy-frontend/common.cfg
+++ b/software/caddy-frontend/common.cfg
@@ -70,9 +70,9 @@ filename = custom-virtualhost.conf.in
 <=download-template
 filename = replicate-publish-slave-information.cfg.in

-[template-apache-frontend-configuration]
+[template-caddy-frontend-configuration]
 <=download-template
-filename = apache.conf.in
+filename = Caddyfile.in

 [template-custom-slave-list]
 <=download-template
@@ -137,9 +137,9 @@ mode = 0644
 <=download-template
 filename = apache-lazy-script-call.sh.in

-[template-apache-graceful-script]
+[template-caddy-graceful-script]
 <=download-template
-filename = apache-graceful-script.sh.in
+filename = caddy-graceful-script.sh.in

 [template-nginx-eventsource-slave-virtualhost]
 <=download-template

--- a/software/caddy-frontend/instance-apache-frontend.cfg
+++ b/software/caddy-frontend/instance-apache-frontend.cfg
@@ -11,7 +11,7 @@ parts =
  logrotate-entry-nginx
  apache-frontend
  switch-apache-softwaretype
-  frontend-apache-graceful
+  frontend-caddy-graceful
  frontend-nginx-graceful
  dynamic-template-default-vh
  not-found-html
@@ -127,9 +127,9 @@ configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html
 [frontend-configuration]
 template-log-access = ${template-log-access:target}
 log-access-configuration = $${directory:etc}/apache-log-access.conf
-apache-directory = ${apache:location}
-apache-ipv6 = $${instance-parameter:ipv6-random}
-apache-https-port = $${instance-parameter:configuration.port}
+caddy-directory = ${caddy:location}
+caddy-ipv6 = $${instance-parameter:ipv6-random}
+caddy-https-port = $${instance-parameter:configuration.port}

 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
@@ -147,7 +147,7 @@ context =
 [dynamic-template-default-vh]
 < = jinja2-template-base
 template = ${template-default-virtualhost:target}
-rendered = $${apache-directory:slave-configuration}/000.conf
+rendered = $${caddy-directory:slave-configuration}/000.conf
 extensions = jinja2.ext.do
 extra-context =
    key http_port instance-parameter:configuration.plain_http_port
@@ -160,7 +160,7 @@ template-default-slave-virtualhost = ${template-default-slave-virtualhost:target
 template-cached-slave-virtualhost = ${template-cached-slave-virtualhost:target}
 template-nginx-eventsource-slave-virtualhost = ${template-nginx-eventsource-slave-virtualhost:target}
 template-nginx-notebook-slave-virtualhost = ${template-nginx-notebook-slave-virtualhost:target}
-apache-location = ${apache:location}
+caddy-location = ${caddy:location}

 [dynamic-custom-personal-template-slave-list]
 < = jinja2-template-base
@@ -168,10 +168,10 @@ template = ${template-slave-list:target}
 filename = custom-personal-instance-slave-list.cfg
 extensions = jinja2.ext.do
 extra-context =
-    key apache_configuration_directory apache-directory:slave-configuration
-    key nginx_configuration_directory apache-directory:nginx-slave-configuration
-    key apache_cached_configuration_directory apache-directory:slave-with-cache-configuration
-    key slave_with_cache_configuration_directory apache-directory:slave-with-cache-configuration
+    key apache_configuration_directory caddy-directory:slave-configuration
+    key nginx_configuration_directory caddy-directory:nginx-slave-configuration
+    key apache_cached_configuration_directory caddy-directory:slave-with-cache-configuration
+    key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
    key http_port instance-parameter:configuration.plain_http_port
    key https_port instance-parameter:configuration.port
    key nginx_http_port instance-parameter:configuration.plain_nginx_port
@@ -179,8 +179,8 @@ extra-context =
    key public_ipv4 instance-parameter:configuration.public-ipv4
    key slave_instance_list instance-parameter:slave-instance-list
    key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
-    key custom_ssl_directory apache-directory:vh-ssl
-    key apache_log_directory apache-directory:slave-log
+    key custom_ssl_directory caddy-directory:vh-ssl
+    key apache_log_directory caddy-directory:slave-log
    key local_ipv4 instance-parameter:ipv4-random
    key global_ipv6 slap-network-information:global-ipv6
    key varnginx directory:varnginx
@@ -191,7 +191,7 @@ extra-context =
    key template_eventsource_slave_configuration software-release-path:template-nginx-eventsource-slave-virtualhost
    key template_notebook_slave_configuration software-release-path:template-nginx-notebook-slave-virtualhost
    raw software_type single-custom-personal
-    key frontend_lazy_graceful_reload frontend-apache-lazy-graceful:rendered
+    key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered
    section logrotate_dict logrotate
    section frontend_configuration frontend-configuration
    section apache_configuration apache-configuration
@@ -215,13 +215,13 @@ extra-context =
 # Deploy Apache Frontend (new way, no recipe, jinja power)
 [dynamic-apache-frontend-template]
 < = jinja2-template-base
-template = ${template-apache-frontend-configuration:target}
+template = ${template-caddy-frontend-configuration:target}
 rendered = $${apache-configuration:frontend-configuration}
 extra-context =
-    key httpd_home software-release-path:apache-location
-    key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
+    key httpd_home software-release-path:caddy-location
+    key httpd_mod_ssl_cache_directory caddy-directory:mod-ssl
    key domain instance-parameter:configuration.domain
-    key document_root apache-directory:document-root
+    key document_root caddy-directory:document-root
    key instance_home buildout:directory
    key ipv4_addr instance-parameter:ipv4-random
    key ipv6_addr instance-parameter:ipv6-random
@@ -238,31 +238,31 @@ extra-context =
    key access_log apache-configuration:access-log
    key error_log apache-configuration:error-log
    key pid_file apache-configuration:pid-file
-    key slave_configuration_directory apache-directory:slave-configuration
+    key slave_configuration_directory caddy-directory:slave-configuration
    key cached_port apache-configuration:cache-through-port
    key ssl_cached_port apache-configuration:ssl-cache-through-port
-    key slave_with_cache_configuration_directory apache-directory:slave-with-cache-configuration
+    key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
    section frontend_configuration frontend-configuration

 [apache-frontend]
 recipe = slapos.cookbook:wrapper
-command-line = ${apache:location}/bin/httpd -f $${dynamic-apache-frontend-template:rendered} -DFOREGROUND
-wrapper-path = $${directory:service}/frontend_apache
+command-line = ${caddy:output} -conf $${dynamic-apache-frontend-template:rendered}
+wrapper-path = $${directory:service}/frontend_caddy
 wait-for-files =
 	       $${ca-frontend:cert-file}
 	       $${ca-frontend:key-file}

 [not-found-html]
 recipe = slapos.cookbook:symbolic.link
-target-directory = $${apache-directory:document-root}
+target-directory = $${caddy-directory:document-root}
 link-binary =
 	    ${template-not-found-html:target}

-[apache-directory]
+[caddy-directory]
 recipe = slapos.cookbook:mkdirectory
 document-root = $${directory:srv}/htdocs
-slave-configuration = $${directory:etc}/apache-slave-conf.d/
-slave-with-cache-configuration = $${directory:etc}/apache-slave-with-cache-conf.d/
+slave-configuration = $${directory:etc}/caddy-slave-conf.d/
+slave-with-cache-configuration = $${directory:etc}/caddy-slave-with-cache-conf.d/
 cache = $${directory:var}/cache
 mod-ssl = $${:cache}/httpd_mod_ssl
 vh-ssl = $${:slave-configuration}/ssl
@@ -270,13 +270,13 @@ slave-log = $${directory:log}/httpd
 nginx-slave-configuration = $${directory:etc}/nginx-slave-conf.d/

 [apache-configuration]
-frontend-configuration = $${directory:etc}/apache_frontend.conf
+frontend-configuration = $${directory:etc}/Caddyfile
 access-log = $${directory:log}/frontend-apache-access.log
 error-log = $${directory:log}/frontend-apache-error.log
 pid-file = $${directory:run}/httpd.pid
 protected-path = /
 access-control-string = none
-frontend-configuration-verification = ${apache:location}/bin/httpd -Sf $${:frontend-configuration} > /dev/null
+frontend-configuration-verification = ${caddy:output} -validate -conf $${:frontend-configuration} > /dev/null
 frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi

 # Comunication with ats
@@ -287,8 +287,8 @@ ssl-cache-through-port = 26012
 # Create wrapper for "apachectl conftest" in bin
 [configtest]
 recipe = slapos.cookbook:wrapper
-command-line = ${apache:location}/bin/httpd -f $${directory:etc}/apache_frontend.conf -t
-wrapper-path = $${directory:bin}/apache-configtest
+command-line = ${caddy:output} -conf $${apache-configuration:frontend-configuration} -validate
+wrapper-path = $${directory:bin}/caddy-configtest

 [certificate-authority]
 recipe = slapos.cookbook:certificate_authority
@@ -314,8 +314,8 @@ crl = $${directory:ca-dir}/crl/
 recipe = slapos.cookbook:certificate_authority.request
 key-file = $${cadirectory:certs}/apache_frontend.key
 cert-file = $${cadirectory:certs}/apache_frontend.crt
-executable = $${directory:service}/frontend_apache
-wrapper = $${directory:service}/frontend_apache
+executable = $${directory:service}/frontend_caddy
+wrapper = $${directory:service}/frontend_caddy
 key-content = $${instance-parameter:configuration.apache-key}
 cert-content = $${instance-parameter:configuration.apache-certificate}
 # Put domain name
@@ -370,7 +370,7 @@ name = apache
 log = $${apache-configuration:error-log} $${apache-configuration:access-log}
 frequency = daily
 rotatep-num = 30
-post = $${frontend-apache-lazy-graceful:rendered} &
+post = $${frontend-caddy-lazy-graceful:rendered} &
 sharedscripts = true
 notifempty = true
 create = true
@@ -497,28 +497,28 @@ mode = 700
 ### End of ATS sections

 ### Apaches Graceful and promises
-[frontend-apache-graceful-bin]
+[frontend-caddy-graceful-bin]
 < = jinja2-template-base
 template = ${template-wrapper:output}
-rendered = $${directory:bin}/frontend-apache-safe-graceful
+rendered = $${directory:bin}/frontend-caddy-safe-graceful
 mode = 0700
 extra-context =
    key content apache-configuration:frontend-graceful-command

-[frontend-apache-graceful]
+[frontend-caddy-graceful]
 < = jinja2-template-base
-template = ${template-apache-graceful-script:target}
-rendered = $${directory:etc-run}/frontend-apache-safe-graceful
+template = ${template-caddy-graceful-script:target}
+rendered = $${directory:etc-run}/frontend-caddy-safe-graceful
 mode = 0700
 extra-context =
    key directory_run directory:run
    key directory_etc directory:etc
-    key apache_graceful_reload_command apache-configuration:frontend-graceful-command
+    key caddy_graceful_reload_command apache-configuration:frontend-graceful-command

-[frontend-apache-lazy-graceful]
+[frontend-caddy-lazy-graceful]
 < = jinja2-template-base
 template = ${template-apache-lazy-script-call:target}
-rendered = $${directory:bin}/frontend-apache-lazy-graceful
+rendered = $${directory:bin}/frontend-caddy-lazy-graceful
 mode = 0700
 pid-file = $${directory:run}/lazy-graceful.pid
 extra-context =

--- a/software/caddy-frontend/templates/apache.conf.in
+++ b/software/caddy-frontend/templates/apache.conf.in
--- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
+++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
@@ -74,7 +74,7 @@ crl = {{ custom_ssl_directory }}/crl/
 {#   Add slave log directory to the slave log access dict #}
 {%   do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %}

-{%   set slave_log_access_url = 'https://' + slave_reference + ':${'+ slave_password_section +':passwd}@[' + frontend_configuration.get('apache-ipv6') + ']:' + frontend_configuration.get('apache-https-port') + '/' + slave_reference.lower() + '/' %}
+{%   set slave_log_access_url = 'https://' + slave_reference + ':${'+ slave_password_section +':passwd}@[' + frontend_configuration.get('caddy-ipv6') + ']:' + frontend_configuration.get('caddy-https-port') + '/' + slave_reference.lower() + '/' %}
 {%   do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
 {%   do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
 {%   do slave_publish_dict.__setitem__('public-ipv4', public_ipv4) %}
@@ -136,7 +136,7 @@ bytes = 8
 recipe = plone.recipe.command
 stop-on-error = true
 htaccess-path = {{apache_configuration_directory}}/.{{slave_reference}}.htaccess
-command = {{frontend_configuration.get('apache-directory')}}/bin/htpasswd -cb ${:htaccess-path} {{ slave_reference }} {{ '${' + slave_password_section + ':passwd}' }}
+command = {{frontend_configuration.get('caddy-directory')}}/bin/htpasswd -cb ${:htaccess-path} {{ slave_reference }} {{ '${' + slave_password_section + ':passwd}' }}

 {# ################################################## #}
 {# Set Slave Certificates if needed                   #}

--- a/software/caddy-frontend/templates/apache-graceful-script.sh.in
+++ b/software/caddy-frontend/templates/apache-graceful-script.sh.in
-#!/bin/sh
-
-RUN_DIR={{ directory_run }}
-ETC_DIR={{ directory_etc }}
-
-APACHE_SIGNATURE_FILE=$RUN_DIR/apache_configuration.signature
-NAPACHE_SIGNATURE_FILE=$RUN_DIR/napache_configuration.signature
-
-touch $APACHE_SIGNATURE_FILE
-sha256sum $ETC_DIR/apache*.conf $ETC_DIR/apache-*.d/*.conf $ETC_DIR/apache-*.d/ssl/*.*key $ETC_DIR/apache-*.d/ssl/*.*crt* | sort -k 66 > $NAPACHE_SIGNATURE_FILE 
-
-# If no diff, no restart for now
-if diff "$APACHE_SIGNATURE_FILE" "$NAPACHE_SIGNATURE_FILE"; then
-  echo "Nothing Changed, so nothing to reload"
-  exit 0
-fi
-echo "Reloading apache.."
-
-{{ apache_graceful_reload_command }}
-
-mv "$NAPACHE_SIGNATURE_FILE" "$APACHE_SIGNATURE_FILE" 
--- a/software/caddy-frontend/templates/caddy-graceful-script.sh.in
+++ b/software/caddy-frontend/templates/caddy-graceful-script.sh.in
+#!/bin/sh
+
+RUN_DIR={{ directory_run }}
+ETC_DIR={{ directory_etc }}
+
+CADDY_SIGNATURE_FILE=$RUN_DIR/caddy_configuration.signature
+NCADDY_SIGNATURE_FILE=$RUN_DIR/ncaddy_configuration.signature
+
+touch $CADDY_SIGNATURE_FILE
+sha256sum $ETC_DIR/Caddyfile $ETC_DIR/caddy-*.d/*.conf $ETC_DIR/caddy-*.d/ssl/*.*key $ETC_DIR/caddy-*.d/ssl/*.*crt* | sort -k 66 > $NCADDY_SIGNATURE_FILE
+
+# If no diff, no restart for now
+if diff "$CADDY_SIGNATURE_FILE" "$NCADDY_SIGNATURE_FILE"; then
+  echo "Nothing Changed, so nothing to reload"
+  exit 0
+fi
+echo "Reloading caddy.."
+
+{{ caddy_graceful_reload_command }}
+
+mv "$NCADDY_SIGNATURE_FILE" "$CADDY_SIGNATURE_FILE"