Commit d2648882 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Move parameters to caddy executable

Caddy, dislike apache, uses a lot of parameters on comand line instead of
Caddyfile, so move them there.
parent 70a936fc
......@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
[template-apache-frontend]
filename = instance-apache-frontend.cfg
md5sum = c1788e86063b9dffc0c024be06456679
md5sum = 293498fe5c61a72baaf15f9287d36abb
[template-apache-replicate]
filename = instance-apache-replicate.cfg.in
......@@ -31,7 +31,7 @@ md5sum = b016f416ce5390213afef56c4a41aaa1
[template-slave-configuration]
filename = templates/custom-virtualhost.conf.in
md5sum = d103143e5d50682bd5ad43117d82e2fa
md5sum = ab322884ae45085c6468bd4556a5b4ba
[template-replicate-publish-slave-information]
filename = templates/replicate-publish-slave-information.cfg.in
......@@ -39,7 +39,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e
[template-caddy-frontend-configuration]
filename = templates/Caddyfile.in
md5sum = 75ba24f0447240db20250a88a1ebc524
md5sum = 1e79ab65f616424fb893c63e8a2fe962
[template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
......@@ -51,11 +51,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-virtualhost]
filename = templates/000.conf.in
md5sum = d98a01182f38868612948c87d5231428
md5sum = 3b5e20b48112a2cf070481966506d9bf
[template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in
md5sum = 7f38084af107034bedefba971abe165c
md5sum = b302fc0a44ffac068902b1fb37c96bd7
[template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in
......@@ -63,7 +63,7 @@ md5sum = 1a1a53d9ac4a1591c017d86850a94796
[template-log-access]
filename = templates/template-log-access.conf.in
md5sum = f85005b430978f3bd24ee7ce11b0e304
md5sum = 50541094dd3ee6c240a9c7a0590fcff8
[template-empty]
filename = templates/empty.in
......@@ -99,4 +99,4 @@ md5sum = ebe5d3d19923eb812a40019cb11276d8
[template-caddy-graceful-script]
filename = templates/caddy-graceful-script.sh.in
md5sum = d5a00bde52b0720e210fcd8ef352a583
md5sum = 0b96d401252e3c38a552c51569457929
......@@ -123,6 +123,8 @@ configuration.ram-cache-size = 1G
configuration.trafficserver-autoconf-port = 8083
configuration.trafficserver-mgmt-port = 8084
configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html
configuration.enable-http2-by-default = true
configuration.mpm-graceful-shutdown-timeout = 5
[frontend-configuration]
template-log-access = ${template-log-access:target}
......@@ -223,13 +225,10 @@ rendered = $${apache-configuration:frontend-configuration}
extra-context =
key httpd_home software-release-path:caddy-location
key httpd_mod_ssl_cache_directory caddy-directory:mod-ssl
key domain instance-parameter:configuration.domain
key document_root caddy-directory:document-root
key instance_home buildout:directory
key ipv4_addr instance-parameter:ipv4-random
key ipv6_addr instance-parameter:ipv6-random
key http_port instance-parameter:configuration.plain_http_port
key https_port instance-parameter:configuration.port
key server_admin instance-parameter:configuration.server-admin
key protected_path apache-configuration:protected-path
key access_control_string apache-configuration:access-control-string
......@@ -239,21 +238,29 @@ extra-context =
key ca_dir certificate-authority:ca-dir
key ca_crl certificate-authority:ca-crl
key access_log apache-configuration:access-log
key error_log apache-configuration:error-log
key pid_file apache-configuration:pid-file
key slave_configuration_directory caddy-directory:slave-configuration
key cached_port apache-configuration:cache-through-port
key ssl_cached_port apache-configuration:ssl-cache-through-port
key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
section frontend_configuration frontend-configuration
[caddy-wrapper-common]
[caddy-wrapper]
recipe = slapos.cookbook:wrapper
command-line = ${caddy:output}
-conf $${dynamic-apache-frontend-template:rendered}
-root $${caddy-directory:document-root}
-host $${instance-parameter:configuration.domain}
-http-port $${instance-parameter:configuration.plain_http_port}
-https-port $${instance-parameter:configuration.port}
-log $${apache-configuration:error-log}
-http2=$${instance-parameter:configuration.enable-http2-by-default}
-grace $${instance-parameter:configuration.mpm-graceful-shutdown-timeout}s
-pidfile $${apache-configuration:pid-file}
wrapper-path = $${directory:bin}/caddy-wrapper
[apache-frontend]
recipe = slapos.cookbook:wrapper
command-line = $${caddy-wrapper-common:command-line}
command-line = $${caddy-wrapper:wrapper-path}
wrapper-path = $${directory:service}/frontend_caddy
wait-for-files =
$${ca-frontend:cert-file}
......@@ -283,7 +290,7 @@ error-log = $${directory:log}/frontend-apache-error.log
pid-file = $${directory:run}/httpd.pid
protected-path = /
access-control-string = none
frontend-configuration-verification = $${caddy-wrapper-common:command-line} -validate > /dev/null
frontend-configuration-verification = $${caddy-wrapper:wrapper-path} -validate > /dev/null
frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi
# Comunication with ats
......@@ -294,7 +301,7 @@ ssl-cache-through-port = 26012
# Create wrapper for "apachectl conftest" in bin
[configtest]
recipe = slapos.cookbook:wrapper
command-line = $${caddy-wrapper-common:command-line} -validate
command-line = $${caddy-wrapper:wrapper-path} -validate
wrapper-path = $${directory:bin}/caddy-configtest
[certificate-authority]
......@@ -520,6 +527,7 @@ mode = 0700
extra-context =
key directory_run directory:run
key directory_etc directory:etc
key directory_bin directory:bin
key caddy_graceful_reload_command apache-configuration:frontend-graceful-command
[frontend-caddy-lazy-graceful]
......
<VirtualHost *:{{ https_port }}>
ServerName www.example.org
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
# Rewrite part
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
ErrorDocument 404 /notfound.html
</VirtualHost>
<VirtualHost *:{{ http_port }}>
ServerName www.example.org
ErrorDocument 404 /notfound.html
</VirtualHost>
\ No newline at end of file
# TODO-Caddy <VirtualHost *:{{ https_port }}>
# TODO-Caddy ServerName www.example.org
# TODO-Caddy SSLEngine on
# TODO-Caddy SSLProxyEngine on
# TODO-Caddy SSLProtocol all -SSLv2 -SSLv3
# TODO-Caddy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
# TODO-Caddy SSLHonorCipherOrder on
# TODO-Caddy
# TODO-Caddy # Rewrite part
# TODO-Caddy ProxyPreserveHost On
# TODO-Caddy ProxyTimeout 600
# TODO-Caddy RewriteEngine On
# TODO-Caddy
# TODO-Caddy ErrorDocument 404 /notfound.html
# TODO-Caddy
# TODO-Caddy </VirtualHost>
# TODO-Caddy
# TODO-Caddy <VirtualHost *:{{ http_port }}>
# TODO-Caddy
# TODO-Caddy ServerName www.example.org
# TODO-Caddy ErrorDocument 404 /notfound.html
# TODO-Caddy </VirtualHost>
......@@ -2,12 +2,13 @@
RUN_DIR={{ directory_run }}
ETC_DIR={{ directory_etc }}
BIN_DIR={{ directory_bin }}
CADDY_SIGNATURE_FILE=$RUN_DIR/caddy_configuration.signature
NCADDY_SIGNATURE_FILE=$RUN_DIR/ncaddy_configuration.signature
touch $CADDY_SIGNATURE_FILE
sha256sum $ETC_DIR/Caddyfile $ETC_DIR/caddy-*.d/*.conf $ETC_DIR/caddy-*.d/ssl/*.*key $ETC_DIR/caddy-*.d/ssl/*.*crt* | sort -k 66 > $NCADDY_SIGNATURE_FILE
sha256sum $BIN_DIR/caddy-wrapper $ETC_DIR/Caddyfile $ETC_DIR/caddy-*.d/*.conf $ETC_DIR/caddy-*.d/ssl/*.*key $ETC_DIR/caddy-*.d/ssl/*.*crt* | sort -k 66 > $NCADDY_SIGNATURE_FILE
# If no diff, no restart for now
if diff "$CADDY_SIGNATURE_FILE" "$NCADDY_SIGNATURE_FILE"; then
......
<VirtualHost *:{{ https_port }}>
{{ slave_parameter.get('apache_custom_https', '') }}
</VirtualHost>
<VirtualHost *:{{ http_port }}>
{{ slave_parameter.get('apache_custom_https', '') }}
</VirtualHost>
# TODO-Caddy <VirtualHost *:{{ https_port }}>
# TODO-Caddy {{ slave_parameter.get('apache_custom_https', '') }}
# TODO-Caddy </VirtualHost>
# TODO-Caddy
# TODO-Caddy <VirtualHost *:{{ http_port }}>
# TODO-Caddy {{ slave_parameter.get('apache_custom_https', '') }}
# TODO-Caddy </VirtualHost>
{% for slave, directory in slave_log_directory.iteritems() %}
Alias /{{slave}}/ {{directory}}/
<Directory {{directory}}>
Order Deny,Allow
Deny from env=AUTHREQUIRED
<Files ".??*">
Order Allow,Deny
Deny from all
</Files>
AuthType Basic
AuthName "Log Access {{slave}}"
AuthUserFile "{{ apache_configuration_directory + '/.' + slave.upper() + '.htaccess'}}"
Require user {{slave.upper()}}
Options Indexes FollowSymLinks
Satisfy all
</Directory>
# TODO-Caddy Alias /{{slave}}/ {{directory}}/
# TODO-Caddy <Directory {{directory}}>
# TODO-Caddy Order Deny,Allow
# TODO-Caddy Deny from env=AUTHREQUIRED
# TODO-Caddy <Files ".??*">
# TODO-Caddy Order Allow,Deny
# TODO-Caddy Deny from all
# TODO-Caddy </Files>
# TODO-Caddy AuthType Basic
# TODO-Caddy AuthName "Log Access {{slave}}"
# TODO-Caddy AuthUserFile "{{ apache_configuration_directory + '/.' + slave.upper() + '.htaccess'}}"
# TODO-Caddy Require user {{slave.upper()}}
# TODO-Caddy Options Indexes FollowSymLinks
# TODO-Caddy Satisfy all
# TODO-Caddy </Directory>
{% endfor %}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment