caddy-frontend: Implement enable_cache

fc41a948 · Łukasz Nowak · c59f2588 · fc41a948 · fc41a948 · fc41a948
Commit fc41a948 authored May 22, 2018 by Łukasz Nowak
4 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913

 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 181631c2acd06dc79508711123ea3b82
+md5sum = 0643a19572f65e496e1656df0971d8bd

 [template-slave-configuration]
 filename = templates/custom-virtualhost.conf.in
@@ -43,7 +43,7 @@ md5sum = d1a7a759aa2801c96ecf4445a33203f2

 [template-custom-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 181631c2acd06dc79508711123ea3b82
+md5sum = 0643a19572f65e496e1656df0971d8bd

 [template-not-found-html]
 filename = templates/notfound.html
@@ -55,11 +55,11 @@ md5sum = 4dbb8560e4de1af2a0706b020e713fe7

 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = 07b3a9a0f25d1a173066a39293f09cd6
+md5sum = 4e06ce63dfbd38dd855f04aa7d01951f

 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
-md5sum = 42a574141f2d8e27669e3848d2e600a1
+md5sum = b66ebb546e1762419a22ac853437a9c2

 [template-log-access]
 filename = templates/template-log-access.conf.in

--- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
+++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
@@ -323,6 +323,8 @@ extra-context =
    section slave_parameter {{ slave_configuration_section_name }}
    raw cached_port {{ cached_port }}
    raw ssl_cached_port {{ ssl_cached_port }}
+    raw local_ipv4 {{ local_ipv4 }}
+    raw local_ipv6 {{ local_ipv6 }}
 {{ '\n' }}
 {% endfor %}


--- a/software/caddy-frontend/templates/cached-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/cached-virtualhost.conf.in
 {% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
 {% set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
 {% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
+{%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%}
+{%- set http_host_list = [] %}
+{%- set https_host_list = [] %}
+{%- for host in host_list %}
+{%-   do http_host_list.append('http://%s:%s' % (host, cached_port)) %}
+{%-   do https_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %}
+{%- endfor %}

-# TODO-Caddy # Only accept generic (i.e not Zope) backends on http
-# TODO-Caddy <VirtualHost *:{{ cached_port }}>
-# TODO-Caddy   ServerName {{ slave_parameter.get('custom_domain') }}
-# TODO-Caddy   {%- for server_alias in server_alias_list %}
-# TODO-Caddy   ServerAlias {{ server_alias }}
-# TODO-Caddy   {% endfor %}
-# TODO-Caddy   SSLProxyEngine on
-
-# TODO-Caddy {% if ssl_proxy_verify -%}
-# TODO-Caddy {%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
+# Only accept generic (i.e not Zope) backends on http
+{{ http_host_list|join(', ') }} {
+  bind {{ local_ipv4 }}
+# TODO-Caddy  bind {{ local_ipv6 }}
+# Rewrite part
+  proxy / {{ slave_parameter.get('backend_url', '') }} {
+    transparent
+    timeout 600s
+{%- if ssl_proxy_verify %}
+{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
 # TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
-# TODO-Caddy {%   endif %}
-# TODO-Caddy   SSLProxyVerify require
-# TODO-Caddy   #SSLProxyCheckPeerCN on
-# TODO-Caddy   SSLProxyCheckPeerExpire on
-# TODO-Caddy {% endif %}
-# TODO-Caddy   # Rewrite part
-# TODO-Caddy   ProxyPreserveHost On
-# TODO-Caddy   ProxyTimeout 600
-# TODO-Caddy   RewriteEngine On
-# TODO-Caddy 
-# TODO-Caddy   RewriteRule ^/(.*)$ {{ slave_parameter.get('backend_url', '') }}/$1 [L,P]
-# TODO-Caddy </VirtualHost>
+#              Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
+{%-   endif %}
+{%- else %}
+    insecure_skip_verify
+{%- endif %}
+  }
+}

-# TODO-Caddy <VirtualHost *:{{ ssl_cached_port }}>
-# TODO-Caddy   ServerName {{ slave_parameter.get('custom_domain') }}
-# TODO-Caddy   {%- for server_alias in server_alias_list %}
-# TODO-Caddy   ServerAlias {{ server_alias }}
-# TODO-Caddy   {% endfor %}
-# TODO-Caddy   SSLProxyEngine on
-# TODO-Caddy 
-# TODO-Caddy {% if ssl_proxy_verify -%}
-# TODO-Caddy {%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
+{{ https_host_list|join(', ') }} {
+  bind {{ local_ipv4 }}
+# TODO-Caddy  bind {{ local_ipv6 }}
+##  tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }}
+  proxy / {{ slave_parameter.get('https_backend_url', '') }} {
+    transparent
+    timeout 600s
+{%- if ssl_proxy_verify %}
+{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
 # TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
-# TODO-Caddy {%   endif %}
-# TODO-Caddy   SSLProxyVerify require
-# TODO-Caddy   #SSLProxyCheckPeerCN on
-# TODO-Caddy   SSLProxyCheckPeerExpire on
-# TODO-Caddy {% endif %}
-# TODO-Caddy   # Rewrite part
-# TODO-Caddy   ProxyPreserveHost On
-# TODO-Caddy   ProxyTimeout 600
-# TODO-Caddy   RewriteEngine On
-# TODO-Caddy 
-# TODO-Caddy   RewriteRule ^/(.*)$ {{ slave_parameter.get('https_backend_url', '') }}/$1 [L,P]
-# TODO-Caddy </VirtualHost>
-# TODO-Caddy 
+#              Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
+{%-   endif %}
+{%- else %}
+    insecure_skip_verify
+{%- endif %}
+  }
+}
--- a/software/caddy-frontend/templates/default-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/default-virtualhost.conf.in
@@ -39,15 +39,6 @@
 # TODO-Caddy   SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
 # TODO-Caddy   SSLHonorCipherOrder on

-{% if disable_via_header %}
-# TODO-Caddy   Header unset Via
-{% endif -%}
-
-{% if disable_no_cache_header %}
-# TODO-Caddy   RequestHeader unset Cache-Control
-# TODO-Caddy   RequestHeader unset Pragma
-{% endif -%}
-
 {%- for disabled_cookie in disabled_cookie_list %}
 # TODO-Caddy {{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
 {% endfor -%}
@@ -58,6 +49,14 @@

 {% if slave_type ==  'zope' and backend_url -%}
  proxy / {{ backend_url }} {
+{% if disable_via_header %}
+    header_downstream -Via
+{% endif -%}
+
+{% if disable_no_cache_header %}
+    header_upstream -Cache-Control
+    header_upstream -Pragma
+{% endif -%}
    transparent
    timeout 600s
 {%- if ssl_proxy_verify %}
@@ -92,6 +91,14 @@
  {% endif -%}
  {%- if backend_url %}
  proxy / {{ backend_url }} {
+{% if disable_via_header %}
+    header_downstream -Via
+{% endif -%}
+
+{% if disable_no_cache_header %}
+    header_upstream -Cache-Control
+    header_upstream -Pragma
+{% endif -%}
    transparent
    timeout 600s
 {%- if ssl_proxy_verify %}
@@ -145,6 +152,14 @@
  }
 {% elif slave_type ==  'zope' and backend_url -%}
  proxy / {{ backend_url }} {
+{% if disable_via_header %}
+    header_downstream -Via
+{% endif -%}
+
+{% if disable_no_cache_header %}
+    header_upstream -Cache-Control
+    header_upstream -Pragma
+{% endif -%}
    transparent
    timeout 600s
 {%- if ssl_proxy_verify %}
@@ -175,6 +190,14 @@
  {% endif -%}
  {%- if slave_parameter.get('url', '') %}
  proxy / {{ slave_parameter.get('url', '') }} {
+{% if disable_via_header %}
+    header_downstream -Via
+{% endif -%}
+
+{% if disable_no_cache_header %}
+    header_upstream -Cache-Control
+    header_upstream -Pragma
+{% endif -%}
    transparent
    timeout 600s
 {%- if ssl_proxy_verify %}