Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kwabena Antwi-Boasiako
slapos
Commits
34945832
Commit
34945832
authored
May 07, 2013
by
Cédric Le Ninivin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
apache-frontend: Introduce new architecture for apache frontend
parent
6bc5832d
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
172 additions
and
301 deletions
+172
-301
slapos/recipe/apache_frontend/__init__.py
slapos/recipe/apache_frontend/__init__.py
+43
-259
slapos/recipe/apache_frontend/template/apache.conf.in
slapos/recipe/apache_frontend/template/apache.conf.in
+0
-5
slapos/recipe/apache_frontend/template/apache_cached.conf.in
slapos/recipe/apache_frontend/template/apache_cached.conf.in
+114
-0
software/apache-frontend/instance.cfg
software/apache-frontend/instance.cfg
+15
-37
No files found.
slapos/recipe/apache_frontend/__init__.py
View file @
34945832
...
@@ -58,7 +58,7 @@ class Recipe(BaseSlapRecipe):
...
@@ -58,7 +58,7 @@ class Recipe(BaseSlapRecipe):
frontend_port_number
=
self
.
parameter_dict
.
get
(
"port"
,
4443
)
frontend_port_number
=
self
.
parameter_dict
.
get
(
"port"
,
4443
)
frontend_plain_http_port_number
=
self
.
parameter_dict
.
get
(
frontend_plain_http_port_number
=
self
.
parameter_dict
.
get
(
"plain_http_port"
,
8080
)
"plain_http_port"
,
8080
)
base_varnish_port
=
260
09
base_varnish_port
=
260
10
slave_instance_list
=
self
.
parameter_dict
.
get
(
"slave_instance_list"
,
[])
slave_instance_list
=
self
.
parameter_dict
.
get
(
"slave_instance_list"
,
[])
self
.
path_list
=
[]
self
.
path_list
=
[]
...
@@ -70,6 +70,7 @@ class Recipe(BaseSlapRecipe):
...
@@ -70,6 +70,7 @@ class Recipe(BaseSlapRecipe):
self
.
path_list
.
append
(
self
.
killpidfromfile
)
self
.
path_list
.
append
(
self
.
killpidfromfile
)
rewrite_rule_list
=
[]
rewrite_rule_list
=
[]
rewrite_rule_cached_list
=
[]
rewrite_rule_https_only_list
=
[]
rewrite_rule_https_only_list
=
[]
rewrite_rule_zope_list
=
[]
rewrite_rule_zope_list
=
[]
rewrite_rule_zope_path_list
=
[]
rewrite_rule_zope_path_list
=
[]
...
@@ -133,7 +134,7 @@ class Recipe(BaseSlapRecipe):
...
@@ -133,7 +134,7 @@ class Recipe(BaseSlapRecipe):
# base_varnish_port, backend_url, reference, service_dict, domain)
# base_varnish_port, backend_url, reference, service_dict, domain)
rewrite_rule
=
self
.
configureSquidSlave
(
rewrite_rule
=
self
.
configureSquidSlave
(
base_varnish_port
,
backend_url
,
reference
,
service_dict
,
domain
)
base_varnish_port
,
backend_url
,
reference
,
service_dict
,
domain
)
base_varnish_port
+=
2
rewrite_rule_cached_list
.
append
(
"%s %s"
%
(
domain
,
backend_url
))
else
:
else
:
rewrite_rule
=
"%s %s"
%
(
domain
,
backend_url
)
rewrite_rule
=
"%s %s"
%
(
domain
,
backend_url
)
# # Temporary forbid activation of cache until it is properly tested
# # Temporary forbid activation of cache until it is properly tested
...
@@ -190,9 +191,11 @@ class Recipe(BaseSlapRecipe):
...
@@ -190,9 +191,11 @@ class Recipe(BaseSlapRecipe):
ip_list
=
[
"[%s]"
%
self
.
getGlobalIPv6Address
(),
ip_list
=
[
"[%s]"
%
self
.
getGlobalIPv6Address
(),
self
.
getLocalIPv4Address
()],
self
.
getLocalIPv4Address
()],
port
=
frontend_port_number
,
port
=
frontend_port_number
,
cached_port
=
base_varnish_port
+
1
,
plain_http_port
=
frontend_plain_http_port_number
,
plain_http_port
=
frontend_plain_http_port_number
,
name
=
frontend_domain_name
,
name
=
frontend_domain_name
,
rewrite_rule_list
=
rewrite_rule_list
,
rewrite_rule_list
=
rewrite_rule_list
,
rewrite_rule_cached_list
=
rewrite_rule_cached_list
,
rewrite_rule_https_only_list
=
rewrite_rule_https_only_list
,
rewrite_rule_https_only_list
=
rewrite_rule_https_only_list
,
rewrite_rule_zope_list
=
rewrite_rule_zope_list
,
rewrite_rule_zope_list
=
rewrite_rule_zope_list
,
rewrite_rule_zope_path_list
=
rewrite_rule_zope_path_list
,
rewrite_rule_zope_path_list
=
rewrite_rule_zope_path_list
,
...
@@ -257,7 +260,6 @@ class Recipe(BaseSlapRecipe):
...
@@ -257,7 +260,6 @@ class Recipe(BaseSlapRecipe):
service_dict
,
domain
):
service_dict
,
domain
):
# Squid should use stunnel to connect to the backend
# Squid should use stunnel to connect to the backend
base_squid_control_port
=
base_squid_port
base_squid_control_port
=
base_squid_port
base_squid_port
+=
1
# Use regex
# Use regex
host_regex
=
"((
\
[
\
w*|[0-9]+
\
.)(
\
:|)).*(
\
]|
\
.[0-9]+)"
host_regex
=
"((
\
[
\
w*|[0-9]+
\
.)(
\
:|)).*(
\
]|
\
.[0-9]+)"
slave_host
=
re
.
search
(
host_regex
,
url
).
group
(
0
)
slave_host
=
re
.
search
(
host_regex
,
url
).
group
(
0
)
...
@@ -282,218 +284,16 @@ class Recipe(BaseSlapRecipe):
...
@@ -282,218 +284,16 @@ class Recipe(BaseSlapRecipe):
# size="1G")
# size="1G")
service_dict
[
service_name
]
=
dict
(
public_ip
=
squid_ip
,
service_dict
[
service_name
]
=
dict
(
public_ip
=
squid_ip
,
public_port
=
stunnel_port
,
public_port
=
stunnel_port
,
private_ip
=
slave_host
.
replace
(
"["
,
""
).
replace
(
"]"
,
""
)
,
private_ip
=
slave_host
,
private_port
=
slave_port
)
private_port
=
slave_port
)
return
"%s http://%s:%s"
%
\
return
"%s http://%s:%s"
%
\
(
domain
,
squid_ip
,
base_squid_port
)
(
domain
,
squid_ip
,
base_squid_port
)
# def installSquidCache(self, name, ip, port, backend_host,
# backend_port, domain, size="1G"):
# """
# Install a squid daemon for a certain address
# """
## directory = self.createDataDirectory(name)
## squid_config = dict(
## directory=directory,
## pid = "%s/squid.pid" % directory,
## port="%s:%s" % (ip, port),
## squidd_binary=self.options["squidd_binary"],
## control_port="%s:%s" % (ip, control_port),
## storage="file,%s/storage.bin,%s" % (directory, size))
#
##
## squid_argument_list = [squid_config['squidd_binary'].strip(),
## "-F", "-n", directory, "-P", squid_config["pid"], "-p",
## "cc_command=exec %s " % self.options["gcc_binary"] +\
## "-fpic -shared -o %o %s",
## "-f", config_file,
## "-a", squid_config["port"], "-T", squid_config["control_port"],
## "-s", squid_config["storage"]]
## environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
## os.environ.get('PATH')))
## wrapper = zc.buildout.easy_install.scripts([(name,
## 'slapos.recipe.librecipe.execute', 'executee')], self.ws,
## sys.executable, self.service_directory, arguments=[squid_argument_list,
## environment])[0]
## self.path_list.append(wrapper)
#
#
## directory = self.createDataDirectory(name)
# config = dict(
# ip=ip,
# port=port,
# backend_ip=backend_host,
# backend_port=backend_port,
# domain=domain,
# # XXX Hardcoded
# access_log_path = os.path.join(self.log_directory, 'squid.access.log'),
# # XXX Hardcoded
# cache_log_path = os.path.join(self.log_directory, 'squid.cache.log'),
## cache_path=self.options['cache-path'],
# # XXX Hardcoded
# pid_filename_path=os.path.join(self.run_directory, 'squid.pid'),
# squid_binary=self.options["squid_binary"],
# )
#
# template_filename = self.getTemplateFilename('squid.conf.in')
# config_file = self.createConfigurationFile("%s.conf" % name,
# self.substituteTemplate(self.getTemplateFilename('squid.conf.in'),
# config))
#
## # Prepare directories
## prepare_path = self.createPythonScript(
## self.options['prepare-path'],
## 'slapos.recipe.librecipe.execute.execute',
## arguments=[self.options['binary-path'].strip(),
## '-z',
## '-f', configuration_path,
## ],)
##
## # Create running wrapper
## wrapper_path = self.createPythonScript(
## self.options['wrapper-path'],
## 'slapos.recipe.librecipe.execute.execute',
## arguments=[self.options['binary-path'].strip(),
## '-N',
## '-f', configuration_path,
## ],)
##
## return [configuration_path, wrapper_path, prepare_path]
#
# squid_argument_list = [config['squid_binary'].strip(),
# "-N", "-f", config_file]
## "cc_command=exec %s " % self.options["gcc_binary"] +\
## "-fpic -shared -o %o %s",
## "-f", config_file,
## "-a", config["port"], "-T", config["control_port"],
## "-s", config["storage"]]
# environment = dict(PATH="%s:%s" % (self.options["binutils_directory"],
# os.environ.get('PATH')))
# wrapper = zc.buildout.easy_install.scripts([(name,
# 'slapos.recipe.librecipe.execute', 'executee')], self.ws,
# sys.executable, self.service_directory, arguments=[squid_argument_list,
# environment])[0]
# self.path_list.append(wrapper)
#
# return config
# def requestCertificate(self, name):
# hash = hashlib.sha512(name).hexdigest()
# key = os.path.join(self.ca_private, hash + self.ca_key_ext)
# certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
# parser = ConfigParser.RawConfigParser()
# parser.add_section('certificate')
# parser.set('certificate', 'name', name)
# parser.set('certificate', 'key_file', key)
# parser.set('certificate', 'certificate_file', certificate)
# parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
# return key, certificate
# def installCrond(self):
# timestamps = self.createDataDirectory('cronstamps')
# cron_output = os.path.join(self.log_directory, 'cron-output')
# self._createDirectory(cron_output)
# catcher = zc.buildout.easy_install.scripts([('catchcron',
# __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
# self.bin_directory, arguments=[cron_output])[0]
# self.path_list.append(catcher)
# cron_d = os.path.join(self.etc_directory, 'cron.d')
# crontabs = os.path.join(self.etc_directory, 'crontabs')
# self._createDirectory(cron_d)
# self._createDirectory(crontabs)
# wrapper = zc.buildout.easy_install.scripts([('crond',
# 'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
# self.service_directory, arguments=[
# self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
# '-t', timestamps, '-f', '-l', '5', '-M', catcher]
# )[0]
# self.path_list.append(wrapper)
# return cron_d
# def installValidCertificateAuthority(self, domain_name, certificate, key):
# ca_dir = os.path.join(self.data_root_directory, 'ca')
# ca_private = os.path.join(ca_dir, 'private')
# ca_certs = os.path.join(ca_dir, 'certs')
# ca_crl = os.path.join(ca_dir, 'crl')
# self._createDirectory(ca_dir)
# for path in (ca_private, ca_certs, ca_crl):
# self._createDirectory(path)
# key_path = os.path.join(ca_private, domain_name + ".key")
# certificate_path = os.path.join(ca_certs, domain_name + ".crt")
# self._writeFile(key_path, key)
# self._writeFile(certificate_path, certificate)
# return dict(certificate_authority_path=ca_dir,
# ca_crl=ca_crl,
# certificate=certificate_path,
# key=key_path)
#
# def installCertificateAuthority(self, ca_country_code='XX',
# ca_email='xx@example.com', ca_state='State', ca_city='City',
# ca_company='Company'):
# backup_path = self.createBackupDirectory('ca')
# self.ca_dir = os.path.join(self.data_root_directory, 'ca')
# self._createDirectory(self.ca_dir)
# self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
# self._createDirectory(self.ca_request_dir)
# config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
# self.ca_private = os.path.join(self.ca_dir, 'private')
# self.ca_certs = os.path.join(self.ca_dir, 'certs')
# self.ca_crl = os.path.join(self.ca_dir, 'crl')
# self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
# self.ca_key_ext = '.key'
# self.ca_crt_ext = '.crt'
# for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
# self._createDirectory(d)
# for f in ['crlnumber', 'serial']:
# if not os.path.exists(os.path.join(self.ca_dir, f)):
# open(os.path.join(self.ca_dir, f), 'w').write('01')
# if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
# open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
# openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
# config.update(
# working_directory=self.ca_dir,
# country_code=ca_country_code,
# state=ca_state,
# city=ca_city,
# company=ca_company,
# email_address=ca_email,
# )
# self._writeFile(openssl_configuration, pkg_resources.resource_string(
# __name__, 'template/openssl.cnf.ca.in') % config)
#
# # XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
# # from the instance profile.
# self.path_list.extend(zc.buildout.easy_install.scripts([
# ('certificate_authority', __name__ + '.certificate_authority',
# 'runCertificateAuthority')],
# self.ws, sys.executable, self.service_directory, arguments=[dict(
# openssl_configuration=openssl_configuration,
# openssl_binary=self.options['openssl_binary'],
# certificate=os.path.join(self.ca_dir, 'cacert.pem'),
# key=os.path.join(self.ca_private, 'cakey.pem'),
# crl=os.path.join(self.ca_crl),
# request_dir=self.ca_request_dir
# )]))
# configure backup
#backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
#open(backup_cron, 'w').write(
# '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
# rdiff_backup=self.options['rdiff_backup_binary'],
# source=self.ca_dir,
# destination=backup_path))
#self.path_list.append(backup_cron)
# return dict(
# ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
# ca_crl=os.path.join(config['ca_dir'], 'crl'),
# certificate_authority_path=config['ca_dir']
# )
def
_getApacheConfigurationDict
(
self
,
name
,
ip_list
,
port
):
def
_getApacheConfigurationDict
(
self
,
name
,
ip_list
,
port
):
apache_conf
=
dict
()
apache_conf
=
dict
()
apache_conf
[
'server_name'
]
=
name
apache_conf
[
'server_name'
]
=
name
apache_conf
[
'pid_file'
]
=
self
.
options
[
'pid-file'
]
apache_conf
[
'pid_file'
]
=
self
.
options
[
'pid-file'
]
apache_conf
[
'pid_cache_file'
]
=
self
.
options
[
'cache-pid-file'
]
apache_conf
[
'lock_file'
]
=
os
.
path
.
join
(
self
.
run_directory
,
apache_conf
[
'lock_file'
]
=
os
.
path
.
join
(
self
.
run_directory
,
name
+
'.lock'
)
name
+
'.lock'
)
apache_conf
[
'document_root'
]
=
os
.
path
.
join
(
self
.
data_root_directory
,
apache_conf
[
'document_root'
]
=
os
.
path
.
join
(
self
.
data_root_directory
,
...
@@ -505,57 +305,23 @@ class Recipe(BaseSlapRecipe):
...
@@ -505,57 +305,23 @@ class Recipe(BaseSlapRecipe):
apache_conf
[
'server_admin'
]
=
'admin@'
apache_conf
[
'server_admin'
]
=
'admin@'
apache_conf
[
'error_log'
]
=
self
.
options
[
'error-log'
]
apache_conf
[
'error_log'
]
=
self
.
options
[
'error-log'
]
apache_conf
[
'access_log'
]
=
self
.
options
[
'access-log'
]
apache_conf
[
'access_log'
]
=
self
.
options
[
'access-log'
]
apache_conf
[
'error_cache_log'
]
=
self
.
options
[
'cache-error-log'
]
apache_conf
[
'access_cache_log'
]
=
self
.
options
[
'cache-access-log'
]
return
apache_conf
return
apache_conf
def
installStunnel
(
self
,
service_dict
,
certificate
,
key
,
ca_crl
,
ca_path
):
"""Installs stunnel
service_dict =
{ name: (public_ip, private_ip, public_port, private_port),}
"""
template_filename
=
self
.
getTemplateFilename
(
'stunnel.conf.in'
)
template_entry_filename
=
self
.
getTemplateFilename
(
'stunnel.conf.entry.in'
)
log
=
os
.
path
.
join
(
self
.
log_directory
,
'stunnel.log'
)
pid_file
=
os
.
path
.
join
(
self
.
run_directory
,
'stunnel.pid'
)
stunnel_conf
=
dict
(
pid_file
=
pid_file
,
log
=
log
,
cert
=
certificate
,
key
=
key
,
ca_crl
=
ca_crl
,
ca_path
=
ca_path
,
entry_str
=
''
)
entry_list
=
[]
for
name
,
parameter_dict
in
service_dict
.
iteritems
():
parameter_dict
[
"name"
]
=
name
entry_str
=
self
.
substituteTemplate
(
template_entry_filename
,
parameter_dict
)
entry_list
.
append
(
entry_str
)
stunnel_conf
[
"entry_str"
]
=
"
\
n
"
.
join
(
entry_list
)
stunnel_conf_path
=
self
.
createConfigurationFile
(
"stunnel.conf"
,
self
.
substituteTemplate
(
template_filename
,
stunnel_conf
))
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'stunnel'
,
'slapos.recipe.librecipe.execute'
,
'execute_wait'
)],
self
.
ws
,
sys
.
executable
,
self
.
service_directory
,
arguments
=
[
[
self
.
options
[
'stunnel_binary'
].
strip
(),
stunnel_conf_path
],
[
certificate
,
key
]]
)[
0
]
self
.
path_list
.
append
(
wrapper
)
return
stunnel_conf
def
installFrontendApache
(
self
,
ip_list
,
key
,
certificate
,
name
,
def
installFrontendApache
(
self
,
ip_list
,
key
,
certificate
,
name
,
port
=
4443
,
plain_http_port
=
8080
,
port
=
4443
,
plain_http_port
=
8080
,
cached_port
=
26081
,
rewrite_rule_list
=
None
,
rewrite_rule_list
=
None
,
rewrite_rule_cached_list
=
None
,
rewrite_rule_zope_list
=
None
,
rewrite_rule_zope_list
=
None
,
rewrite_rule_https_only_list
=
None
,
rewrite_rule_https_only_list
=
None
,
rewrite_rule_zope_path_list
=
None
,
rewrite_rule_zope_path_list
=
None
,
access_control_string
=
None
):
access_control_string
=
None
):
if
rewrite_rule_list
is
None
:
if
rewrite_rule_list
is
None
:
rewrite_rule_list
=
[]
rewrite_rule_list
=
[]
if
rewrite_rule_cached_list
is
None
:
rewrite_rule_cached_list
=
[]
if
rewrite_rule_https_only_list
is
None
:
if
rewrite_rule_https_only_list
is
None
:
rewrite_rule_zope_path_list
=
[]
rewrite_rule_zope_path_list
=
[]
if
rewrite_rule_zope_list
is
None
:
if
rewrite_rule_zope_list
is
None
:
...
@@ -597,21 +363,15 @@ class Recipe(BaseSlapRecipe):
...
@@ -597,21 +363,15 @@ class Recipe(BaseSlapRecipe):
if
not
os
.
path
.
exists
(
custom_apache_virtual_configuration_file_location
):
if
not
os
.
path
.
exists
(
custom_apache_virtual_configuration_file_location
):
open
(
custom_apache_virtual_configuration_file_location
,
'w'
)
open
(
custom_apache_virtual_configuration_file_location
,
'w'
)
# Create backup of custom apache configuration
#backup_path = self.createBackupDirectory('custom_apache_conf_backup')
#backup_cron = os.path.join(self.cron_d, 'custom_apache_conf_backup')
#open(backup_cron, 'w').write(
# '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
# rdiff_backup=self.options['rdiff_backup_binary'],
# source=custom_apache_configuration_directory,
# destination=backup_path))
#self.path_list.append(backup_cron)
# Create configuration file and rewritemaps
# Create configuration file and rewritemaps
apachemap_path
=
self
.
createConfigurationFile
(
apachemap_path
=
self
.
createConfigurationFile
(
"apache_rewritemap_generic.txt"
,
"apache_rewritemap_generic.txt"
,
"
\
n
"
.
join
(
rewrite_rule_list
)
"
\
n
"
.
join
(
rewrite_rule_list
)
)
)
apachecachedmap_path
=
self
.
createConfigurationFile
(
"apache_rewritemap_cached.txt"
,
"
\
n
"
.
join
(
rewrite_rule_cached_list
)
)
apachemap_httpsonly_path
=
self
.
createConfigurationFile
(
apachemap_httpsonly_path
=
self
.
createConfigurationFile
(
"apache_rewritemap_httpsonly.txt"
,
"apache_rewritemap_httpsonly.txt"
,
"
\
n
"
.
join
(
rewrite_rule_https_only_list
)
"
\
n
"
.
join
(
rewrite_rule_https_only_list
)
...
@@ -635,8 +395,14 @@ class Recipe(BaseSlapRecipe):
...
@@ -635,8 +395,14 @@ class Recipe(BaseSlapRecipe):
)
)
apache_conf
[
"listen"
]
=
"
\
n
"
.
join
([
apache_conf
[
"listen"
]
=
"
\
n
"
.
join
([
"Listen %s:%s"
%
(
ip
,
port
)
"Listen %s:%s"
%
(
ip
,
tmp_port
)
for
port
in
(
plain_http_port
,
port
)
for
tmp_port
in
(
plain_http_port
,
port
)
for
ip
in
ip_list
])
apache_conf
[
"listen_cache"
]
=
"
\
n
"
.
join
([
"Listen %s:%s"
%
(
ip
,
tmp_port
)
for
tmp_port
in
(
cached_port
,)
for
ip
in
ip_list
for
ip
in
ip_list
])
])
...
@@ -651,12 +417,14 @@ class Recipe(BaseSlapRecipe):
...
@@ -651,12 +417,14 @@ class Recipe(BaseSlapRecipe):
apache_conf
.
update
(
**
dict
(
apache_conf
.
update
(
**
dict
(
path_enable
=
path
,
path_enable
=
path
,
apachemap_path
=
apachemap_path
,
apachemap_path
=
apachemap_path
,
apachecachedmap_path
=
apachecachedmap_path
,
apachemap_httpsonly_path
=
apachemap_httpsonly_path
,
apachemap_httpsonly_path
=
apachemap_httpsonly_path
,
apachemapzope_path
=
apachemap_zope_path
,
apachemapzope_path
=
apachemap_zope_path
,
apachemapzopepath_path
=
apachemap_zopepath_path
,
apachemapzopepath_path
=
apachemap_zopepath_path
,
apache_domain
=
name
,
apache_domain
=
name
,
https_port
=
port
,
https_port
=
port
,
plain_http_port
=
plain_http_port
,
plain_http_port
=
plain_http_port
,
cached_port
=
cached_port
,
custom_apache_conf
=
custom_apache_configuration_file_location
,
custom_apache_conf
=
custom_apache_configuration_file_location
,
custom_apache_virtualhost_conf
=
custom_apache_virtual_configuration_file_location
,
custom_apache_virtualhost_conf
=
custom_apache_virtual_configuration_file_location
,
))
))
...
@@ -677,4 +445,20 @@ class Recipe(BaseSlapRecipe):
...
@@ -677,4 +445,20 @@ class Recipe(BaseSlapRecipe):
config
=
apache_config_file
)
config
=
apache_config_file
)
]))
]))
apache_cached_conf_string
=
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'apache_cached.conf.in'
),
apache_conf
)
apache_cached_config_file
=
self
.
createConfigurationFile
(
'apache_frontend_cached.conf'
,
apache_cached_conf_string
)
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([(
'frontend_cached_apache'
,
'slapos.recipe.erp5.apache'
,
'runApache'
)],
self
.
ws
,
sys
.
executable
,
self
.
service_directory
,
arguments
=
[
dict
(
required_path_list
=
[
key
,
certificate
],
binary
=
self
.
options
[
'httpd_binary'
],
config
=
apache_cached_config_file
)
]))
return
dict
(
site_url
=
"https://%s:%s/"
%
(
name
,
port
))
return
dict
(
site_url
=
"https://%s:%s/"
%
(
name
,
port
))
slapos/recipe/apache_frontend/template/apache.conf.in
View file @
34945832
...
@@ -87,8 +87,6 @@ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javasc
...
@@ -87,8 +87,6 @@ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javasc
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent
# SSL Configuration
# SSL Configuration
%(ssl_snippet)s
%(ssl_snippet)s
...
@@ -146,9 +144,6 @@ Header append Vary User-Agent
...
@@ -146,9 +144,6 @@ Header append Vary User-Agent
ProxyTimeout 600
ProxyTimeout 600
RewriteEngine On
RewriteEngine On
# Remove "Secure" from cookies, as backend may be https
Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
# Include configuration file not operated by slapos. This file won't be erased
# Include configuration file not operated by slapos. This file won't be erased
# or changed when slapgrid is ran. It can be freely customized by node admin.
# or changed when slapgrid is ran. It can be freely customized by node admin.
# Include %(custom_apache_virtualhost_conf)s
# Include %(custom_apache_virtualhost_conf)s
...
...
slapos/recipe/apache_frontend/template/apache_cached.conf.in
0 → 100644
View file @
34945832
# Apache configuration file for Zope
# Automatically generated
# Basic server configuration
PidFile "%(pid_cache_file)s"
ServerName %(server_name)s
DocumentRoot %(document_root)s
ServerRoot %(instance_home)s
%(listen_cache)s
ServerAdmin %(server_admin)s
DefaultType text/plain
TypesConfig %(httpd_home)s/conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER
ServerTokens Prod
# Log configuration
ErrorLog "%(error_cache_log)s"
LogLevel warn
# LogFormat "%%h %%{REMOTE_USER}i %%{Host}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
# LogFormat "%%h %%{REMOTE_USER}i %%{Host}i %%l %%u %%t \"%%r\" %%>s %%b" common
# CustomLog "%(access_log)s" common
LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_cache_log)s" combined
%(path_enable)s
# List of modules
#LoadModule unixd_module modules/mod_unixd.so
#LoadModule access_compat_module modules/mod_access_compat.so
#LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module %(httpd_home)s/modules/mod_authz_host.so
LoadModule log_config_module %(httpd_home)s/modules/mod_log_config.so
LoadModule deflate_module %(httpd_home)s/modules/mod_deflate.so
LoadModule setenvif_module %(httpd_home)s/modules/mod_setenvif.so
LoadModule version_module %(httpd_home)s/modules/mod_version.so
LoadModule proxy_module %(httpd_home)s/modules/mod_proxy.so
LoadModule proxy_http_module %(httpd_home)s/modules/mod_proxy_http.so
LoadModule ssl_module %(httpd_home)s/modules/mod_ssl.so
LoadModule mime_module %(httpd_home)s/modules/mod_mime.so
LoadModule dav_module %(httpd_home)s/modules/mod_dav.so
LoadModule dav_fs_module %(httpd_home)s/modules/mod_dav_fs.so
LoadModule negotiation_module %(httpd_home)s/modules/mod_negotiation.so
LoadModule rewrite_module %(httpd_home)s/modules/mod_rewrite.so
LoadModule headers_module %(httpd_home)s/modules/mod_headers.so
LoadModule cache_module %(httpd_home)s/modules/mod_cache.so
LoadModule mem_cache_module %(httpd_home)s/modules/mod_mem_cache.so
LoadModule antiloris_module %(httpd_home)s/modules/mod_antiloris.so
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
# Cache directives
CacheEnable mem /
CacheDefaultExpire 3600
MCacheSize 8192
MCacheMaxObjectCount 1000
MCacheMaxObjectSize 8192
MCacheRemovalAlgorithm LRU
# Deflate
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# SSL Configuration
%(ssl_snippet)s
# Only accept generic (i.e not Zope) backends on http
<VirtualHost *:%(cached_port)s>
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Include configuration file not operated by slapos. This file won't be erased
# or changed when slapgrid is ran. It can be freely customized by node admin.
# Include %(custom_apache_virtualhost_conf)s
RewriteMap apachemapcached txt:%(apachecachedmap_path)s
RewriteCond ${apachemapcached:%%{SERVER_NAME}} >""
RewriteRule ^/(.*)$ ${apachemapcached:%%{SERVER_NAME}}/$1 [L,P]
# If nothing exist : put a nice error
ErrorDocument 404 /notfound.html
</VirtualHost>
software/apache-frontend/instance.cfg
View file @
34945832
...
@@ -37,7 +37,7 @@ cronstamps = $${:etc}/cronstamps
...
@@ -37,7 +37,7 @@ cronstamps = $${:etc}/cronstamps
ca-dir = $${:srv}/ssl
ca-dir = $${:srv}/ssl
squid-cache = $${:srv}/squid_cache
squid-cache = $${:srv}/squid_cache
stunnel-conf = $${:etc}/stunnel
[instance-parameter]
[instance-parameter]
# Fetches parameters defined in SlapOS Master for this instance.
# Fetches parameters defined in SlapOS Master for this instance.
...
@@ -79,6 +79,9 @@ ca_crl = $${certificate-authority:ca-crl}
...
@@ -79,6 +79,9 @@ ca_crl = $${certificate-authority:ca-crl}
access-log = $${directory:log}/frontend-apache-access.log
access-log = $${directory:log}/frontend-apache-access.log
error-log = $${directory:log}/frontend-apache-error.log
error-log = $${directory:log}/frontend-apache-error.log
pid-file = $${directory:run}/httpd.pid
pid-file = $${directory:run}/httpd.pid
cache-access-log = $${directory:log}/frontend-apache-access-cached.log
cache-error-log = $${directory:log}/frontend-apache-error-cached.log
cache-pid-file = $${directory:run}/httpd-cached.pid
# Create wrapper for "apachectl conftest" in bin
# Create wrapper for "apachectl conftest" in bin
...
@@ -106,40 +109,15 @@ certs = $${directory:ca-dir}/certs/
...
@@ -106,40 +109,15 @@ certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/
crl = $${directory:ca-dir}/crl/
[ca-frontend]
#[ca-frontend]
<= certificate-authority
#<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
#recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/apache_frontend.key
#key-file = $${cadirectory:certs}/apache_frontend.key
cert-file = $${cadirectory:certs}/apache_frontend.crt
#cert-file = $${cadirectory:certs}/apache_frontend.crt
executable = $${directory:service}/apache_frontend
#executable = $${directory:service}/apache_frontend
wrapper = $${directory:service}/apache_frontend
#wrapper = $${directory:service}/apache_frontend
# Put domain name
## Put domain name
name = $${instance-parameter:configuration.domain}
#name = $${instance-parameter:configuration.domain}
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
[stunnel]
recipe = slapos.cookbook:stunnel
stunnel-binary = ${stunnel:location}/bin/stunnel
wrapper = $${directory:bin}/stunnel
log-file = $${directory:log}/stunnel.log
config-file = $${directory:etc}/stunnel.conf
key-file = $${ca-stunnel:key-file}
cert-file = $${ca-stunnel:cert-file}
pid-file = $${directory:run}/stunnel.pid
local-port = $${squid-hardcoded:backend-port}
local-host = $${squid-hardcoded:backend-ip}
remote-host = $${squid-hardcoded:remote-host}
remote-port = $${squid-hardcoded:remote-port}
client = false
post-rotate-script = $${directory:bin}/stunnel_post_rotate
[cron]
[cron]
recipe = slapos.cookbook:cron
recipe = slapos.cookbook:cron
...
@@ -182,7 +160,7 @@ recipe = slapos.cookbook:logrotate.d
...
@@ -182,7 +160,7 @@ recipe = slapos.cookbook:logrotate.d
name = apache
name = apache
log = $${apache:error-log} $${apache:access-log}
log = $${apache:error-log} $${apache:access-log}
frequency = daily
frequency = daily
rotate-num = 30
rotate
p
-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${apache:pid-file} SIGUSR1
post = ${buildout:bin-directory}/killpidfromfile $${apache:pid-file} SIGUSR1
sharedscripts = true
sharedscripts = true
notifempty = true
notifempty = true
...
@@ -199,7 +177,7 @@ ip = $${squid-hardcoded:ip}
...
@@ -199,7 +177,7 @@ ip = $${squid-hardcoded:ip}
port = $${squid-hardcoded:port}
port = $${squid-hardcoded:port}
backend-ip = $${squid-hardcoded:backend-ip}
backend-ip = $${squid-hardcoded:backend-ip}
backend-port = $${squid-hardcoded:backend-port}
backend-port = $${squid-hardcoded:backend-port}
domain = $${squid-hardcoded:domain
}
public-ipv4 = $${instance-parameter:configuration.public-ipv4
}
access-log-path = $${directory:log}/squid-access.log
access-log-path = $${directory:log}/squid-access.log
cache-log-path = $${directory:log}/squid-cache.log
cache-log-path = $${directory:log}/squid-cache.log
pid-filename-path = $${directory:run}/squid.pid
pid-filename-path = $${directory:run}/squid.pid
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment