Commit 19d8d193 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Drop customized configuration support

Customized configuration support is not used since introduction of
Caddy software, so there is no need to support it anymore.
parent be81cf88
......@@ -237,14 +237,6 @@ Will append the specified path to the "VirtualHostRoot" of the zope's VirtualHos
"path" is an optional parameter, ignored if not specified.
Example of value: "/erp5/web_site_module/hosting/"
caddy_custom_https
~~~~~~~~~~~~~~~~~~
Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the https port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above.
caddy_custom_http
~~~~~~~~~~~~~~~~~
Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the http port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above
url
~~~
Necessary to activate cache. ``url`` of backend to use.
......@@ -359,33 +351,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234",
"caddy_custom_https":'
https://www.example.com:%(https_port)s, https://example.com:%(https_port)s {
bind %(local_ipv4)s
tls %(certificate)s %(certificate)s
log / %(access_log)s {combined}
errors %(error_log)s
proxy / https://[1:2:3:4:5:6:7:8]:1234 {
transparent
timeout 600s
insecure_skip_verify
}
}
"caddy_custom_http":'
http://www.example.com:%(http_port)s, http://example.com:%(http_port)s {
bind %(local_ipv4)s
log / %(access_log)s {combined}
errors %(error_log)s
proxy / https://[1:2:3:4:5:6:7:8]:1234/ {
transparent
timeout 600s
insecure_skip_verify
}
}
Simple Cache Example - XXX - to be written
------------------------------------------
......@@ -402,40 +367,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
"domain": "www.example.org",
"enable_cache": "True",
"caddy_custom_https":'
ServerName www.example.org
ServerAlias www.example.org
ServerAlias example.org
ServerAdmin geronimo@example.org
SSLEngine on
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
RewriteRule ^/(.*) %(cache_access)s/$1 [L,P]',
"caddy_custom_http":'
ServerName www.example.org
ServerAlias www.example.org
ServerAlias example.org
ServerAdmin geronimo@example.org
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
RewriteRule ^/(.*) %(cache_access)s/$1 [L,P],
}
)
Advanced example - XXX - to be written
--------------------------------------
......@@ -457,56 +388,6 @@ the proxy::
"path":"/erp5",
"domain":"example.org",
"caddy_custom_https":'
ServerName www.example.org
ServerAlias www.example.org
ServerAdmin example.org
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
# Use personal ssl certificates
SSLCertificateFile %(ssl_crt)s
SSLCertificateKeyFile %(ssl_key)s
SSLCACertificateFile %(ssl_ca_crt)s
SSLCertificateChainFile %(ssl_ca_crt)s
# Configure personal logs
ErrorLog "%(error_log)s"
LogLevel info
LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_log)s" combined
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Redirect / to /index.html
RewriteRule ^/$ /index.html [R=302,L]
# Use cache
RewriteRule ^/(.*) %(cache_access)s/VirtualHostBase/https/www.example.org:443/erp5/VirtualHostRoot/$1 [L,P]',
"caddy_custom_http":'
ServerName www.example.org
ServerAlias www.example.org
ServerAlias example.org
ServerAdmin geronimo@example.org
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Configure personal logs
ErrorLog "%(error_log)s"
LogLevel info
LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_log)s" combined
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
RewriteRule ^/(.*)$ https://%%{SERVER_NAME}%%{REQUEST_URI}',
"ssl_key":"-----BEGIN RSA PRIVATE KEY-----
XXXXXXX..........XXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----",
......
......@@ -14,7 +14,7 @@
# not need these here).
[template]
filename = instance.cfg.in
md5sum = 816bc8179cf4195a35e07f22c36679fa
md5sum = a351f22e3f74cb3c76ac92ac482c1ecc
[template-common]
filename = instance-common.cfg.in
......@@ -22,19 +22,15 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend]
filename = instance-apache-frontend.cfg.in
md5sum = 60aefa15002b04665a95a6c197eac5ab
md5sum = cbdf668a230bf6e95b52cb94111f94e0
[template-caddy-replicate]
filename = instance-apache-replicate.cfg.in
md5sum = 087bd9404cd120bd7602a9fbfcddc064
md5sum = a544bf7586f5945bbf108abe9818c7dd
[template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
md5sum = d96fea7dd4d7f0a157c86d25a263d8e1
[template-slave-configuration]
filename = templates/custom-virtualhost.conf.in
md5sum = 54ae95597a126ae552c3a913ddf29e5e
md5sum = 7f63eaa17c6bfa86b3810456414a39e5
[template-replicate-publish-slave-information]
filename = templates/replicate-publish-slave-information.cfg.in
......
......@@ -119,7 +119,6 @@ template_default_slave_virtualhost = ${template-default-slave-virtualhost:target
template_empty = ${template-empty:target}
template_log_access = ${template-log-access:target}
template_not_found_html = ${template-not-found-html:target}
template_slave_configuration = ${template-slave-configuration:target}
template_slave_list = ${template-slave-list:target}
template_trafficserver_records_config = ${template-trafficserver-records-config:location}
template_trafficserver_records_config_filename = ${template-trafficserver-records-config:filename}
......@@ -179,10 +178,6 @@ mode = 640
<=download-template
filename = apache-custom-slave-list.cfg.in
[template-slave-configuration]
<=download-template
filename = custom-virtualhost.conf.in
[template-replicate-publish-slave-information]
<=download-template
filename = replicate-publish-slave-information.cfg.in
......
......@@ -147,7 +147,6 @@ context =
[software-release-path]
template-empty = {{ parameter_dict['template_empty'] }}
template-slave-configuration = {{ parameter_dict['template_slave_configuration'] }}
template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }}
template-cached-slave-virtualhost = {{ parameter_dict['template_cached_slave_virtualhost'] }}
caddy-location = {{ parameter_dict['caddy_location'] }}
......@@ -249,7 +248,6 @@ extra-context =
key local_ipv6 :local_ipv6
key global_ipv6 slap-network-information:global-ipv6
key empty_template software-release-path:template-empty
key template_custom_slave_configuration software-release-path:template-slave-configuration
key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
key template_cached_slave_configuration software-release-path:template-cached-slave-virtualhost
key software_type :software_type
......@@ -278,19 +276,6 @@ extra-context =
key apache_certificate apache-certificate:rendered
# BBB: SlapOS Master non-zero knowledge END
[dynamic-virtualhost-template-slave]
<= jinja2-template-base
template = {{ parameter_dict['template_slave_configuration'] }}
rendered = ${directory:template}/slave-virtualhost.conf.in
# BBB: apache_custom_https and apache_custom_http
extra-context =
key https_port configuration:port
key http_port configuration:plain_http_port
key apache_custom_https configuration:apache_custom_https
key apache_custom_http configuration:apache_custom_http
key caddy_custom_https configuration:caddy_custom_https
key caddy_custom_http configuration:caddy_custom_http
# Deploy Caddy Frontend with Jinja power
[dynamic-caddy-frontend-template]
< = jinja2-template-base
......
......@@ -78,13 +78,12 @@ context =
}) %}
{% endfor %}
{% set authorized_slave_string_list = slapparameter_dict.pop('-frontend-authorized-slave-string', '').split() %}
{% set authorized_slave_string_list = [] %}
{% set authorized_slave_list = [] %}
{% set rejected_slave_dict = {} %}
{% set rejected_slave_title_dict = {} %}
{% set warning_slave_dict = {} %}
{% set used_host_list = [] %}
{% set unauthorized_message = 'slave not authorized' %}
{% for slave in sorted(slave_instance_list) %}
{% set slave_error_list = [] %}
{% set slave_warning_list = [] %}
......@@ -104,7 +103,6 @@ context =
{% endif %}
{% endfor %}
{% endif %}
{# BBB: apache_custom_https AND apache_custom_http #}
{% set custom_domain = slave.get('custom_domain') %}
{% if custom_domain and custom_domain in used_host_list %}
{% do slave_error_list.append('custom_domain %r clashes' % (custom_domain,)) %}
......@@ -133,15 +131,6 @@ context =
{% endfor %}
{% do slave.__setitem__('server-alias', ' '.join(slave_server_alias_unclashed)) %}
{% endif %}
{% for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] %}
{% if slave.get(key) %}
{% if not slave.get('slave_reference') in authorized_slave_string_list %}
{% if not unauthorized_message in slave_error_list %}
{% do slave_error_list.append(unauthorized_message) %}
{% endif %}
{% endif %}
{% endif %}
{% endfor %} {# for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] #}
{% if slave.get('url') %}
{% if subprocess_module.call([caddy_backend_url_validator, '' ~ slave['url']]) == 1 %}
{% do slave_error_list.append('slave url %r invalid' % (slave['url'],)) %}
......
{
"$schema": "http://json-schema.org/draft-04/schema",
"properties": {
"-frontend-authorized-slave-string": {
"description": "List of SOFTINST-XXX of Slaves, separated by space which is allowed to use custom configuration.",
"title": "Authorized Slave String",
"type": "string"
},
"-frontend-quantity": {
"description": "Quantity of Frontends Replicate.",
"title": "Frontend Replication Quantity",
......
......@@ -53,20 +53,6 @@
"title": "HTTPS Only",
"type": "string"
},
"caddy_custom_http": {
"default": "",
"description": "Raw http configuration in python template format. Your site will be rejected if you use it without notification and approval of frontend administrators",
"textarea": true,
"title": "HTTP configuration",
"type": "string"
},
"caddy_custom_https": {
"default": "",
"description": "Raw https configuration in python template format. Your site will be rejected if you use it without notification and approval of frontend administrators",
"textarea": true,
"title": "HTTPS configuration",
"type": "string"
},
"default-path": {
"default": "",
"description": "Provide default path to redirect user to when user access / (the site root)",
......
......@@ -103,11 +103,6 @@ configuration.nginx_port = 9443
configuration.kedifa_port = 7879
# Warning: Caucase takes also cacuase_port+1
configuration.caucase_port = 8890
# BBB: apache_custom_https and apache_custom_http
configuration.apache_custom_https = ""
configuration.apache_custom_http = ""
configuration.caddy_custom_https = ""
configuration.caddy_custom_http = ""
configuration.apache-key =
configuration.apache-certificate =
configuration.open-port = 80 443
......
......@@ -134,13 +134,10 @@ create = true
{% do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) %}
{% endif %}
{# BBB: apache_custom_https and apache_custom_http #}
{% if not slave_instance.has_key('caddy_custom_http') and not slave_instance.has_key('caddy_custom_https') and not slave_instance.has_key('apache_custom_http') and not slave_instance.has_key('apache_custom_https') %}
{% do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) %}
{% do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
{% do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
{% do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
{% endif %}
[slave-log-directory-dict]
{{slave_reference}} = {{ slave_log_folder }}
......@@ -238,22 +235,6 @@ local_ipv4 = {{ dumps('' ~ local_ipv4) }}
cached_port = {{ dumps('' ~ cached_port) }}
ssl_cached_port = {{ ('' ~ ssl_cached_port) }}
request_timeout = {{ ('' ~ request_timeout) }}
{# BBB: apache_custom_https and apache_custom_http #}
{% set caddy_custom_http_template = slave_instance.pop('caddy_custom_http', slave_instance.pop('apache_custom_http', '')) %}
{% set caddy_custom_https_template = slave_instance.pop('caddy_custom_https', slave_instance.pop('apache_custom_https', '')) %}
{% if caddy_custom_http_template is not none %}
{% set caddy_custom_http = ('' ~ caddy_custom_http_template) % slave_parameter_dict %}
caddy_custom_http = {{ dumps(caddy_custom_http) }}
{% else %}
{% set caddy_custom_http = None %}
{% endif %}
{% if caddy_custom_https_template is not none %}
{% set caddy_custom_https = ('' ~ caddy_custom_https_template) % slave_parameter_dict %}
caddy_custom_https = {{ dumps(caddy_custom_https) }}
{% else %}
{% set caddy_custom_https = None %}
{% endif %}
{{ '\n' }}
{% for key, value in slave_instance.iteritems() %}
{% if value is not none %}
{{ key }} = {{ dumps('' ~ value) }}
......@@ -264,16 +245,10 @@ caddy_custom_https = {{ dumps(caddy_custom_https) }}
< = jinja2-template-base
rendered = {{ caddy_configuration_directory }}/${:filename}
{% if caddy_custom_http or caddy_custom_https %}
template = {{ template_custom_slave_configuration }}
extra-context =
section slave_parameter {{ slave_configuration_section_name }}
{% else %}
template = {{ template_default_slave_configuration }}
extra-context =
section slave_parameter {{ slave_configuration_section_name }}
import urllib_module urllib
{% endif %}
filename = {{ '%s.conf' % slave_reference }}
{{ '\n' }}
......
{{ slave_parameter.get('caddy_custom_https', '') }}
{{ slave_parameter.get('caddy_custom_http', '') }}
This diff is collapsed.
......@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_Url_access_log
T-2/var/log/httpd/_Url_error_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_access_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_error_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_access_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_error_log
T-2/var/log/httpd/_ciphers_access_log
T-2/var/log/httpd/_ciphers_error_log
T-2/var/log/httpd/_custom_domain_access_log
......
......@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_Url_access_log
T-2/var/log/httpd/_Url_error_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_access_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_error_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_access_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_error_log
T-2/var/log/httpd/_ciphers_access_log
T-2/var/log/httpd/_ciphers_error_log
T-2/var/log/httpd/_custom_domain_access_log
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment