Commit ae95e8a4 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Put haproxy just before the backend

parent e80729b3
...@@ -40,6 +40,14 @@ md5sum = 7e3ee70c447f8203273d78f66ab519c3 ...@@ -40,6 +40,14 @@ md5sum = 7e3ee70c447f8203273d78f66ab519c3
_update_hash_filename_ = templates/Caddyfile.in _update_hash_filename_ = templates/Caddyfile.in
md5sum = f0faf6d2e6c187df7e25bf717676f9df md5sum = f0faf6d2e6c187df7e25bf717676f9df
[template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = 47048189fe1c3e02533d3db1146a55d5
[template-backend-haproxy-slave]
_update_hash_filename_ = templates/backend-haproxy-slave.cfg.in
md5sum = c4a7bff5c74fd98aa15ae8180d504c73
[caddy-backend-url-validator] [caddy-backend-url-validator]
filename = templates/caddy-backend-url-validator.in filename = templates/caddy-backend-url-validator.in
md5sum = 0979a03476e86bf038516c9565dadc17 md5sum = 0979a03476e86bf038516c9565dadc17
......
...@@ -10,6 +10,7 @@ extends = ...@@ -10,6 +10,7 @@ extends =
../../component/trafficserver/buildout.cfg ../../component/trafficserver/buildout.cfg
../../component/6tunnel/buildout.cfg ../../component/6tunnel/buildout.cfg
../../component/xz-utils/buildout.cfg ../../component/xz-utils/buildout.cfg
../../component/haproxy/buildout.cfg
../../stack/caucase/buildout.cfg ../../stack/caucase/buildout.cfg
# Monitoring stack (keep on bottom) # Monitoring stack (keep on bottom)
...@@ -94,6 +95,7 @@ bin_directory = ${buildout:bin-directory} ...@@ -94,6 +95,7 @@ bin_directory = ${buildout:bin-directory}
sixtunnel = ${6tunnel:location} sixtunnel = ${6tunnel:location}
caddy = ${caddy:output} caddy = ${caddy:output}
caddy_location = ${caddy:location} caddy_location = ${caddy:location}
haproxy_executable = ${haproxy2:location}/sbin/haproxy
curl = ${curl:location} curl = ${curl:location}
dash = ${dash:location} dash = ${dash:location}
gzip = ${gzip:location} gzip = ${gzip:location}
...@@ -110,6 +112,8 @@ xz_location = ${xz-utils:location} ...@@ -110,6 +112,8 @@ xz_location = ${xz-utils:location}
monitor_template = ${monitor-template:output} monitor_template = ${monitor-template:output}
template_cached_slave_virtualhost = ${template-cached-slave-virtualhost:target} template_cached_slave_virtualhost = ${template-cached-slave-virtualhost:target}
template_caddy_frontend_configuration = ${template-caddy-frontend-configuration:target} template_caddy_frontend_configuration = ${template-caddy-frontend-configuration:target}
template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target}
template_backend_haproxy_slave = ${template-backend-haproxy-slave:target}
template_graceful_script = ${template-graceful-script:target} template_graceful_script = ${template-graceful-script:target}
template_validate_script = ${template-validate-script:target} template_validate_script = ${template-validate-script:target}
template_rotate_script = ${template-rotate-script:target} template_rotate_script = ${template-rotate-script:target}
...@@ -178,6 +182,12 @@ mode = 640 ...@@ -178,6 +182,12 @@ mode = 640
[template-caddy-frontend-configuration] [template-caddy-frontend-configuration]
<=download-template <=download-template
[template-backend-haproxy-configuration]
<=download-template
[template-backend-haproxy-slave]
<=download-template
[template-not-found-html] [template-not-found-html]
<=download-template <=download-template
......
...@@ -37,6 +37,8 @@ parts = ...@@ -37,6 +37,8 @@ parts =
trafficserver-promise-listen-port trafficserver-promise-listen-port
trafficserver-promise-cache-availability trafficserver-promise-cache-availability
cron-entry-logrotate-trafficserver cron-entry-logrotate-trafficserver
## Backend haproxy
backend-haproxy
## Monitor for Caddy ## Monitor for Caddy
monitor-base monitor-base
monitor-ats-cache-stats-wrapper monitor-ats-cache-stats-wrapper
...@@ -73,6 +75,9 @@ csr_id = ${:srv}/csr_id ...@@ -73,6 +75,9 @@ csr_id = ${:srv}/csr_id
caddy-csr_id = ${:etc}/caddy-csr_id caddy-csr_id = ${:etc}/caddy-csr_id
caddy-csr_id-log = ${:log}/httpd-csr_id caddy-csr_id-log = ${:log}/httpd-csr_id
# backend-haproxy
backend-haproxy-configuration = ${:etc}/backend-haproxy.d
[switch-caddy-softwaretype] [switch-caddy-softwaretype]
recipe = slapos.cookbook:softwaretype recipe = slapos.cookbook:softwaretype
single-default = ${dynamic-custom-personal-template-slave-list:rendered} single-default = ${dynamic-custom-personal-template-slave-list:rendered}
...@@ -150,6 +155,7 @@ template-empty = {{ parameter_dict['template_empty'] }} ...@@ -150,6 +155,7 @@ template-empty = {{ parameter_dict['template_empty'] }}
template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }} template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }}
template-cached-slave-virtualhost = {{ parameter_dict['template_cached_slave_virtualhost'] }} template-cached-slave-virtualhost = {{ parameter_dict['template_cached_slave_virtualhost'] }}
caddy-location = {{ parameter_dict['caddy_location'] }} caddy-location = {{ parameter_dict['caddy_location'] }}
template-backend-haproxy-slave = {{ parameter_dict['template_backend_haproxy_slave'] }}
[kedifa-login-config] [kedifa-login-config]
d = ${directory:ca-dir} d = ${directory:ca-dir}
...@@ -212,7 +218,9 @@ kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt ...@@ -212,7 +218,9 @@ kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt
kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json
kedifa-csr = {{ parameter_dict['kedifa-csr'] }} kedifa-csr = {{ parameter_dict['kedifa-csr'] }}
service_directory = ${directory:service} service_directory = ${directory:service}
haproxy_executable = {{ parameter_dict['haproxy_executable'] }}
extra-context = extra-context =
import urlparse_module urlparse
key kedifa_caucase_ca_certificate kedifa-login-config:ca-certificate key kedifa_caucase_ca_certificate kedifa-login-config:ca-certificate
key kedifa_login_certificate kedifa-login-config:certificate key kedifa_login_certificate kedifa-login-config:certificate
key caddy_configuration_directory caddy-directory:slave-configuration key caddy_configuration_directory caddy-directory:slave-configuration
...@@ -275,6 +283,10 @@ extra-context = ...@@ -275,6 +283,10 @@ extra-context =
key bbb_ssl_directory directory:bbb-ssl-dir key bbb_ssl_directory directory:bbb-ssl-dir
key apache_certificate apache-certificate:rendered key apache_certificate apache-certificate:rendered
# BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
## backend haproxy
key haproxy_executable :haproxy_executable
key template_backend_haproxy_slave_configuration software-release-path:template-backend-haproxy-slave
key backend_haproxy_configuration_directory backend-haproxy-config:configuration-directory
# Deploy Caddy Frontend with Jinja power # Deploy Caddy Frontend with Jinja power
[dynamic-caddy-frontend-template] [dynamic-caddy-frontend-template]
...@@ -368,6 +380,8 @@ master-certificate = ${caddy-directory:master-autocert-dir}/master.pem ...@@ -368,6 +380,8 @@ master-certificate = ${caddy-directory:master-autocert-dir}/master.pem
cache-port = ${trafficserver-variable:input-port} cache-port = ${trafficserver-variable:input-port}
cache-through-port = 26011 cache-through-port = 26011
ssl-cache-through-port = 26012 ssl-cache-through-port = 26012
backend-haproxy-port = 21080
backend-haproxy-https-port = 21081
# BBB: SlapOS Master non-zero knowledge BEGIN # BBB: SlapOS Master non-zero knowledge BEGIN
[get-self-signed-fallback-access] [get-self-signed-fallback-access]
...@@ -728,6 +742,41 @@ extra-context = ...@@ -728,6 +742,41 @@ extra-context =
key http_port configuration:plain_http_port key http_port configuration:plain_http_port
key https_port configuration:port key https_port configuration:port
##<Backend haproxy>
[backend-haproxy-base-configuration]
< = jinja2-template-base
template = {{ parameter_dict['template_backend_haproxy_configuration'] }}
rendered = ${backend-haproxy-config:base-configuration}
extra-context =
[backend-haproxy-config]
base-configuration = ${directory:etc}/backend-haproxy.cfg
configuration-directory = ${directory:backend-haproxy-configuration}
pid-file = ${directory:var}/backend-haproxy.pid
[backend-haproxy-wrapper]
recipe = slapos.recipe.template:jinja2
template = inline:
#!/bin/sh
ulimit -n $(ulimit -Hn)
exec {{ parameter_dict['haproxy_executable'] }} \
-f ${backend-haproxy-config:base-configuration} \
-f ${backend-haproxy-config:configuration-directory} \
"$@"
rendered = ${directory:bin}/backend-haproxy-wrapper
mode = 0755
[backend-haproxy]
depends =
${backend-haproxy-base-configuration:rendered}
recipe = slapos.cookbook:wrapper
command-line = ${backend-haproxy-wrapper:rendered} -p ${backend-haproxy-config:pid-file}
wrapper-path = ${directory:service}/backend-haproxy
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
hash-files = ${backend-haproxy-wrapper:rendered}
##<Backend haproxy>
[configuration] [configuration]
{%- for key, value in instance_parameter.iteritems() -%} {%- for key, value in instance_parameter.iteritems() -%}
{%- if key.startswith('configuration.') %} {%- if key.startswith('configuration.') %}
......
...@@ -6,10 +6,14 @@ ...@@ -6,10 +6,14 @@
{% set cache_port = caddy_configuration.get('cache-port') %} {% set cache_port = caddy_configuration.get('cache-port') %}
{% set cached_port = caddy_configuration.get('cache-through-port') %} {% set cached_port = caddy_configuration.get('cache-through-port') %}
{% set ssl_cached_port = caddy_configuration.get('ssl-cache-through-port') %} {% set ssl_cached_port = caddy_configuration.get('ssl-cache-through-port') %}
{% set backend_haproxy_port = caddy_configuration.get('backend-haproxy-port') %}
{% set backend_haproxy_https_port = caddy_configuration.get('backend-haproxy-https-port') %}
{% set backend_haproxy_url = 'http://%s:%s' % (local_ipv4, backend_haproxy_port) %}
{% set backend_haproxy_https_url = 'http://%s:%s' % (local_ipv4, backend_haproxy_https_port) %}
{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) %} {% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) %}
{% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) %} {% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) %}
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] %} {% set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{% set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': local_ipv4, 'http_port': http_port, 'https_port': https_port} %} {% set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': local_ipv4, 'http_port': http_port, 'https_port': https_port, 'backend_haproxy_url': backend_haproxy_url, 'backend_haproxy_https_url': backend_haproxy_https_url } %}
{% set slave_log_dict = {} %} {% set slave_log_dict = {} %}
{% if extra_slave_instance_list %} {% if extra_slave_instance_list %}
{% set slave_instance_information_list = [] %} {% set slave_instance_information_list = [] %}
...@@ -51,6 +55,19 @@ create = true ...@@ -51,6 +55,19 @@ create = true
{# Loop thought slave list to set up slaves #} {# Loop thought slave list to set up slaves #}
{% for slave_instance in slave_instance_list %} {% for slave_instance in slave_instance_list %}
{# prepare everything #}
{%- set url_parsed = urlparse_module.urlparse(slave_instance.get('url', '')) %}
{%- do slave_instance.__setitem__('url_scheme', url_parsed.scheme) %}
{%- do slave_instance.__setitem__('url_hostname', url_parsed.hostname) %}
{%- do slave_instance.__setitem__('url_port', url_parsed.port) %}
{%- do slave_instance.__setitem__('url_path', url_parsed.path) %}
{%- do slave_instance.__setitem__('url_fragment', url_parsed.fragment) %}
{%- set https_url_parsed = urlparse_module.urlparse(slave_instance.get('https-url', '')) %}
{%- do slave_instance.__setitem__('https_url_scheme', https_url_parsed.scheme) %}
{%- do slave_instance.__setitem__('https_url_hostname', https_url_parsed.hostname) %}
{%- do slave_instance.__setitem__('https_url_port', https_url_parsed.port) %}
{%- do slave_instance.__setitem__('https_url_path', https_url_parsed.path) %}
{%- do slave_instance.__setitem__('https_url_fragment', https_url_parsed.fragment) %}
{# Manage ciphers #} {# Manage ciphers #}
{% set slave_ciphers = slave_instance.get('ciphers', '').strip().split() %} {% set slave_ciphers = slave_instance.get('ciphers', '').strip().split() %}
{% if slave_ciphers %} {% if slave_ciphers %}
...@@ -69,6 +86,7 @@ create = true ...@@ -69,6 +86,7 @@ create = true
{% set key_download_url = 'notreadyyet' %} {% set key_download_url = 'notreadyyet' %}
{% endif %} {% endif %}
{% set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %} {% set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %}
{% set slave_backend_haproxy_section_title = 'dynamic-template-slave-backend-haproxy-%s' % slave_reference %}
{% set slave_parameter_dict = generic_instance_parameter_dict.copy() %} {% set slave_parameter_dict = generic_instance_parameter_dict.copy() %}
{% set slave_publish_dict = {} %} {% set slave_publish_dict = {} %}
{% set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %} {% set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %}
...@@ -80,6 +98,7 @@ create = true ...@@ -80,6 +98,7 @@ create = true
{# extend parts #} {# extend parts #}
{% do part_list.extend([slave_ln_section]) %} {% do part_list.extend([slave_ln_section]) %}
{% do part_list.extend([slave_logrotate_section, slave_section_title]) %} {% do part_list.extend([slave_logrotate_section, slave_section_title]) %}
{% do part_list.extend([slave_logrotate_section, slave_backend_haproxy_section_title]) %}
{% set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %} {% set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
{% if enable_cache %} {% if enable_cache %}
...@@ -234,6 +253,10 @@ http_port = {{ dumps('' ~ http_port) }} ...@@ -234,6 +253,10 @@ http_port = {{ dumps('' ~ http_port) }}
local_ipv4 = {{ dumps('' ~ local_ipv4) }} local_ipv4 = {{ dumps('' ~ local_ipv4) }}
cached_port = {{ dumps('' ~ cached_port) }} cached_port = {{ dumps('' ~ cached_port) }}
ssl_cached_port = {{ ('' ~ ssl_cached_port) }} ssl_cached_port = {{ ('' ~ ssl_cached_port) }}
backend_haproxy_port = {{ ('' ~ backend_haproxy_port) }}
backend_haproxy_url = {{ ('' ~ backend_haproxy_url) }}
backend_haproxy_https_port = {{ ('' ~ backend_haproxy_https_port) }}
backend_haproxy_https_url = {{ ('' ~ backend_haproxy_https_url) }}
request_timeout = {{ ('' ~ request_timeout) }} request_timeout = {{ ('' ~ request_timeout) }}
{% for key, value in slave_instance.iteritems() %} {% for key, value in slave_instance.iteritems() %}
{% if value is not none %} {% if value is not none %}
...@@ -254,6 +277,15 @@ filename = {{ '%s.conf' % slave_reference }} ...@@ -254,6 +277,15 @@ filename = {{ '%s.conf' % slave_reference }}
{{ '\n' }} {{ '\n' }}
[{{ slave_backend_haproxy_section_title }}]
<= jinja2-template-base
filename = {{ '%s.cfg' % slave_reference }}
rendered = {{ backend_haproxy_configuration_directory }}/${:filename}
template = {{ template_backend_haproxy_slave_configuration }}
extra-context =
section slave_parameter {{ slave_configuration_section_name }}
import urlparse_module urlparse
{% set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %} {% set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %}
{% if monitor_ipv6_test %} {% if monitor_ipv6_test %}
{% set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %} {% set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %}
......
{%- set host_list = slave_parameter.get('server-alias', '').split() %}
{#- support https-url #}
{%- set url = slave_parameter.get('backend_url', slave_parameter.get('url', '')) %}
{%- set parsed = urlparse_module.urlparse(url) %}
{%- set backend_host = parsed.hostname %}
{%- set backend_port = parsed.port %}
{%- if parsed.scheme == 'https' %}
{#- support ssl_proxy_verify #}
{%- set ssl = 'ssl verify none' %}
{%- else %}
{%- set ssl = '' %}
{%- endif %}
{%- set https_url = slave_parameter.get('https_backend_url', slave_parameter.get('https-url', '')) %}
{%- set https_parsed = urlparse_module.urlparse(https_url) %}
{%- set https_backend_host = https_parsed.hostname %}
{%- set https_backend_port = https_parsed.port %}
{%- if https_parsed.scheme == 'https' %}
{#- support ssl_proxy_verify #}
{%- set https_ssl = 'ssl verify none' %}
{%- else %}
{%- set https_ssl = '' %}
{%- endif %}
{%- if slave_parameter.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_parameter.get('custom_domain')) %}
{%- endif %}
frontend {{ slave_parameter['slave_reference'] }}
bind {{ slave_parameter['local_ipv4'] }}:{{ slave_parameter['backend_haproxy_port'] }}
{%- for host in host_list %}
acl is_{{ slave_parameter['slave_reference'] }} hdr_beg(host) -i {{ host }}
{%- endfor %}
use_backend {{ slave_parameter['slave_reference'] }} if is_{{ slave_parameter['slave_reference'] }}
backend {{ slave_parameter['slave_reference'] }}
{%- if backend_host and backend_port %}
server backend {{ backend_host }}:{{ backend_port }} {{ ssl }}
{%- endif %}
frontend {{ slave_parameter['slave_reference'] }}-https
bind {{ slave_parameter['local_ipv4'] }}:{{ slave_parameter['backend_haproxy_https_port'] }}
{%- for host in host_list %}
acl is_{{ slave_parameter['slave_reference'] }}-https hdr_beg(host) -i {{ host }}
{%- endfor %}
use_backend {{ slave_parameter['slave_reference'] }}-https if is_{{ slave_parameter['slave_reference'] }}-https
backend {{ slave_parameter['slave_reference'] }}-https
{%- if https_backend_host and https_backend_port %}
server backend {{ https_backend_host }}:{{ https_backend_port }} {{ https_ssl }}
{%- endif %}
# NON PROD CONFIG
global
maxconn 4096
log stderr local0
defaults
log global
mode http
option httplog
option dontlognull
retries 1
option redispatch
maxconn 2000
cookie SERVERID rewrite
balance roundrobin
stats uri /haproxy
stats realm Global\ statistics
timeout server 305s
timeout queue 60s
timeout connect 5s
timeout client 305s
option httpclose
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment