Stop using apache frontend recipes, no more preconfiguration done by...

Stop using apache frontend recipes, no more preconfiguration done by apache_frontend, raw apache config is given by master

software/apache-frontend/apache-slave-list.cfg.in

+{% set cached_server_dict = {} -%}
+{% set part_list = [] -%}
+{% set instance_parameter_dict = {'cache_access': cache_access} -%}
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = {{ apache_configuration_directory }}/${:filename}
+extra-context =
+context =
+    key eggs_directory buildout:eggs-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    ${:extra-context}
+
+{% for slave_instance in slave_instance_list -%}
+
+{%   set slave_reference = slave_instance.get('slave_reference') -%}
+{%   set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference -%}
+{%   do part_list.append(slave_section_title) -%}
+[{{ slave_section_title }}]
+< = jinja2-template-base
+template = {{ template_slave_configuration }}
+filename = {{ '%s.conf' % slave_reference }}
+extra-context =
+    key apache_custom_https {{ 'slave-instance-%s-configuration:custom-https' % slave_reference }}
+    key apache_custom_http {{ 'slave-instance-%s-configuration:custom-http' % slave_reference }}
+    raw https_port {{ https_port }}
+    raw http_port {{ http_port }}
+{{ '\n' }}
+
+[{{ ('slave-instance-%s-configuration' % slave_reference) }}]
+{% set apache_custom_http = ((slave_instance.get('apache_custom_http', '')) % instance_parameter_dict) -%}
+{% set apache_custom_https = ((slave_instance.get('apache_custom_https', '')) % instance_parameter_dict) -%}
+custom-http = {{ dumps(apache_custom_http) }}
+custom-https = {{ dumps(apache_custom_https) }}
+{{ '\n' }}
+
+{%   if 'enable_cache' in slave_instance and 'url' in slave_instance and 'server_name' in slave_instance -%}
+{%     do cached_server_dict.update([(slave_instance.get('server_name'), slave_instance.get('url'))]) -%}
+{%   endif -%}
+
+{% endfor -%}
+
+
+{% do part_list.append('cached-rewrite-rules') -%}
+[cached-rewrite-rules]
+< = jinja2-template-base
+template = {{ template_rewrite_cached }}
+rendered = {{ rewrite_cached_configuration }}
+extra-context =
+    import json_module json
+    key server_dict rewrite-rules:rules
+
+[rewrite-rules]
+rules = {{ dumps(cached_server_dict) }}
+
+[buildout]
+parts +=
+{% for part in part_list -%}
+{{ '    %s' % part }}
+{% endfor -%}
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
+cache-access = {{ cache_access }}

software/apache-frontend/apache.conf.in

+# Apache configuration file for Zope
+# Automatically generated
+
+# Basic server configuration
+PidFile "{{ pid_file }}"
+ServerName {{ server_name }}
+DocumentRoot {{ document_root }}
+ServerRoot {{ instance_home }}
+
+{% for ip in (ipv4_addr, ipv6_addr) -%}
+{%   for port in (http_port, https_port) -%}
+{{ "Listen %s:%s" % (ip, port)  }}
+{%   endfor -%}
+{% endfor -%}
+
+ServerAdmin {{ server_admin }}
+DefaultType text/plain
+TypesConfig {{ httpd_home }}/conf/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+# As backend is trusting REMOTE_USER header unset it always
+RequestHeader unset REMOTE_USER
+
+ServerTokens Prod
+
+# Log configuration
+ErrorLog "{{ error_log }}"
+LogLevel warn
+# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b" common
+# CustomLog "{{ access_log }}" common
+LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+CustomLog "{{ access_log }}" combined
+
+<Directory {{ protected_path }}>
+  Order Deny,Allow
+  Allow from {{ access_control_string }}
+</Directory>
+
+<Directory {{ document_root }}>
+  Order Allow,Deny
+  Allow from All
+</Directory>
+
+# List of modules
+#LoadModule unixd_module modules/mod_unixd.so
+#LoadModule access_compat_module modules/mod_access_compat.so
+#LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_host_module  {{ httpd_home }}/modules/mod_authz_host.so
+LoadModule log_config_module  {{ httpd_home }}/modules/mod_log_config.so
+LoadModule deflate_module     {{ httpd_home }}/modules/mod_deflate.so
+LoadModule setenvif_module    {{ httpd_home }}/modules/mod_setenvif.so
+LoadModule version_module     {{ httpd_home }}/modules/mod_version.so
+LoadModule proxy_module       {{ httpd_home }}/modules/mod_proxy.so
+LoadModule proxy_http_module  {{ httpd_home }}/modules/mod_proxy_http.so
+LoadModule ssl_module         {{ httpd_home }}/modules/mod_ssl.so
+LoadModule mime_module        {{ httpd_home }}/modules/mod_mime.so
+LoadModule dav_module         {{ httpd_home }}/modules/mod_dav.so
+LoadModule dav_fs_module      {{ httpd_home }}/modules/mod_dav_fs.so
+LoadModule negotiation_module {{ httpd_home }}/modules/mod_negotiation.so
+LoadModule rewrite_module     {{ httpd_home }}/modules/mod_rewrite.so
+LoadModule headers_module     {{ httpd_home }}/modules/mod_headers.so
+LoadModule cache_module       {{ httpd_home }}/modules/mod_cache.so
+LoadModule mem_cache_module   {{ httpd_home }}/modules/mod_mem_cache.so
+LoadModule antiloris_module   {{ httpd_home }}/modules/mod_antiloris.so
+
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
+                        downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+# The following directive disables redirects on non-GET requests for
+# a directory that does not include the trailing slash.  This fixes a
+# problem with Microsoft WebFolders which does not appropriately handle
+# redirects for folders with DAV methods.
+# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
+BrowserMatch "^gnome-vfs" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+
+# Cache directives
+CacheEnable mem /
+CacheDefaultExpire 3600
+MCacheSize 8192
+MCacheMaxObjectCount 1000
+MCacheMaxObjectSize 8192
+MCacheRemovalAlgorithm LRU
+
+# Deflate
+AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
+BrowserMatch ^Mozilla/4 gzip-only-text/html
+BrowserMatch ^Mozilla/4\.0[678] no-gzip
+BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+# SSL Configuration
+SSLCertificateFile {{ login_certificate }}
+SSLCertificateKeyFile {{ login_key }}
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+SSLRandomSeed startup /dev/urandom 256
+SSLRandomSeed connect builtin
+SSLProtocol -ALL +SSLv3 +TLSv1
+SSLHonorCipherOrder On
+SSLCipherSuite RC4-SHA:HIGH:!ADH
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+      SSLOptions +StdEnvVars
+</FilesMatch>
+# Accept proxy to sites using self-signed SSL certificates
+SSLProxyCheckPeerCN off
+SSLProxyCheckPeerExpire off
+
+NameVirtualHost *:{{ http_port }}
+NameVirtualHost *:{{ https_port }}
+include {{ slave_configuration_directory }}/*.conf
\ No newline at end of file

software/apache-frontend/apache_cached.conf.in

+# Apache configuration file for Zope
+# Automatically generated
+
+# Basic server configuration
+PidFile "{{ pid_file }}"
+ServerName {{ server_name }}
+DocumentRoot {{ document_root }}
+ServerRoot {{ instance_home }}
+
+{{ "Listen %s:%s" % (ipv4_addr, cached_port)  }}
+
+ServerAdmin {{ server_admin }}
+DefaultType text/plain
+TypesConfig {{ httpd_home }}/conf/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+# As backend is trusting REMOTE_USER header unset it always
+RequestHeader unset REMOTE_USER
+
+ServerTokens Prod
+
+# Log configuration
+ErrorLog "{{ error_log }}"
+LogLevel warn
+# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b" common
+# CustomLog "{{ access_log }}" common
+LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+CustomLog "{{ access_log }}" combined
+
+<Directory {{ protected_path }}>
+  Order Deny,Allow
+  Allow from {{ access_control_string }}
+</Directory>
+
+<Directory {{ document_root }}>
+  Order Allow,Deny
+  Allow from All
+</Directory>
+
+# List of modules
+#LoadModule unixd_module modules/mod_unixd.so
+#LoadModule access_compat_module modules/mod_access_compat.so
+#LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_host_module  {{ httpd_home }}/modules/mod_authz_host.so
+LoadModule log_config_module  {{ httpd_home }}/modules/mod_log_config.so
+LoadModule deflate_module     {{ httpd_home }}/modules/mod_deflate.so
+LoadModule setenvif_module    {{ httpd_home }}/modules/mod_setenvif.so
+LoadModule version_module     {{ httpd_home }}/modules/mod_version.so
+LoadModule proxy_module       {{ httpd_home }}/modules/mod_proxy.so
+LoadModule proxy_http_module  {{ httpd_home }}/modules/mod_proxy_http.so
+LoadModule ssl_module         {{ httpd_home }}/modules/mod_ssl.so
+LoadModule mime_module        {{ httpd_home }}/modules/mod_mime.so
+LoadModule dav_module         {{ httpd_home }}/modules/mod_dav.so
+LoadModule dav_fs_module      {{ httpd_home }}/modules/mod_dav_fs.so
+LoadModule negotiation_module {{ httpd_home }}/modules/mod_negotiation.so
+LoadModule rewrite_module     {{ httpd_home }}/modules/mod_rewrite.so
+LoadModule headers_module     {{ httpd_home }}/modules/mod_headers.so
+LoadModule cache_module       {{ httpd_home }}/modules/mod_cache.so
+LoadModule mem_cache_module   {{ httpd_home }}/modules/mod_mem_cache.so
+LoadModule antiloris_module   {{ httpd_home }}/modules/mod_antiloris.so
+
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
+                        downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+# The following directive disables redirects on non-GET requests for
+# a directory that does not include the trailing slash.  This fixes a
+# problem with Microsoft WebFolders which does not appropriately handle
+# redirects for folders with DAV methods.
+# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
+BrowserMatch "^gnome-vfs" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+
+# Cache directives
+CacheEnable mem /
+CacheDefaultExpire 3600
+MCacheSize 8192
+MCacheMaxObjectCount 1000
+MCacheMaxObjectSize 8192
+MCacheRemovalAlgorithm LRU
+
+# Deflate
+AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
+BrowserMatch ^Mozilla/4 gzip-only-text/html
+BrowserMatch ^Mozilla/4\.0[678] no-gzip
+BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+# SSL Configuration
+SSLCertificateFile {{ login_certificate }}
+SSLCertificateKeyFile {{ login_key }}
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+SSLRandomSeed startup /dev/urandom 256
+SSLRandomSeed connect builtin
+SSLProtocol -ALL +SSLv3 +TLSv1
+SSLHonorCipherOrder On
+SSLCipherSuite RC4-SHA:HIGH:!ADH
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+      SSLOptions +StdEnvVars
+</FilesMatch>
+# Accept proxy to sites using self-signed SSL certificates
+SSLProxyCheckPeerCN off
+SSLProxyCheckPeerExpire off
+
+# Only accept generic (i.e not Zope) backends on http
+<VirtualHost *:{{ cached_port }}>
+  SSLProxyEngine on
+  # Rewrite part
+  ProxyVia On
+  ProxyPreserveHost On
+  ProxyTimeout 600
+  RewriteEngine On
+
+  RewriteMap apachemapcached txt:{{ apachecachedmap_path }}
+  RewriteCond ${apachemapcached:%{SERVER_NAME}} >""
+  RewriteRule ^/(.*)$ ${apachemapcached:%{SERVER_NAME}}/$1 [L,P]
+
+  # If nothing exist : put a nice error
+  ErrorDocument 404 /notfound.html
+</VirtualHost>

software/apache-frontend/apache_cached_rewrite.txt.in

+{% for server_tuple in server_dict.items() -%}
+{{ "%s %s" % server_tuple }}
+{% endfor -%}

software/apache-frontend/common.cfg

@@ -58,4 +58,31 @@ recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg
 #md5sum = 07e51c4be2c298db3bca151605698130
 output = ${buildout:directory}/template.cfg
-mode = 0644
\ No newline at end of file
+mode = 0644
+
+[template-slave-list]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/apache-slave-list.cfg.in
+#md5sum = 53492e520be57f4c6a9eacd107c8d446
+mode = 640
+
+[template-slave-configuration]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/slave-virtualhost.conf.in
+#md5sum = 53492e520be57f4c6a9eacd107c8d446
+mode = 640
+
+[template-apache-frontend-configuration]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/apache.conf.in
+mode = 640
+
+[template-apache-cached-configuration]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/apache_cached.conf.in
+mode = 640
+
+[template-rewrite-cached]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/apache_cached_rewrite.txt.in
+mode = 640

software/apache-frontend/instance.cfg

@@ -9,7 +9,10 @@ parts =
   certificate-authority
   squid-cache
   logrotate-entry-apache
-  apache
+  apache-frontend
+  apache-cached
+
+  switch-softwaretype
 
 eggs-directory = ${buildout:eggs-directory}
 develop-eggs-directory = ${buildout:develop-eggs-directory}
@@ -38,6 +41,9 @@ ca-dir = $${:srv}/ssl
 
 squid-cache = $${:srv}/squid_cache
 
+[switch-softwaretype]
+recipe = slapos.cookbook:softwaretype
+default = $${dynamic-template-slave-list:rendered}
 
 [instance-parameter]
 # Fetches parameters defined in SlapOS Master for this instance.
@@ -48,7 +54,6 @@ partition = $${slap_connection:partition_id}
 url = $${slap_connection:server_url}
 key = $${slap_connection:key_file}
 cert = $${slap_connection:cert_file}
-
 # Define default parameter(s) that will be used later, in case user didn't
 # specify it
 # All parameters are available through the configuration.XX syntax.
@@ -56,38 +61,134 @@ cert = $${slap_connection:cert_file}
 configuration.domain = "example.org"
 configuration.public-ipv4 = ''
 configuration.port = 4443
-configuration.plain_http_port = ''
-
-
-# Deploy Apache (old way, with monolithic recipe)
-[apache]
-recipe = slapos.cookbook:apache.frontend
-httpd_home = ${apache-2.2:location}
-httpd_binary = ${apache-2.2:location}/bin/httpd
-logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
-openssl_binary = ${openssl:location}/bin/openssl
-dcrond_binary = ${dcron:location}/sbin/crond
-squid_binary = ${squid:location}/sbin/squid
-stunnel_binary = ${stunnel:location}/bin/stunnel
-rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
-gcc_binary = gcc
-binutils_directory = ${binutils:location}/bin/
-ca_dir = $${certificate-authority:ca-dir}
-cert_path = $${ca-frontend:cert-file}
-key_path = $${ca-frontend:key-file}
-ca_crl = $${certificate-authority:ca-crl}
+configuration.plain_http_port = 8080
+configuration.server-admin = admin@example.com
+
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = $${buildout:directory}/$${:filename}
+extra-context =
+context =
+    key eggs_directory buildout:eggs-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key slap_software_type instance-parameter:slap-software-type
+    key slapparameter_dict instance-parameter:configuration
+    $${:extra-context}
+
+[dynamic-template-slave-list]
+< = jinja2-template-base
+template = ${template-slave-list:target}
+filename = instance-slave-list.cfg
+extensions = jinja2.ext.do
+extra-context =
+    key apache_configuration_directory apache-directory:slave-configuration
+    key http_port instance-parameter:configuration.plain_http_port
+    key https_port instance-parameter:configuration.port
+    key slave_instance_list instance-parameter:slave-instance-list
+    key rewrite_cached_configuration apache-configuration:cached-rewrite-file
+    raw cache_access http://$${instance-parameter:ipv4-random}:$${apache-configuration:cache-port}
+    raw template_slave_configuration ${template-slave-configuration:target}
+    raw template_rewrite_cached ${template-rewrite-cached:target}
+
+# Deploy Apache Frontend (new way, no recipe, jinja power)
+[dynamic-apache-frontend-template]
+< = jinja2-template-base
+template = ${template-apache-frontend-configuration:target}
+rendered = $${apache-configuration:frontend-configuration}
+extra-context =
+    raw httpd_home ${apache-2.2:location}
+    key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
+    key server_name instance-parameter:configuration.domain
+    key document_root apache-directory:document-root
+    key instance_home buildout:directory
+    key ipv4_addr instance-parameter:ipv4-random
+    key ipv6_addr instance-parameter:ipv6-random
+    key http_port instance-parameter:configuration.plain_http_port
+    key https_port instance-parameter:configuration.port
+    key server_admin instance-parameter:configuration.server-admin
+    key protected_path apache-configuration:protected-path
+    key access_control_string apache-configuration:access-control-string
+    key login_certificate ca-frontend:cert-file
+    key login_key ca-frontend:key-file
+    key ca_dir  certificate-authority:ca-dir
+    key ca_crl certificate-authority:ca-crl
+    key access_log apache-configuration:access-log
+    key error_log apache-configuration:error-log
+    key pid_file apache-configuration:pid-file
+    key slave_configuration_directory apache-directory:slave-configuration
+
+[apache-frontend]
+recipe = slapos.cookbook:wrapper
+command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-frontend-template:rendered} -DFOREGROUND
+wrapper-path = $${directory:service}/frontend_apache
+wait-for-files =
+	       $${ca-frontend:cert-file}
+	       $${ca-frontend:key-file}
+
+# Deploy Apache for cached website
+[dynamic-apache-cached-template]
+< = jinja2-template-base
+template = ${template-apache-cached-configuration:target}
+rendered = $${apache-configuration:cached-configuration}
+extra-context =
+    raw httpd_home ${apache-2.2:location}
+    key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
+    key server_name instance-parameter:configuration.domain
+    key document_root apache-directory:document-root
+    key instance_home buildout:directory
+    key ipv4_addr instance-parameter:ipv4-random
+    key cached_port apache-configuration:cache-through-port
+    key server_admin instance-parameter:configuration.server-admin
+    key protected_path apache-configuration:protected-path
+    key access_control_string apache-configuration:access-control-string
+    key login_certificate ca-frontend:cert-file
+    key login_key ca-frontend:key-file
+    key ca_dir  certificate-authority:ca-dir
+    key ca_crl certificate-authority:ca-crl
+    key access_log apache-configuration:cache-access-log
+    key error_log apache-configuration:cache-error-log
+    key pid_file apache-configuration:cache-pid-file
+    key apachecachedmap_path apache-configuration:cached-rewrite-file
+
+[apache-cached]
+recipe = slapos.cookbook:wrapper
+command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-cached-template:rendered} -DFOREGROUND
+wrapper-path = $${directory:service}/frontend_cached_apache
+wait-for-files =
+	       $${ca-frontend:cert-file}
+	       $${ca-frontend:key-file}
+
+[apache-directory]
+recipe = slapos.cookbook:mkdirectory
+document-root = $${directory:srv}/htdocs
+slave-configuration = $${directory:srv}/apache-slave-conf.d/
+cache = $${directory:var}/cache
+mod-ssl = $${:cache}/httpd_mod_ssl
+
+[apache-configuration]
+frontend-configuration = $${directory:etc}/apache_frontend.conf
+cached-configuration = $${directory:etc}/apache_frontend_cached.conf
 access-log = $${directory:log}/frontend-apache-access.log
 error-log = $${directory:log}/frontend-apache-error.log
 pid-file = $${directory:run}/httpd.pid
+protected-path = /
+access-control-string = none
+cached-rewrite-file = $${directory:etc}/apache_rewrite_cached.txt
+
+# Apache for cache configuration
 cache-access-log = $${directory:log}/frontend-apache-access-cached.log
 cache-error-log = $${directory:log}/frontend-apache-error-cached.log
 cache-pid-file = $${directory:run}/httpd-cached.pid
 
+# Comunication with squid
+cache-port = 26010
+cache-through-port = 26011
+
 
 # Create wrapper for "apachectl conftest" in bin
 [configtest]
 recipe = slapos.cookbook:wrapper
-command-line = $${apache:httpd_binary} -f $${directory:etc}/apache_frontend.conf -t
+command-line = ${apache-2.2:location}/bin/httpd -f $${directory:etc}/apache_frontend.conf -t
 wrapper-path = $${directory:bin}/apache-configtest
 
 [certificate-authority]
@@ -109,15 +210,15 @@ certs = $${directory:ca-dir}/certs/
 newcerts = $${directory:ca-dir}/newcerts/
 crl = $${directory:ca-dir}/crl/
 
-#[ca-frontend]
-#<= certificate-authority
-#recipe = slapos.cookbook:certificate_authority.request
-#key-file = $${cadirectory:certs}/apache_frontend.key
-#cert-file = $${cadirectory:certs}/apache_frontend.crt
-#executable = $${directory:service}/apache_frontend
-#wrapper = $${directory:service}/apache_frontend
-## Put domain name
-#name = $${instance-parameter:configuration.domain}
+[ca-frontend]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+key-file = $${cadirectory:certs}/apache_frontend.key
+cert-file = $${cadirectory:certs}/apache_frontend.crt
+executable = $${directory:service}/frontend_apache
+wrapper = $${directory:service}/frontend_apache
+# Put domain name
+name = $${instance-parameter:configuration.domain}
 
 [cron]
 recipe = slapos.cookbook:cron
@@ -158,10 +259,10 @@ state-file = $${directory:srv}/logrotate.status
 <= logrotate
 recipe = slapos.cookbook:logrotate.d
 name = apache
-log = $${apache:error-log} $${apache:access-log}
+log = $${apache-configuration:error-log} $${apache-configuration:access-log}
 frequency = daily
 rotatep-num = 30
-post = ${buildout:bin-directory}/killpidfromfile $${apache:pid-file} SIGUSR1
+post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGUSR1
 sharedscripts = true
 notifempty = true
 create = true
@@ -173,20 +274,11 @@ wrapper-path = $${directory:service}/squid
 binary-path = ${squid:location}/sbin/squid
 conf-path = $${directory:etc}/squid.cfg
 cache-path = $${directory:squid-cache}
-ip = $${squid-hardcoded:ip}
-port = $${squid-hardcoded:port}
-backend-ip = $${squid-hardcoded:backend-ip}
-backend-port = $${squid-hardcoded:backend-port}
+ip = $${instance-parameter:ipv4-random}
+port = $${apache-configuration:cache-port}
+backend-ip = $${instance-parameter:ipv4-random}
+backend-port = $${apache-configuration:cache-through-port}
 public-ipv4 = $${instance-parameter:configuration.public-ipv4}
 access-log-path = $${directory:log}/squid-access.log
 cache-log-path = $${directory:log}/squid-cache.log
 pid-filename-path = $${directory:run}/squid.pid
-
-[squid-hardcoded]
-ip = 10.0.24.140
-port = 26010
-backend-ip = 10.0.24.140
-backend-port = 26011
-domain = softinst34784.bateau.org
-remote-host = 2001:470:1f14:169:d418:9eb7:1bea:8983
-remote-port = 16001
\ No newline at end of file

software/apache-frontend/slave-virtualhost.conf.in

+<VirtualHost *:{{ https_port }}>
+{{ apache_custom_https }}
+</VirtualHost>
+
+<VirtualHost *:{{ http_port }}>
+{{ apache_custom_http }}
+</VirtualHost>