caddy-frontend: Server on IPv6

Caddy is able to bind only to all or one interface
( https://github.com/mholt/caddy/issues/864 )

By using 6tunnel this limitation is workarounded, and in the result listen on IPv6.

Also drop needless "ipv6" keys across configuration.

software/caddy-frontend/buildout.hash.cfg

@@ -18,7 +18,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
 
 [template-apache-frontend]
 filename = instance-apache-frontend.cfg
-md5sum = 7414a34216db1cce54b38b59fc762141
+md5sum = a96106f36e733d447e96236d1c4c69bc
 
 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -26,7 +26,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913
 
 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 22dddbf92be16cf08983fa58d3181e88
+md5sum = 0394ed0e75f5ecb8266449bbf0b338d5
 
 [template-slave-configuration]
 filename = templates/custom-virtualhost.conf.in
@@ -42,7 +42,7 @@ md5sum = a8765b3c3af9f4f4f6437028aa42c58f
 
 [template-custom-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 22dddbf92be16cf08983fa58d3181e88
+md5sum = 0394ed0e75f5ecb8266449bbf0b338d5
 
 [template-not-found-html]
 filename = templates/notfound.html
@@ -50,15 +50,15 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
 
 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = 5594ee35d76f94d23ed716d0d8a3dac6
+md5sum = 7d066875a9c03036ec3996714980d75a
 
 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
-md5sum = ea62da3320c6a537d7508996283625bf
+md5sum = 7a1fa1239f29cf1a3f6f578f6ff05ca3
 
 [template-log-access]
 filename = templates/template-log-access.conf.in
-md5sum = 82bd8044f51d5b28f8e43b14704c282e
+md5sum = fae1e2fc29c061f7bbb455b9efb9c3b3
 
 [template-empty]
 filename = templates/empty.in
@@ -82,15 +82,15 @@ md5sum = 117238225b3fc3c5b5be381815f44c67
 
 [template-nginx-configuration]
 filename = templates/nginx.cfg.in
-md5sum = cdc550b5067f76f1cab24f94178710a4
+md5sum = eae367cbf665816fbfe274026c848075
 
 [template-nginx-eventsource-slave-virtualhost]
 filename = templates/nginx-eventsource-slave.conf.in
-md5sum = 7fb09bb130dc463a6736c1f319e798d6
+md5sum = a0c5c376753da042c5f8444a33066acf
 
 [template-nginx-notebook-slave-virtualhost]
 filename = templates/nginx-notebook-slave.conf.in
-md5sum = afa11dda952b2317227e5c72508aeda2
+md5sum = 193184d052d8ef8b09fa980cbca90798
 
 [template-apache-lazy-script-call]
 filename = templates/apache-lazy-script-call.sh.in

software/caddy-frontend/common.cfg

@@ -9,6 +9,7 @@ extends =
   ../../component/logrotate/buildout.cfg
   ../../component/rdiff-backup/buildout.cfg
   ../../component/trafficserver/buildout.cfg
+  ../../component/6tunnel/buildout.cfg
 
   ../../stack/nodejs.cfg
 # Monitoring stack (keep on bottom)

software/caddy-frontend/instance-apache-frontend.cfg

@@ -199,6 +199,8 @@ extra-context =
     key enable_http2_by_default instance-parameter:configuration.enable-http2-by-default
     key access_log apache-configuration:access-log
     key error_log apache-configuration:error-log
+    raw sixtunnel_executable ${6tunnel:location}/bin/6tunnel
+    raw service_directory $${directory:service}
 
 [dynamic-virtualhost-template-slave]
 <= jinja2-template-base

software/caddy-frontend/templates/apache-custom-slave-list.cfg.in

@@ -225,7 +225,6 @@ filename = {{ '%s.conf' % slave_reference }}
 extra-context =
     raw https_port {{ https_port }}
     raw http_port {{ http_port }}
-    raw global_ipv6 {{ global_ipv6 }}
     raw local_ipv4 {{ local_ipv4 }}
     raw nginx_http_port {{ nginx_http_port }} 
     raw nginx_https_port {{ nginx_https_port }}
@@ -318,7 +317,6 @@ extra-context =
     raw cached_port {{ cached_port }}
     raw ssl_cached_port {{ ssl_cached_port }}
     raw local_ipv4 {{ local_ipv4 }}
-    raw local_ipv6 {{ local_ipv6 }}
 {{ '\n' }}
 {% endfor %}
 
@@ -326,6 +324,44 @@ extra-context =
 <= slave-log-directory-dict
 recipe = slapos.cookbook:mkdirectory
 
+{#- Define IPv6 to IPV4 tunneling #}
+[tunnel-6to4-base]
+recipe = slapos.cookbook:wrapper
+ipv4 = ${slap-network-information:local-ipv4}
+ipv6 = ${slap-network-information:global-ipv6}
+wrapper-path = {{ service_directory}}/6tunnel-${:ipv6-port}
+command-line = {{ sixtunnel_executable }} -6 -4 -d -l ${:ipv6} ${:ipv6-port} ${:ipv4} ${:ipv4-port}
+
+[tunnel-6to4-base-http_port]
+<= tunnel-6to4-base
+ipv4-port = {{ http_port }}
+ipv6-port = {{ http_port }}
+
+[tunnel-6to4-base-https_port]
+<= tunnel-6to4-base
+ipv4-port = {{ https_port }}
+ipv6-port = {{ https_port }}
+
+[tunnel-6to4-base-cached_port]
+<= tunnel-6to4-base
+ipv4-port = {{ cached_port }}
+ipv6-port = {{ cached_port }}
+
+[tunnel-6to4-base-ssl_cached_port]
+<= tunnel-6to4-base
+ipv4-port = {{ ssl_cached_port }}
+ipv6-port = {{ ssl_cached_port }}
+
+[tunnel-6to4-base-nginx_http_port]
+<= tunnel-6to4-base
+ipv4-port = {{ nginx_http_port }}
+ipv6-port = {{ nginx_http_port }}
+
+[tunnel-6to4-base-nginx_https_port]
+<= tunnel-6to4-base
+ipv4-port = {{ nginx_https_port }}
+ipv6-port = {{ nginx_https_port }}
+
 {# Define log access #}
 [apache-log-access]
 < = jinja2-template-base
@@ -337,10 +373,9 @@ extra-context =
     raw apache_log_directory {{apache_log_directory}}
     raw apache_configuration_directory {{apache_configuration_directory}}
     raw local_ipv4 {{ local_ipv4 }}
-    raw local_ipv6 {{ local_ipv6 }}
+    raw global_ipv6 {{ global_ipv6 }}
     raw https_port {{ https_port }}
     raw http_port {{ http_port }}
-    raw global_ipv6 {{ global_ipv6 }}
     raw login_certificate {{ login_certificate }}
     raw login_key {{ login_key }}
     raw access_log {{ access_log }}
@@ -364,6 +399,12 @@ parts +=
 {% endfor %}
     publish-apache-information
     apache-log-access
+    tunnel-6to4-base-http_port
+    tunnel-6to4-base-https_port
+    tunnel-6to4-base-cached_port
+    tunnel-6to4-base-ssl_cached_port
+    tunnel-6to4-base-nginx_http_port
+    tunnel-6to4-base-nginx_https_port
 
 eggs-directory = {{ eggs_directory }}
 develop-eggs-directory = {{ develop_eggs_directory }}

software/caddy-frontend/templates/cached-virtualhost.conf.in

@@ -12,7 +12,6 @@
 # Only accept generic (i.e not Zope) backends on http
 {{ http_host_list|join(', ') }} {
   bind {{ local_ipv4 }}
-# TODO-Caddy  bind {{ local_ipv6 }}
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
     status 501 /
 {%- endif %}
@@ -33,7 +32,6 @@
 
 {{ https_host_list|join(', ') }} {
   bind {{ local_ipv4 }}
-# TODO-Caddy  bind {{ local_ipv6 }}
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
     status 501 /
 {%- endif %}

software/caddy-frontend/templates/default-virtualhost.conf.in

@@ -18,7 +18,6 @@
 {%- endfor %}
 {{ https_host_list|join(', ') }} {
   bind {{ local_ipv4 }}
-# TODO-Caddy  bind {{ local_ipv6 }}
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
     status 501 /
 {%- endif %}
@@ -120,7 +119,6 @@
 
 {{ http_host_list|join(', ') }} {
   bind {{ local_ipv4 }}
-# TODO-Caddy  bind {{ local_ipv6 }}
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
     status 501 /
 {%- endif %}

software/caddy-frontend/templates/nginx-eventsource-slave.conf.in

@@ -21,7 +21,6 @@
 
 
 # TODO-Caddy server {
-# TODO-Caddy  listen [{{ global_ipv6 }}]:{{ nginx_http_port }};
 # TODO-Caddy  listen {{ local_ipv4 }}:{{ nginx_http_port }};
 # TODO-Caddy 
 # TODO-Caddy  server_name {{ slave_parameter.get('custom_domain') }};
@@ -61,7 +60,6 @@
 # TODO-Caddy 
 
 # TODO-Caddy server {
-# TODO-Caddy  listen [{{ global_ipv6 }}]:{{ nginx_https_port }} ssl;
 # TODO-Caddy  listen {{ local_ipv4 }}:{{ nginx_https_port }} ssl;
 # TODO-Caddy 
 # TODO-Caddy  server_name {{ slave_parameter.get('custom_domain') }};

software/caddy-frontend/templates/nginx-notebook-slave.conf.in

@@ -21,7 +21,6 @@
 
 
 # TODO-Caddy server {
-# TODO-Caddy   listen [{{ global_ipv6 }}]:{{ nginx_http_port }};
 # TODO-Caddy   listen {{ local_ipv4 }}:{{ nginx_http_port }};
 # TODO-Caddy 
 # TODO-Caddy   server_name {{ slave_parameter.get('custom_domain') }};
@@ -56,7 +55,6 @@
 # TODO-Caddy }
 
 # TODO-Caddy server {
-# TODO-Caddy   listen [{{ global_ipv6 }}]:{{ nginx_https_port }} ssl;
 # TODO-Caddy   listen {{ local_ipv4 }}:{{ nginx_https_port }} ssl;
 # TODO-Caddy 
 # TODO-Caddy   server_name {{ slave_parameter.get('custom_domain') }};

software/caddy-frontend/templates/nginx.cfg.in

@@ -2,7 +2,6 @@
 https://www.example.org:$${nginx-configuration:port} {
   tls $${nginx-configuration:ssl_certificate} $${nginx-configuration:ssl_key}
   bind $${nginx-configuration:local_ip}
-# TODO-Caddy  bind {{ ipv6_addr }}
 # Serve an error 204 (No Content) for favicon.ico
 status 204 /favicon.ico
 status 404 /
@@ -10,7 +9,6 @@ status 404 /
 
 http://www.example.org:$${nginx-configuration:plain_port} {
   bind $${nginx-configuration:local_ip}
-# TODO-Caddy  bind {{ ipv6_addr }}
 # Serve an error 204 (No Content) for favicon.ico
 status 204 /favicon.ico
 status 404 /

software/caddy-frontend/templates/template-log-access.conf.in

 {% for slave, directory in slave_log_directory.iteritems() %}
 https://[{{ global_ipv6 }}]:{{ https_port }}/{{ slave }}, https://{{ local_ipv4 }}:{{ https_port }}/{{ slave }} {
   bind {{ local_ipv4 }}
-  #bind {{ global_ipv6 }}
   root {{directory}}/
   browse
   tls {{ login_certificate }} {{ login_key }}