caddy-frontend: Copy of apache-frontend original

This will make it easier to track changes.

software/caddy-frontend/buildout.hash.cfg

+# THIS IS NOT A BUILDOUT FILE, despite purposedly using a compatible syntax.
+# The only allowed lines here are (regexes):
+# - "^#" comments, copied verbatim
+# - "^[" section beginings, copied verbatim
+# - lines containing an "=" sign which must fit in the following categorie.
+#   - "^\s*filename\s*=\s*path\s*$" where "path" is relative to this file
+#     But avoid directories, they are not portable.
+#     Copied verbatim.
+#   - "^\s*hashtype\s*=.*" where "hashtype" is one of the values supported
+#     by the re-generation script.
+#     Re-generated.
+# - other lines are copied verbatim
+# Substitution (${...:...}), extension ([buildout] extends = ...) and
+# section inheritance (< = ...) are NOT supported (but you should really
+# not need these here).
+[template]
+filename = instance.cfg
+md5sum = f686f765e55d1dce2e55a400f0714b3e
+
+[template-apache-frontend]
+filename = instance-apache-frontend.cfg
+md5sum = b6a2c860ea1cd4bc9d185c7108c52d0a
+
+[template-apache-replicate]
+filename = instance-apache-replicate.cfg.in
+md5sum = 9e76028df7e93d3e32982884d5dc0913
+
+[template-slave-list]
+filename = templates/apache-custom-slave-list.cfg.in
+md5sum = 24e514ad6f15859229db46f24a8cd280
+
+[template-slave-configuration]
+filename = templates/custom-virtualhost.conf.in
+md5sum = d103143e5d50682bd5ad43117d82e2fa
+
+[template-replicate-publish-slave-information]
+filename = templates/replicate-publish-slave-information.cfg.in
+md5sum = 665e83d660c9b779249b2179d7ce4b4e
+
+[template-apache-frontend-configuration]
+filename = templates/apache.conf.in
+md5sum = a56045e7b53ff00ab34d2a8f911fc1a1
+
+[template-custom-slave-list]
+filename = templates/apache-custom-slave-list.cfg.in
+md5sum = 24e514ad6f15859229db46f24a8cd280
+
+[template-not-found-html]
+filename = templates/notfound.html
+md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
+
+[template-default-virtualhost]
+filename = templates/000.conf.in
+md5sum = d98a01182f38868612948c87d5231428
+
+[template-default-slave-virtualhost]
+filename = templates/default-virtualhost.conf.in
+md5sum = 7f38084af107034bedefba971abe165c
+
+[template-cached-slave-virtualhost]
+filename = templates/cached-virtualhost.conf.in
+md5sum = 1a1a53d9ac4a1591c017d86850a94796
+
+[template-log-access]
+filename = templates/template-log-access.conf.in
+md5sum = f85005b430978f3bd24ee7ce11b0e304
+
+[template-empty]
+filename = templates/empty.in
+md5sum = c2314c3a9c3412a38d14b312d3df83c1
+
+[template-wrapper]
+filename = templates/wrapper.in
+md5sum = 8cde04bfd0c0e9bd56744b988275cfd8
+
+[template-trafficserver-records-config]
+filename = templates/trafficserver/records.config.jinja2
+md5sum = 84baef0a49c9a65e8f2d2ffdb8c1d39c
+
+[template-trafficserver-storage-config]
+filename = templates/trafficserver/storage.config.jinja2
+md5sum = 117238225b3fc3c5b5be381815f44c67
+
+[template-nginx-configuration]
+filename = templates/nginx.cfg.in
+md5sum = 18633ce55e53340efa1ba7693aac4152
+
+[template-nginx-eventsource-slave-virtualhost]
+filename = templates/nginx-eventsource-slave.conf.in
+md5sum = a5186f666acb2f040ede04c91e60408f
+
+[template-nginx-notebook-slave-virtualhost]
+filename = templates/nginx-notebook-slave.conf.in
+md5sum = 82d74a7f2aceb2b4a7acc6259291b7f2
+
+[template-apache-lazy-script-call]
+filename = templates/apache-lazy-script-call.sh.in
+md5sum = ebe5d3d19923eb812a40019cb11276d8
+
+[template-apache-graceful-script]
+filename = templates/apache-graceful-script.sh.in
+md5sum = 41299cc64200e7b8217fb9dec20bb8b9

software/caddy-frontend/common.cfg

+[buildout]
+extends =
+  buildout.hash.cfg
+  ../../stack/slapos.cfg
+  ../../component/git/buildout.cfg
+  ../../component/dash/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+  ../../component/apache/buildout.cfg
+  ../../component/gzip/buildout.cfg
+  ../../component/stunnel/buildout.cfg
+  ../../component/dcron/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../component/pycurl/buildout.cfg
+  ../../component/python-cryptography/buildout.cfg
+  ../../component/rdiff-backup/buildout.cfg
+  ../../component/trafficserver/buildout.cfg
+
+  ../../component/pycurl/buildout.cfg
+  ../../component/nginx/buildout.cfg
+  ../../stack/nodejs.cfg
+# Monitoring stack (keep on bottom)
+  ../../stack/monitor/buildout.cfg
+
+parts +=
+  template
+  template-apache-frontend
+  template-apache-replicate
+  apache
+  apache-antiloris
+
+  stunnel
+
+  dcron
+  logrotate
+  rdiff-backup
+  nginx-push-stream-output
+  npm-modules
+  proxy-by-url
+  http-proxy
+
+# Extent extra-eggs.
+[extra-eggs]
+eggs +=
+  websockify
+  erp5.util
+
+[template]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[template-apache-frontend]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance-apache-frontend.cfg
+output = ${buildout:directory}/template-apache-frontend.cfg
+mode = 0644
+
+[template-apache-replicate]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in
+mode = 0644
+
+[download-template]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/${:filename}
+mode = 640
+
+[template-slave-list]
+<=download-template
+filename = apache-custom-slave-list.cfg.in
+
+[template-slave-configuration]
+<=download-template
+filename = custom-virtualhost.conf.in
+
+[template-replicate-publish-slave-information]
+<=download-template
+filename = replicate-publish-slave-information.cfg.in
+
+[template-apache-frontend-configuration]
+<=download-template
+filename = apache.conf.in
+
+[template-custom-slave-list]
+<=download-template
+filename = apache-default-slave-list.cfg.in
+
+[template-not-found-html]
+<=download-template
+filename = notfound.html
+
+[template-default-virtualhost]
+<=download-template
+filename = 000.conf.in
+
+[template-default-slave-virtualhost]
+<=download-template
+filename = default-virtualhost.conf.in
+
+[template-cached-slave-virtualhost]
+<=download-template
+filename = cached-virtualhost.conf.in
+
+[template-log-access]
+<=download-template
+filename = template-log-access.conf.in
+
+[template-empty]
+<=download-template
+filename = empty.in
+
+[template-wrapper]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/templates/wrapper.in
+output = ${buildout:directory}/template-wrapper.cfg
+mode = 0644
+
+[template-trafficserver-records-config]
+recipe = hexagonit.recipe.download
+ignore-existing = true
+url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+filename = records.config.jinja2
+download-only = true
+mode = 0644
+
+[template-trafficserver-storage-config]
+recipe = hexagonit.recipe.download
+ignore-existing = true
+url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+filename = storage.config.jinja2
+download-only = true
+mode = 0644
+
+# NGINX Configuration
+[template-nginx-configuration]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/templates/nginx.cfg.in
+output = ${buildout:directory}/template-nginx.cfg.in
+mode = 0644
+
+[template-apache-lazy-script-call]
+<=download-template
+filename = apache-lazy-script-call.sh.in
+
+[template-apache-graceful-script]
+<=download-template
+filename = apache-graceful-script.sh.in
+
+[template-nginx-eventsource-slave-virtualhost]
+<=download-template
+filename = nginx-eventsource-slave.conf.in
+
+[template-nginx-notebook-slave-virtualhost]
+<=download-template
+filename = nginx-notebook-slave.conf.in
+
+# Migrated from KVM recipe
+[http-proxy]
+# https://github.com/nodejitsu/node-http-proxy
+recipe = slapos.recipe.build:download-unpacked
+# use upstream when merged
+url = https://lab.nexedi.com/nexedi/node-http-proxy/repository/archive.zip?ref=a5d3aff428ee8d840068b439f6ce121077f1144f
+md5sum = 65602466066444c718215de41f546585
+
+[proxy-by-url]
+# https://github.com/dominictarr/proxy-by-url
+recipe = slapos.recipe.build:download-unpacked
+# use upstream when merged
+url = https://lab.nexedi.com/nexedi/proxy-by-url/repository/archive.zip?ref=59fcb11a3e00c45b4b0362e76f29653abb313072
+md5sum = c383e0c5ff31b56f7987466e8304c941
+
+[npm-modules]
+recipe = plone.recipe.command
+destination = ${buildout:parts-directory}/${:_buildout_section_name_}
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+command =
+  export HOME=${:location};
+  rm -fr ${:destination} &&
+  mkdir -p ${:destination} &&
+  cd ${:destination} &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install colors@0.6.0-1 &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install socket.io@0.8.7 &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install socket.io-client@0.8.7 &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install optimist@0.3.1 &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install pkginfo@0.2.3

software/caddy-frontend/development.cfg

+# Development profile of apache-frontend.
+# Exactly the same as software.cfg, but fetch the slapos.cookbook
+# from git repository instead of fetching stable version,
+# allowing to play with bleeding edge environment.
+
+# You'll need to run buildout twice for this profile.
+
+[buildout]
+extends =
+# Extend in this order, otherwise "parts" will be taken from git profile
+  common.cfg
+
+parts +=
+  slapos.toolbox-dev
+
+[slapos.toolbox-dev]
+recipe = zc.recipe.egg:develop
+egg = slapos.toolbox
+setup = ${slapos.toolbox-repository:location}

software/caddy-frontend/instance-apache-replicate.cfg.in

+{% if slap_software_type in software_type -%}
+
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = ${buildout:directory}/${:filename}
+extra-context =
+context =
+    import json_module json
+    key eggs_directory buildout:eggs-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key slap_software_type slap-parameter:slap_software_type
+    key slave_instance_list slap-parameter:slave_instance_list
+    ${:extra-context}
+
+{% set part_list = [] -%}
+{% set single_type_key = 'single-' %}
+{% if slap_software_type == "replicate" %}
+{%   set frontend_type = slapparameter_dict.pop('-frontend-type', 'single-default') -%}
+{% elif slap_software_type in ['default', 'RootSoftwareInstance'] -%}
+{%   set frontend_type = "%s%s" % (single_type_key, 'custom-personal') -%}
+{% else -%}
+{%   set frontend_type = "%s%s" % (single_type_key, slap_software_type) -%}
+{% endif -%}
+{% set frontend_quantity = slapparameter_dict.pop('-frontend-quantity', '1') | int -%}
+{% set slave_list_name = 'extra_slave_instance_list' -%}
+{% set frontend_list = [] %}
+{% set frontend_section_list = [] %}
+{% set request_dict = {} %}
+{% set namebase = 'apache-frontend' -%}
+# XXX Dirty hack, not possible to define default value before
+{% set sla_computer_apache_1_key = '-sla-1-computer_guid' -%}
+{% if not sla_computer_apache_1_key in slapparameter_dict -%}
+{%   do slapparameter_dict.__setitem__(sla_computer_apache_1_key, '${slap-connection:computer-id}') -%}
+{% endif -%}
+
+# Here we request individualy each frontend.
+# The presence of sla parameters is checked and added if found
+{% for i in range(1, frontend_quantity + 1) -%}
+{%   set frontend_name = "%s-%s" % (namebase, i) -%}
+{%   set request_section_title = 'request-%s' % frontend_name -%}
+{%   set sla_key = "-sla-%s-" % i -%}
+{%   set sla_key_length = sla_key | length %}
+{%   set sla_dict = {} %}
+{%   set config_key = "-frontend-config-%s-" % i %}
+{%   set config_key_length = config_key | length %}
+{%   set config_dict = {} %}
+{%   for key in slapparameter_dict.keys() %}
+{%     if key.startswith(sla_key) %}
+{%       do sla_dict.__setitem__(key[sla_key_length:], slapparameter_dict.pop(key)) %}
+# We check for specific configuration regarding the frontend
+{%     elif key.startswith(config_key) -%}
+{%       do config_dict.__setitem__(key[config_key_length:], slapparameter_dict.pop(key)) %}
+{%     endif -%}
+{%   endfor -%}
+{%   do frontend_list.append(frontend_name) -%}
+{%   do frontend_section_list.append(request_section_title) -%}
+{%   do part_list.append(request_section_title) -%}
+# Filling request dict for slave
+{%   set state_key = "-frontend-%s-state" % i %}
+{%   do request_dict.__setitem__(request_section_title,
+                                  {
+                                  'config': config_dict,
+                                  'name': frontend_name,
+                                  'sla': sla_dict,
+                                  'state': slapparameter_dict.pop(state_key, None)
+                                  }) %}
+{% endfor -%}
+
+{% set authorized_slave_string = slapparameter_dict.pop('-frontend-authorized-slave-string', '') -%}
+{% set authorized_slave_list = [] %}
+{% set rejected_slave_list = [] %}
+{% for slave in slave_instance_list %}
+{%   if not (slave.has_key('apache_custom_http') and not slave.get('slave_reference') in authorized_slave_string) %}
+{%     do authorized_slave_list.append(slave) %}
+{%   else %}
+{%     do rejected_slave_list.append(slave.get('slave_reference')) %}
+{%   endif %}
+{% endfor -%}
+
+[replicate]
+<= slap-connection
+recipe = slapos.cookbook:requestoptional
+config-monitor-cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
+config-monitor-username = ${monitor-instance-parameter:username}
+config-monitor-password = ${monitor-htpasswd:passwd}
+
+{% set frontend_software_url_key = "-frontend-software-release-url" %}
+{% if slapparameter_dict.has_key(frontend_software_url_key) %}
+software-url = {{ slapparameter_dict.pop(frontend_software_url_key) }}
+{% else %}
+software-url = ${slap-connection:software-release-url}
+{% endif %}
+software-type = {{frontend_type}}
+return = private-ipv4 public-ipv4 slave-instance-information-list monitor-base-url
+
+{% for section, frontend_request in request_dict.iteritems() %}
+[{{section}}]
+<= replicate
+name = {{ frontend_request.get('name') }}
+{%   if frontend_request.get('state') %}
+state = {{ frontend_request.get('state') }}
+{%   endif%}
+{%   set slave_configuration_dict = frontend_request.get('config') %}
+{%   do slave_configuration_dict.update(**slapparameter_dict) %}
+{%   do slave_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list)) %}
+{%   do slave_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %}
+config-_ = {{ json_module.dumps(slave_configuration_dict) }}
+{%   if frontend_request.get('sla') %}
+{%     for parameter, value in frontend_request.get('sla').iteritems() -%}
+sla-{{ parameter }} = {{ value }}
+{%     endfor -%}
+{%   endif -%}
+{% endfor -%}
+
+
+[publish-information]
+<= monitor-publish
+recipe = slapos.cookbook:publish
+domain = {{ slapparameter_dict.get('domain') }}
+slave-amount = {{ slave_instance_list | length }}
+accepted-slave-amount = {{ authorized_slave_list | length }}
+rejected-slave-amount = {{ rejected_slave_list | length }}
+rejected-slave-list = {{ json_module.dumps(rejected_slave_list) }}
+
+#----------------------------
+#--
+#-- Publish slave information
+[publish-slave-information]
+recipe = slapos.cookbook:softwaretype
+default = ${dynamic-publish-slave-information:rendered}
+RootSoftwareInstance = ${dynamic-publish-slave-information:rendered}
+replicate = ${dynamic-publish-slave-information:rendered}
+custom-personal = ${dynamic-publish-slave-information:rendered}
+custom-group = ${dynamic-publish-slave-information:rendered}
+
+[slave-information]
+{% for frontend_section in frontend_section_list -%}
+{{ frontend_section }} = {{ "${%s:connection-slave-instance-information-list}" % frontend_section }}
+{% endfor -%}
+
+[dynamic-publish-slave-information]
+< = jinja2-template-base
+template = {{ template_publish_slave_information }}
+filename = dynamic-publish-slave-information.cfg
+extensions = jinja2.ext.do
+extra-context =
+    section slave_information slave-information
+
+[monitor-conf-parameters]
+monitor-url-list +=
+{% for frontend in frontend_section_list %}
+{{ '  ${' + frontend + ':connection-monitor-base-url}' }}
+{% endfor -%}
+
+[buildout]
+extends = {{ template_monitor }}
+parts =
+  monitor-base
+  publish-slave-information
+  publish-information
+{% for part in part_list -%}
+{{ '  %s' % part }}
+{% endfor -%}
+#      publish-information
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
+
+
+[slap_connection]
+# Kept for backward compatiblity
+computer_id = ${slap-connection:computer-id}
+partition_id = ${slap-connection:partition-id}
+server_url = ${slap-connection:server-url}
+software_release_url = ${slap-connection:software-release-url}
+key_file = ${slap-connection:key-file}
+cert_file = ${slap-connection:cert-file}
+
+[slap-parameter]
+slave_instance_list =
+-frontend-quantity = 1
+-frontend-type = single-default
+{%- endif %}

software/caddy-frontend/instance.cfg

+[buildout]
+parts =
+  dynamic-template-apache-replicate
+  switch-softwaretype
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
+
+[slap-parameters]
+recipe = slapos.cookbook:slapconfiguration
+computer = $${slap-connection:computer-id}
+partition = $${slap-connection:partition-id}
+url = $${slap-connection:server-url}
+key = $${slap-connection:key-file}
+cert = $${slap-connection:cert-file}
+
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+rendered = $${buildout:directory}/$${:filename}
+extra-context =
+context =
+    import json_module json
+    key eggs_directory buildout:eggs-directory
+    key develop_eggs_directory buildout:develop-eggs-directory
+    key slap_software_type slap-parameters:slap-software-type
+    key slapparameter_dict slap-parameters:configuration
+    key slave_instance_list slap-parameters:slave-instance-list
+    $${:extra-context}
+
+[switch-softwaretype]
+recipe = slapos.cookbook:softwaretype
+default = $${dynamic-template-apache-replicate:rendered}
+RootSoftwareInstance = $${dynamic-template-apache-replicate:rendered}
+custom-personal = $${dynamic-template-apache-replicate:rendered}
+single-default = ${template-apache-frontend:output}
+single-custom-personal = ${template-apache-frontend:output}
+replicate = $${dynamic-template-apache-replicate:rendered}
+
+[dynamic-template-apache-replicate]
+< = jinja2-template-base
+template = ${template-apache-replicate:target}
+filename = instance-apache-replicate.cfg
+extensions = jinja2.ext.do
+extra-context =
+    raw template_publish_slave_information ${template-replicate-publish-slave-information:target}
+# Must match the key id in [switch-softwaretype] which uses this section.
+    raw software_type RootSoftwareInstance-default-custom-personal-replicate
+    raw template_monitor ${monitor2-template:rendered}
+

software/caddy-frontend/software.cfg

+[buildout]
+extends = common.cfg
+
+[versions]
+PyRSS2Gen = 1.1
+apache-libcloud = 0.19.0
+cns.recipe.symlink = 0.2.3
+ecdsa = 0.13
+gitdb = 0.6.4
+plone.recipe.command = 1.1
+pycrypto = 2.6.1
+rdiff-backup = 1.0.5+SlapOSPatched001
+slapos.recipe.template = 4.3
+slapos.toolbox = 0.76
+smmap = 0.9.0
+numpy = 1.11.2
+pyasn1 = 0.2.3
+
+websockify = 0.8.0
+
+# Required by:
+# slapos.toolbox==0.71
+dnspython = 1.15.0
+
+# Required by:
+# slapos.toolbox==0.71
+erp5.util = 0.4.49
+
+# Required by:
+# slapos.toolbox==0.71
+passlib = 1.6.5
+
+# Required by:
+# slapos.toolbox==0.71
+GitPython = 2.0.8
+
+# Required by:
+# slapos.toolbox==0.71
+atomize = 0.2.0
+
+# Required by:
+# slapos.toolbox==0.71
+feedparser = 5.2.1
+
+# Required by:
+# slapos.toolbox==0.71
+lockfile = 0.12.2
+
+# Required by:
+# slapos.toolbox==0.71
+paramiko = 2.0.1
+
+# Required by:
+# slapos.toolbox==0.71
+pycurl = 7.43.0
+
+# Required by:
+# slapos.toolbox==0.71
+rpdb = 0.1.5

software/caddy-frontend/templates/000.conf.in

+<VirtualHost *:{{ https_port }}>
+  ServerName www.example.org
+  SSLEngine on
+  SSLProxyEngine on
+  SSLProtocol all -SSLv2 -SSLv3
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
+  SSLHonorCipherOrder on
+
+  # Rewrite part
+  ProxyPreserveHost On
+  ProxyTimeout 600
+  RewriteEngine On
+
+  ErrorDocument 404 /notfound.html
+
+</VirtualHost>
+
+<VirtualHost *:{{ http_port }}>
+
+  ServerName www.example.org
+  ErrorDocument 404 /notfound.html
+</VirtualHost>
\ No newline at end of file

software/caddy-frontend/templates/apache-graceful-script.sh.in

+#!/bin/sh
+
+RUN_DIR={{ directory_run }}
+ETC_DIR={{ directory_etc }}
+
+APACHE_SIGNATURE_FILE=$RUN_DIR/apache_configuration.signature
+NAPACHE_SIGNATURE_FILE=$RUN_DIR/napache_configuration.signature
+
+touch $APACHE_SIGNATURE_FILE
+sha256sum $ETC_DIR/apache*.conf $ETC_DIR/apache-*.d/*.conf $ETC_DIR/apache-*.d/ssl/*.*key $ETC_DIR/apache-*.d/ssl/*.*crt* | sort -k 66 > $NAPACHE_SIGNATURE_FILE 
+
+# If no diff, no restart for now
+if diff "$APACHE_SIGNATURE_FILE" "$NAPACHE_SIGNATURE_FILE"; then
+  echo "Nothing Changed, so nothing to reload"
+  exit 0
+fi
+echo "Reloading apache.."
+
+{{ apache_graceful_reload_command }}
+
+mv "$NAPACHE_SIGNATURE_FILE" "$APACHE_SIGNATURE_FILE" 

software/caddy-frontend/templates/apache-lazy-script-call.sh.in

+#!/bin/bash
+
+PID=$$
+PIDFILE={{ pid_file }}
+
+sleep $((RANDOM % 10))
+
+if [ ! -f $PIDFILE ]; then
+  echo $PID > $PIDFILE
+  sleep {{ wait_time }}
+  {{ lazy_command }}
+else
+  ps --pid `cat $PIDFILE` &>/dev/null
+  if [ $? -eq 0 ]; then
+    echo "Skipped"
+  else
+    echo $PID > $PIDFILE
+    sleep {{ wait_time }}
+    {{ lazy_command }}
+  fi
+fi
+

software/caddy-frontend/templates/apache.conf.in

+# Apache configuration file for Zope
+# Automatically generated
+
+# Basic server configuration
+PidFile "{{ pid_file }}"
+ServerName {{ domain }}
+DocumentRoot {{ document_root }}
+ServerRoot {{ instance_home }}
+
+{{ "Listen %s:%s" % (ipv4_addr, cached_port)  }}
+{{ "Listen %s:%s" % (ipv4_addr, ssl_cached_port)  }}
+{% for ip in (ipv4_addr, "[%s]" % ipv6_addr) -%}
+{%   for port in (http_port, https_port) -%}
+{{ "Listen %s:%s" % (ip, port)  }}
+{%   endfor -%}
+{% endfor -%}
+
+ServerAdmin {{ server_admin }}
+TypesConfig {{ httpd_home }}/conf/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+# As backend is trusting REMOTE_USER header unset it always
+RequestHeader unset REMOTE_USER
+
+ServerTokens Prod
+
+# Disable TRACE Method
+TraceEnable off
+
+# Log configuration
+ErrorLog "{{ error_log }}"
+LogLevel notice
+# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b" common
+# CustomLog "{{ access_log }}" common
+LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+CustomLog "{{ access_log }}" combined
+
+<Directory {{ protected_path }}>
+  Order Deny,Allow
+  Allow from {{ access_control_string }}
+</Directory>
+
+<Directory {{ document_root }}>
+  Require all granted
+  Options -Indexes
+  ErrorDocument 404 /notfound.html
+  RewriteEngine on
+  RewriteRule ^/?$ notfound.html [R=404,L]
+</Directory>
+
+# List of modules
+LoadModule unixd_module        {{ httpd_home }}/modules/mod_unixd.so
+LoadModule access_compat_module {{ httpd_home }}/modules/mod_access_compat.so
+LoadModule authz_core_module  {{ httpd_home }}/modules/mod_authz_core.so
+LoadModule authz_host_module  {{ httpd_home }}/modules/mod_authz_host.so
+LoadModule authn_core_module  {{ httpd_home }}/modules/mod_authn_core.so
+LoadModule log_config_module  {{ httpd_home }}/modules/mod_log_config.so
+LoadModule deflate_module     {{ httpd_home }}/modules/mod_deflate.so
+LoadModule setenvif_module    {{ httpd_home }}/modules/mod_setenvif.so
+LoadModule version_module     {{ httpd_home }}/modules/mod_version.so
+LoadModule proxy_module       {{ httpd_home }}/modules/mod_proxy.so
+LoadModule proxy_http_module  {{ httpd_home }}/modules/mod_proxy_http.so
+LoadModule ssl_module         {{ httpd_home }}/modules/mod_ssl.so
+LoadModule mime_module        {{ httpd_home }}/modules/mod_mime.so
+LoadModule dav_module         {{ httpd_home }}/modules/mod_dav.so
+LoadModule dav_fs_module      {{ httpd_home }}/modules/mod_dav_fs.so
+LoadModule negotiation_module {{ httpd_home }}/modules/mod_negotiation.so
+LoadModule rewrite_module     {{ httpd_home }}/modules/mod_rewrite.so
+LoadModule headers_module     {{ httpd_home }}/modules/mod_headers.so
+LoadModule cache_module       {{ httpd_home }}/modules/mod_cache.so
+LoadModule cache_socache_module   {{ httpd_home }}/modules/mod_cache_socache.so
+LoadModule socache_shmcb_module   {{ httpd_home }}/modules/mod_socache_shmcb.so
+LoadModule antiloris_module   {{ httpd_home }}/modules/mod_antiloris.so
+LoadModule alias_module       {{ httpd_home }}/modules/mod_alias.so
+LoadModule autoindex_module   {{ httpd_home }}/modules/mod_autoindex.so
+LoadModule auth_basic_module  {{ httpd_home }}/modules/mod_auth_basic.so
+LoadModule authz_user_module  {{ httpd_home }}/modules/mod_authz_user.so
+LoadModule authn_file_module  {{ httpd_home }}/modules/mod_authn_file.so
+LoadModule filter_module       {{ httpd_home }}/modules/mod_filter.so
+LoadModule http2_module       {{ httpd_home }}/modules/mod_http2.so
+LoadModule info_module        {{ httpd_home }}/modules/mod_info.so
+LoadModule status_module      {{ httpd_home }}/modules/mod_status.so
+LoadModule reqtimeout_module  {{ httpd_home }}/modules/mod_reqtimeout.so
+
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
+                        downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+# The following directive disables redirects on non-GET requests for
+# a directory that does not include the trailing slash.  This fixes a
+# problem with Microsoft WebFolders which does not appropriately handle
+# redirects for folders with DAV methods.
+# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
+BrowserMatch "^gnome-vfs" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+
+
+{% if slapparameter_dict.get('enable-http2-by-default', 'true') == 'true' %}
+Protocols h2 http/1.1
+{% endif %}
+
+# Increase IPReadLimit to 10
+<IfModule antiloris_module>
+   # IPReadLimit - Maximum simultaneous connections in READ state per IP address 
+   IPReadLimit {{ slapparameter_dict.get('ip-read-limit', '10') }}
+</IfModule>
+
+ExtendedStatus On
+<Location /server-status>
+    SetHandler server-status
+    Order Deny,Allow
+    Deny from all
+    Allow from All
+
+    AuthType basic
+    AuthName "Apache Server Status"
+    AuthBasicProvider file
+    AuthUserFile {{ instance_home }}/etc/monitor-htpasswd
+    Require valid-user
+</Location>
+
+ServerLimit {{ slapparameter_dict.get('mpm-server-limit', '16') }}
+MaxClients {{ slapparameter_dict.get('mpm-max-clients', '400') }}
+StartServers {{ slapparameter_dict.get('mpm-start-servers', '3') }}
+ThreadsPerChild {{ slapparameter_dict.get('mpm-thread-per-child', '25') }}
+#MaxRequestsPerChild 0 // Default value is 0
+GracefulShutdownTimeout {{ slapparameter_dict.get('mpm-graceful-shutdown-timeout', '5') }}
+
+# Deflate
+AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
+BrowserMatch ^Mozilla/4 gzip-only-text/html
+BrowserMatch ^Mozilla/4\.0[678] no-gzip
+BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+# SSL Configuration
+SSLCertificateFile {{ login_certificate }}
+SSLCertificateKeyFile {{ login_key }}
+{% if slapparameter_dict.get('apache-ca-certificate') %}
+SSLCACertificateFile {{ login_ca_crt }}
+{% endif %}
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+SSLRandomSeed startup /dev/urandom 256
+SSLRandomSeed connect builtin
+SSLProtocol all -SSLv2 -SSLv3
+SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
+SSLHonorCipherOrder on
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+      SSLOptions +StdEnvVars
+</FilesMatch>
+# Accept proxy to sites using self-signed SSL certificates
+SSLProxyCheckPeerCN off
+SSLProxyCheckPeerExpire off
+
+include {{frontend_configuration.get('log-access-configuration')}}
+includeoptional {{ slave_configuration_directory }}/*.conf
+includeoptional {{ slave_with_cache_configuration_directory }}/*.conf
+
+ErrorDocument 404 /notfound.html
+RewriteRule (.*) /notfound.html [R=404,L]

software/caddy-frontend/templates/cached-virtualhost.conf.in

+{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
+{% set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
+{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
+
+# Only accept generic (i.e not Zope) backends on http
+<VirtualHost *:{{ cached_port }}>
+  ServerName {{ slave_parameter.get('custom_domain') }}
+  {%- for server_alias in server_alias_list %}
+  ServerAlias {{ server_alias }}
+  {% endfor %}
+  SSLProxyEngine on
+
+{% if ssl_proxy_verify -%}
+{%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
+  SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
+{%   endif %}
+  SSLProxyVerify require
+  #SSLProxyCheckPeerCN on
+  SSLProxyCheckPeerExpire on
+{% endif %}
+  # Rewrite part
+  ProxyPreserveHost On
+  ProxyTimeout 600
+  RewriteEngine On
+
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('backend_url', '') }}/$1 [L,P]
+</VirtualHost>
+
+<VirtualHost *:{{ ssl_cached_port }}>
+  ServerName {{ slave_parameter.get('custom_domain') }}
+  {%- for server_alias in server_alias_list %}
+  ServerAlias {{ server_alias }}
+  {% endfor %}
+  SSLProxyEngine on
+
+{% if ssl_proxy_verify -%}
+{%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
+  SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
+{%   endif %}
+  SSLProxyVerify require
+  #SSLProxyCheckPeerCN on
+  SSLProxyCheckPeerExpire on
+{% endif %}
+  # Rewrite part
+  ProxyPreserveHost On
+  ProxyTimeout 600
+  RewriteEngine On
+
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('https_backend_url', '') }}/$1 [L,P]
+</VirtualHost>
+

software/caddy-frontend/templates/custom-virtualhost.conf.in

+<VirtualHost *:{{ https_port }}>
+{{ slave_parameter.get('apache_custom_https', '') }}
+</VirtualHost>
+
+<VirtualHost *:{{ http_port }}>
+{{ slave_parameter.get('apache_custom_https', '') }}
+</VirtualHost>

software/caddy-frontend/templates/default-virtualhost.conf.in

+{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
+{%- set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%}
+{%- set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
+{%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
+{%- set server_alias_list =  slave_parameter.get('server-alias', '').split() -%}
+{%- set enable_h2 = ('' ~ slave_parameter.get('enable-http2', 'true')).lower() in TRUE_VALUES -%}
+{%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
+{%- set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() -%}
+{%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
+{%- set slave_type = slave_parameter.get('type', '') -%}
+{%- set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
+                                 ('SSLCertificateKeyFile', 'path_to_ssl_key'),
+                                 ('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
+                                 ('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
+
+<VirtualHost *:{{ https_port }}>
+  ServerName {{ slave_parameter.get('custom_domain') }}
+  ServerAlias {{ slave_parameter.get('custom_domain') }}
+
+{%- for server_alias in server_alias_list %}
+  ServerAlias {{ server_alias }}
+{% endfor %}
+
+  SSLEngine on
+  SSLProxyEngine on
+{% if ssl_proxy_verify -%}
+{%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
+  SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
+{%   endif %}
+  SSLProxyVerify require
+  #SSLProxyCheckPeerCN on
+  SSLProxyCheckPeerExpire on
+{% endif %}
+  SSLProtocol all -SSLv2 -SSLv3
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
+  SSLHonorCipherOrder on
+
+{% if enable_h2 %}
+  Protocols h2 http/1.1
+{% endif -%}
+
+{% for key, value in ssl_configuration_list -%}
+{%   if value in slave_parameter -%}
+{{ '  %s' % key }} {{ slave_parameter.get(value) }}
+{% endif -%}
+{% endfor -%}
+
+  # One Slave two logs
+  ErrorLog "{{ slave_parameter.get('error_log') }}"
+  LogLevel notice
+  LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+  CustomLog "{{ slave_parameter.get('access_log') }}" combined
+
+  # Rewrite part
+  ProxyPreserveHost On
+  ProxyTimeout 600
+  RewriteEngine On
+
+{% if disable_via_header %}
+  Header unset Via
+{% endif -%}
+
+{% if disable_no_cache_header %}
+  RequestHeader unset Cache-Control
+  RequestHeader unset Pragma
+{% endif -%}
+
+{%- for disabled_cookie in disabled_cookie_list %}
+{{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
+{% endfor -%}
+
+{%- if prefer_gzip %}
+  RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
+{% endif %}
+
+{% if slave_type ==  'zope' -%}
+  {% if 'default-path' in slave_parameter %}
+  RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
+  {% endif -%}
+  # First, we check if we have a zope backend server
+  # If so, let's use Virtual Host Monster rewrite
+  # We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }}/VirtualHostBase/https//%{SERVER_NAME}:{{ slave_parameter.get('virtualhostroot-https-port', '443') }}/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
+{% elif slave_type ==  'redirect' -%}
+  RewriteRule  (.*)  {{ slave_parameter.get('https-url', slave_parameter.get('url', ''))}}$1 [R,L]
+{% else -%}
+  {% if 'default-path' in slave_parameter %}
+  RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
+  {% endif -%}
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }}/$1 [L,P]
+{% endif -%}
+</VirtualHost>
+
+<VirtualHost *:{{ http_port }}>
+  ServerName {{ slave_parameter.get('custom_domain') }}
+  ServerAlias {{ slave_parameter.get('custom_domain') }}
+
+{%-  for server_alias in server_alias_list %}
+  ServerAlias {{ server_alias }}
+{% endfor %}
+
+  SSLProxyEngine on
+{% if ssl_proxy_verify -%}
+{%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
+  SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
+{%   endif %}
+  SSLProxyVerify require
+  #SSLProxyCheckPeerCN on
+  SSLProxyCheckPeerExpire on
+{% endif %}
+  # Rewrite part
+  ProxyPreserveHost On
+  ProxyTimeout 600
+
+{% if disable_via_header %}
+  Header unset Via
+{% endif -%}
+  RewriteEngine On
+
+  # One Slave two logs
+  ErrorLog "{{ slave_parameter.get('error_log') }}"
+  LogLevel notice
+  LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+  CustomLog "{{ slave_parameter.get('access_log') }}" combined
+
+  # Remove "Secure" from cookies, as backend may be https
+  Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
+
+{% if enable_h2 %}
+  Protocols h2 http/1.1
+{% endif -%}
+
+{% if disable_no_cache_header %}
+  RequestHeader unset Cache-Control
+  RequestHeader unset Pragma
+{% endif -%}
+
+{%- for disabled_cookie in disabled_cookie_list %}
+{{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
+{% endfor -%}
+
+{%- if prefer_gzip %}
+  RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
+{% endif %}
+
+# Next line is forbidden and people who copy it will be hanged short
+{% if https_only -%}
+  # Not using HTTPS? Ask that guy over there.
+  # Dummy redirection to https. Note: will work only if https listens
+  # on standard port (443).
+  RewriteCond     %{SERVER_PORT}  !^{{ https_port }}$
+  RewriteRule     ^/(.*)          https://%{SERVER_NAME}/$1 [NC,R,L]
+{% elif slave_type ==  'redirect' -%}
+  RewriteRule     (.*)  {{slave_parameter.get('url', '')}}$1 [R,L]
+{% elif slave_type ==  'zope' -%}
+  {% if 'default-path' in slave_parameter %}
+  RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
+  {% endif -%}
+  # First, we check if we have a zope backend server
+  # If so, let's use Virtual Host Daemon rewrite
+  # We suppose that Apache listens to 80 (even indirectly thanks to things like iptables)
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http/%{SERVER_NAME}:{{ slave_parameter.get('virtualhostroot-http-port', '80') }}/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
+{% else -%}
+  {% if 'default-path' in slave_parameter %}
+  RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
+  {% endif -%}
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
+{% endif -%}
+  # If nothing exist : put a nice error
+#  ErrorDocument 404 /notfound.html
+# Dadiboom
+
+</VirtualHost>

software/caddy-frontend/templates/empty.in

+{{ content }}
\ No newline at end of file

software/caddy-frontend/templates/nginx-eventsource-slave.conf.in

+{% set url = slave_parameter.get('url') -%}
+{% set https_url = slave_parameter.get('https-url', url) -%}
+{% if url.startswith("http://") or url.startswith("https://") -%}
+{%   set upstream = url.split("/")[2] -%}
+{%   set https_upstream = https_url.split("/")[2] -%}
+{%   set protocol = url.split("/")[0] -%}
+{%   set https_protocol = https_url.split("/")[0] -%}
+{%   set proxy_pass = '%s//%s' % (protocol, slave_parameter.get('slave_reference')) -%}
+{%   set https_proxy_pass = '%s//https_%s' % (protocol, slave_parameter.get('slave_reference')) -%}
+{%- set ssl_configuration_list = [('ssl_certificate', 'path_to_ssl_crt'),
+                                 ('ssl_certificate_key', 'path_to_ssl_key')] -%}
+
+
+upstream {{ slave_parameter.get('slave_reference') }} {
+  server {{ upstream }};
+}
+
+upstream https_{{ slave_parameter.get('slave_reference') }} {
+  server {{ https_upstream }};
+}
+
+
+server {
+  listen [{{ global_ipv6 }}]:{{ nginx_http_port }};
+  listen {{ local_ipv4 }}:{{ nginx_http_port }};
+
+  server_name {{ slave_parameter.get('custom_domain') }};
+
+  error_log {{ slave_parameter.get('error_log') }} error; 
+  access_log {{ slave_parameter.get('access_log') }} custom;
+  
+  location /pub {
+    push_stream_publisher;
+    push_stream_channels_path $arg_id;
+    # store messages in memory
+    push_stream_store_messages  off;
+
+    # Message size limit
+    # client_max_body_size MUST be equal to client_body_buffer_size or
+    # you will be sorry.
+    client_max_body_size 16k;
+    client_body_buffer_size 16k;
+
+   }
+
+   location ~ /sub/(.*) {
+     # activate subscriber mode for this location
+     add_header "Access-Control-Allow-Origin" "*";
+     add_header 'Access-Control-Allow-Credentials' 'false';
+     add_header 'Access-Control-Allow-Methods' 'GET, HEAD, OPTIONS';
+     add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
+
+     push_stream_subscriber eventsource;
+     # positional channel path
+     push_stream_channels_path $1;
+
+     # content-type
+     default_type "text/event-stream; charset=utf-8";
+  }
+
+}
+
+server {
+  listen [{{ global_ipv6 }}]:{{ nginx_https_port }} ssl;
+  listen {{ local_ipv4 }}:{{ nginx_https_port }} ssl;
+
+  server_name {{ slave_parameter.get('custom_domain') }};
+
+  error_log {{ slave_parameter.get('error_log') }} error;
+  access_log {{ slave_parameter.get('access_log') }} custom;
+
+  ssl on;
+  
+  ssl_session_timeout 5m;
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5';
+  ssl_prefer_server_ciphers on;
+  ssl_session_cache shared:SSL:10m;
+
+{% for key, value in ssl_configuration_list -%}
+{%   if value in slave_parameter -%}
+{{ '  %s' % key }} {{ slave_parameter.get(value) }};
+{% endif -%}
+{% endfor %}
+
+  location /pub {
+    push_stream_publisher;
+    push_stream_channels_path $arg_id;
+    # store messages in memory
+    push_stream_store_messages  off;
+
+    # Message size limit
+    # client_max_body_size MUST be equal to client_body_buffer_size or
+    # you will be sorry.
+    client_max_body_size 16k;
+    client_body_buffer_size 16k;
+
+   }
+
+   location ~ /sub/(.*) {
+     # activate subscriber mode for this location
+     add_header "Access-Control-Allow-Origin" "*";
+     add_header 'Access-Control-Allow-Credentials' 'false';
+     add_header 'Access-Control-Allow-Methods' 'GET, HEAD, OPTIONS';
+     add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
+
+     push_stream_subscriber eventsource;
+     # positional channel path
+     push_stream_channels_path $1;
+
+     # content-type
+     default_type "text/event-stream; charset=utf-8";
+  }
+}
+{% endif -%}

software/caddy-frontend/templates/nginx-notebook-slave.conf.in

+{% set url = slave_parameter.get('url') -%}
+{% set https_url = slave_parameter.get('https-url', url) -%}
+{% if url.startswith("http://") or url.startswith("https://") -%}
+{%   set upstream = url.split("/")[2] -%}
+{%   set https_upstream = https_url.split("/")[2] -%}
+{%   set protocol = url.split("/")[0] -%}
+{%   set https_protocol = https_url.split("/")[0] -%}
+{%   set proxy_pass = '%s//%s' % (protocol, slave_parameter.get('slave_reference')) -%}
+{%   set https_proxy_pass = '%s//https_%s' % (protocol, slave_parameter.get('slave_reference')) -%}
+{%- set ssl_configuration_list = [('ssl_certificate', 'path_to_ssl_crt'),
+                                 ('ssl_certificate_key', 'path_to_ssl_key')] -%}
+
+
+upstream {{ slave_parameter.get('slave_reference') }} {
+  server {{ upstream }};
+}
+
+upstream https_{{ slave_parameter.get('slave_reference') }} {
+  server {{ https_upstream }};
+}
+
+
+server {
+  listen [{{ global_ipv6 }}]:{{ nginx_http_port }};
+  listen {{ local_ipv4 }}:{{ nginx_http_port }};
+
+  server_name {{ slave_parameter.get('custom_domain') }};
+
+  error_log {{ slave_parameter.get('error_log') }} error; 
+  access_log {{ slave_parameter.get('access_log') }} custom;
+
+  location / {
+        proxy_pass            {{ proxy_pass }};
+        proxy_set_header      Host $host;
+  }
+
+  location ~ /api/kernels/ {
+        proxy_pass            {{ proxy_pass }};
+        proxy_set_header      Host $host;
+        # websocket support
+        proxy_http_version    1.1;
+        proxy_set_header      Upgrade "websocket";
+        proxy_set_header      Connection "Upgrade";
+        proxy_read_timeout    86400;
+   }
+
+  location ~ /terminals/ {
+        proxy_pass            {{ proxy_pass }};
+        proxy_set_header      Host $host;
+        # websocket support
+        proxy_http_version    1.1;
+        proxy_set_header      Upgrade "websocket";
+        proxy_set_header      Connection "Upgrade";
+        proxy_read_timeout    86400;
+  }
+}
+
+server {
+  listen [{{ global_ipv6 }}]:{{ nginx_https_port }} ssl;
+  listen {{ local_ipv4 }}:{{ nginx_https_port }} ssl;
+
+  server_name {{ slave_parameter.get('custom_domain') }};
+
+  error_log {{ slave_parameter.get('error_log') }} error;
+  access_log {{ slave_parameter.get('access_log') }} custom;
+
+  ssl on;
+  
+  ssl_session_timeout 5m;
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5';
+  ssl_prefer_server_ciphers on;
+  ssl_session_cache shared:SSL:10m;
+
+{% for key, value in ssl_configuration_list -%}
+{%   if value in slave_parameter -%}
+{{ '  %s' % key }} {{ slave_parameter.get(value) }};
+{% endif -%}
+{% endfor %}
+
+  location / {
+        proxy_pass            {{ https_proxy_pass }};
+        proxy_set_header      Host $host;
+  }
+
+  location ~ /api/kernels/ {
+        proxy_pass            {{ https_proxy_pass }};
+        proxy_set_header      Host $host;
+        # websocket support
+        proxy_http_version    1.1;
+        proxy_set_header      Upgrade "websocket";
+        proxy_set_header      Connection "Upgrade";
+        proxy_read_timeout    86400;
+   }
+
+  location ~ /terminals/ {
+        proxy_pass            {{ https_proxy_pass }};
+        proxy_set_header      Host $host;
+        # websocket support
+        proxy_http_version    1.1;
+        proxy_set_header      Upgrade "websocket";
+        proxy_set_header      Connection "Upgrade";
+        proxy_read_timeout    86400;
+  }
+}
+{% endif -%}

software/caddy-frontend/templates/nginx.cfg.in

+daemon off; # run in the foreground so supervisord can look after it
+
+worker_processes $${nginx-configuration:worker_processes};
+pid $${nginx-configuration:pid-file};
+
+events {
+  worker_connections $${nginx-configuration:worker_connections};
+  # multi_accept on;
+}
+
+error_log $${nginx-configuration:error_log};
+
+http {
+
+  ##
+  # Basic Settings
+  ##
+
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+  keepalive_timeout 65;
+  types_hash_max_size 2048;
+  server_tokens off;
+
+  error_log $${nginx-configuration:error_log};
+  log_format custom '$remote_addr - $remote_user $time_local $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time';
+  access_log $${nginx-configuration:access_log} custom;
+
+  # server_names_hash_bucket_size 64;
+  # server_name_in_redirect off;
+
+  default_type application/octet-stream;
+
+  ssl_certificate $${ca-frontend:cert-file};
+  ssl_certificate_key $${ca-frontend:key-file};
+
+  ##
+  # Gzip Settings
+  ##
+  gzip on;
+  gzip_disable "msie6";
+
+  gzip_vary on;
+  gzip_proxied any;
+  gzip_comp_level 6;
+  gzip_buffers 16 8k;
+  gzip_http_version 1.1;
+  gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+  
+  ##
+  # Push stream Settings
+  ##
+  push_stream_shared_memory_size                32m;
+
+  fastcgi_temp_path  $${directory:varnginx} 1 2;
+  uwsgi_temp_path  $${directory:varnginx} 1 2;
+  scgi_temp_path  $${directory:varnginx} 1 2;
+
+  client_body_temp_path $${directory:varnginx} 1 2;
+  proxy_temp_path $${directory:varnginx} 1 2;
+
+  include $${nginx-configuration:slave-configuration-directory}/*.conf;
+
+  server {
+    listen [$${nginx-configuration:ip}]:$${nginx-configuration:plain_port};
+    listen $${nginx-configuration:local_ip}:$${nginx-configuration:plain_port};
+
+
+    ## Serve an error 204 (No Content) for favicon.ico
+    location = /favicon.ico {
+      return 204;
+    }
+
+    location / {
+      root $${apache-directory:document-root};
+      index notfound.html;
+    }
+  }
+
+  server {
+    listen [$${nginx-configuration:ip}]:$${nginx-configuration:port} ssl;
+    listen $${nginx-configuration:local_ip}:$${nginx-configuration:port} ssl;
+
+    ssl on;
+  
+    ssl_session_timeout 5m;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+
+    ## Serve an error 204 (No Content) for favicon.ico
+    location = /favicon.ico {
+      return 204;
+    }
+
+    location / {
+      root $${apache-directory:document-root};
+      index notfound.html;
+    }
+  }
+}

software/caddy-frontend/templates/notfound.html

+<html>
+<head>
+  <title>Instance not found</title>
+</head>
+<body>
+<h1>This instance has not been found.</h1>
+<p>If this error persists, please check your instance URL and status on SlapOS Master.</p>
+</body>
+</html>

software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in

+{% set part_list = [] -%}
+{% set slave_information_dict = {} -%}
+
+# regroup slave information from all frontends
+{%- for frontend, slave_list_raw in slave_information.iteritems() -%}
+{%   if slave_list_raw %}
+{%     set slave_list = json_module.loads(slave_list_raw) -%}
+{%   else %}
+{%    set slave_list = [] %}
+{%   endif %}
+{%   for slave_dict in slave_list -%}
+{%     set slave_reference = slave_dict.pop('slave-reference') %}
+{%     set log_access_url = slave_dict.pop('log-access', '') %}
+{%     set current_slave_dict = slave_information_dict.get(slave_reference, {}) %}
+{%     do current_slave_dict.update(slave_dict) -%}
+{%     set log_access_list = current_slave_dict.get('log-access-urls', []) %}
+{%     do log_access_list.append( frontend + ': ' + log_access_url) %}
+{%     do current_slave_dict.__setitem__(
+            'log-access-urls',
+            log_access_list
+            ) %}
+{%     do current_slave_dict.__setitem__(
+            'replication_number',
+            current_slave_dict.get('replication_number', 0) + 1
+            ) -%}
+{%     do slave_information_dict.__setitem__(slave_reference, current_slave_dict) -%}
+{%   endfor -%}
+{% endfor %}
+
+# Publish information for each slave
+{% for slave_reference, slave_information in slave_information_dict.iteritems() %}
+{%   set publish_section_title = 'publish-%s' % slave_reference -%}
+{%   do part_list.append(publish_section_title) -%}
+[{{ publish_section_title }}]
+recipe = slapos.cookbook:publish
+-slave-reference = {{ slave_reference }}
+log-access-url = {{ json_module.dumps(slave_information.pop('log-access-urls', 1000)) }}
+{%   for key, value in slave_information.iteritems() -%}
+{{ key }} = {{ value }}
+{%   endfor -%}
+{% endfor %}
+
+[buildout]
+parts =
+{% for part in part_list %}
+{{ '  %s' % part }}
+{% endfor %}
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
\ No newline at end of file

software/caddy-frontend/templates/template-log-access.conf.in

+{% for slave, directory in slave_log_directory.iteritems() %}
+Alias /{{slave}}/ {{directory}}/
+<Directory {{directory}}>
+  Order Deny,Allow
+  Deny from env=AUTHREQUIRED
+  <Files ".??*">
+    Order Allow,Deny
+    Deny from all
+  </Files>
+  AuthType Basic
+  AuthName "Log Access {{slave}}"
+  AuthUserFile "{{ apache_configuration_directory + '/.' + slave.upper() + '.htaccess'}}"
+  Require user {{slave.upper()}}
+  Options Indexes FollowSymLinks
+  Satisfy all
+</Directory>
+
+{% endfor %}

software/caddy-frontend/templates/trafficserver/storage.config.jinja2

+{{ ats_configuration.get("cache-path") }} {{ ats_configuration.get("disk-cache-size") }} volume={{ ats_configuration.get("hostname") }}
\ No newline at end of file

software/caddy-frontend/templates/wrapper.in

+#!${dash-output:dash}
+{{ content }}
\ No newline at end of file