Commit 093840f5 by Thomas Gambier

Update Release Candidate

2 parents d4416d1a e4d09d28
Showing 115 changed files with 105 additions and 710 deletions
......@@ -17,7 +17,7 @@ depends =
[caddy]
# revision and repository can be used to control which caddy version is used
revision = db2741c6e0a1c06340391c5b9fa282b876a33361
revision = 0c3d90ed21a4df1b5e75ff4d5f908fd3018f902c
repository = github.com/mholt/caddy/caddy
recipe = plone.recipe.command
......
......@@ -523,7 +523,6 @@ Note that in some cases promises will fail:
* not possible to request frontend slave for monitoring (monitoring frontend promise)
* no slaves present (configuration promise and others)
* no cached slave present (configuration promise and others)
* no nginx style slave present (websocket, notebook) (configuration promise and others)
This is known issue and shall be tackled soon.
......
......@@ -8,7 +8,7 @@ Generally things to be done with ``caddy-frontend``:
* **Jérome Perrin**: *For event source, if I understand https://github.com/mholt/caddy/issues/1355 correctly, we could use caddy as a proxy in front of nginx-push-stream . If we have a "central shared" caddy instance, can it handle keeping connections opens for many clients ?*
* ``check-error-on-caddy-log`` like ``check-error-on-apache-log``
* move out ``test/utils.py`` and use it from shared python distribution
* reduce the time of configuration validation (in ``instance-apache-frontend.cfg.in`` sections ``[configtest]``, ``[caddy-configuration]``, ``[nginx-configuration]``), as it is not scalable on frontend with 2000+ slaves (takes few minutes instead of few, < 5, seconds), issue posted `upstream <https://github.com/mholt/caddy/issues/2220>`_
* reduce the time of configuration validation (in ``instance-apache-frontend.cfg.in`` sections ``[configtest]``, ``[caddy-configuration]``), as it is not scalable on frontend with 2000+ slaves (takes few minutes instead of few, < 5, seconds), issue posted `upstream <https://github.com/mholt/caddy/issues/2220>`_
* drop ``6tunnel`` and use ``bind`` in Caddy configuration, as soon as multiple binds will be possible, tracked in upstream `bind: support multiple values <https://github.com/mholt/caddy/pull/2128>`_ and `ipv6: does not bind on ipv4 and ipv6 for sites that resolve to both <https://github.com/mholt/caddy/issues/864>`_
* use caddy-frontend in `standalone style playbooks <https://lab.nexedi.com/nexedi/slapos.package/tree/master/playbook/roles/standalone-shared>`_
* in ``templates/apache-custom-slave-list.cfg.in`` avoid repetetive ``part_list.append`` and use macro like in ERP5 SR (cf `Vincent's comment <https://lab.nexedi.com/nexedi/slapos/merge_requests/373#note_64362>`_)
......
......@@ -22,15 +22,15 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend]
filename = instance-apache-frontend.cfg.in
md5sum = ab5312fb5454d5358b22b000cf6ed124
md5sum = bde0f62dfe2eeef8f10b4315535095cb
[template-apache-replicate]
filename = instance-apache-replicate.cfg.in
md5sum = 37edefdb9963daa67b01e5d55d97c17d
md5sum = d62aefe002ec13875924e4c219914795
[template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
md5sum = f9efdfe7a7e3a78f0b15f414b5469316
md5sum = 75439cb035393e68c73672b224bead54
[template-slave-configuration]
filename = templates/custom-virtualhost.conf.in
......@@ -54,7 +54,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in
md5sum = b882c408202cd2dd13f619210321a528
md5sum = 0c5ef7f26a142c3ab53e835d2caa698d
[template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in
......@@ -84,18 +84,10 @@ md5sum = baf7b89cc9ab5506100b0c900808c1ea
filename = templates/trafficserver/logging.config.jinja2
md5sum = cd6bb9bd0734f17469b0ca88f8b1a531
[template-nginx-configuration]
filename = templates/nginx.cfg.in
md5sum = d4c6c585c8a7da12c16b4b8e5a1cd90a
[template-nginx-eventsource-slave-virtualhost]
filename = templates/nginx-eventsource-slave.conf.in
md5sum = 217a6c801b8330b0b825f7b8b4c77184
[template-nginx-notebook-slave-virtualhost]
filename = templates/nginx-notebook-slave.conf.in
md5sum = 982489258b9c2cafc9b52a94e7a8660f
[template-caddy-lazy-script-call]
filename = templates/apache-lazy-script-call.sh.in
md5sum = b9f73f6323f9fceea054c46c854d2862
......
......@@ -123,9 +123,6 @@ template_caddy_lazy_script_call = ${template-caddy-lazy-script-call:target}
template_default_slave_virtualhost = ${template-default-slave-virtualhost:target}
template_empty = ${template-empty:target}
template_log_access = ${template-log-access:target}
template_nging_configuration = ${template-nginx-configuration:output}
template_nginx_eventsource_slave_virtualhost = ${template-nginx-eventsource-slave-virtualhost:target}
template_nginx_notebook_slave_virtualhost = ${template-nginx-notebook-slave-virtualhost:target}
template_not_found_html = ${template-not-found-html:target}
template_slave_configuration = ${template-slave-configuration:target}
template_slave_list = ${template-slave-list:target}
......@@ -240,13 +237,6 @@ filename = storage.config.jinja2
url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
filename = logging.config.jinja2
# NGINX Configuration
[template-nginx-configuration]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/templates/nginx.cfg.in
output = ${buildout:directory}/template-nginx.cfg.in
mode = 0644
[template-caddy-lazy-script-call]
<=download-template
filename = apache-lazy-script-call.sh.in
......@@ -259,14 +249,6 @@ filename = graceful-script.sh.in
<=download-template
filename = validate-script.sh.in
[template-nginx-eventsource-slave-virtualhost]
<=download-template
filename = nginx-eventsource-slave.conf.in
[template-nginx-notebook-slave-virtualhost]
<=download-template
filename = nginx-notebook-slave.conf.in
# Migrated from KVM recipe
[http-proxy]
# https://github.com/nodejitsu/node-http-proxy
......
......@@ -11,12 +11,10 @@ parts =
directory
configtest
logrotate-entry-caddy
logrotate-entry-nginx
caddy-frontend
switch-caddy-softwaretype
caucase-updater
frontend-caddy-graceful
frontend-nginx-graceful
not-found-html
port-redirection
promise-frontend-caddy-configuration
......@@ -28,13 +26,6 @@ parts =
promise-caddy-frontend-ssl-cached
promise-caddy-is-process-older-than-dependency-set
promise-nginx-frontend-v4-https
promise-nginx-frontend-v4-http
promise-nginx-frontend-v6-https
promise-nginx-frontend-v6-http
promise-nginx-configuration
promise-nginx-is-process-older-than-dependency-set
trafficserver-launcher
trafficserver-reload
trafficserver-configuration-directory
......@@ -47,9 +38,6 @@ parts =
trafficserver-promise-listen-port
trafficserver-promise-cache-availability
## Nginx
nginx-frontend
## Monitor for Caddy
monitor-base
monitor-ats-cache-stats-wrapper
......@@ -81,10 +69,7 @@ ca-dir = ${:srv}/ssl
bbb-ssl-dir = ${:srv}/bbb-ssl
# BBB: SlapOS Master non-zero knowledge END
varnginx = ${:var}/nginx
frontend_cluster = ${:var}/frontend_cluster
nginx_cluster = ${:var}/nginx_cluster
# csr_id publication
csr_id = ${:srv}/csr_id
......@@ -168,8 +153,6 @@ template-slave-configuration = {{ parameter_dict['template_slave_configuration']
template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }}
template-cached-slave-virtualhost = {{ parameter_dict['template_cached_slave_virtualhost'] }}
caddy-location = {{ parameter_dict['caddy_location'] }}
template-nginx-eventsource-slave-virtualhost = {{ parameter_dict['template_nginx_eventsource_slave_virtualhost'] }}
template-nginx-notebook-slave-virtualhost = {{ parameter_dict['template_nginx_notebook_slave_virtualhost'] }}
[kedifa-login-config]
d = ${directory:ca-dir}
......@@ -237,7 +220,6 @@ extra-context =
key kedifa_caucase_ca_certificate kedifa-login-config:ca-certificate
key kedifa_login_certificate kedifa-login-config:certificate
key caddy_configuration_directory caddy-directory:slave-configuration
key nginx_configuration_directory caddy-directory:nginx-slave-configuration
key caddy_cached_configuration_directory caddy-directory:slave-with-cache-configuration
key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
key kedifa_updater :kedifa-updater
......@@ -257,8 +239,6 @@ extra-context =
key csr_cas_ca_certificate kedifa-login-config:cas-ca-certificate
key http_port configuration:plain_http_port
key https_port configuration:port
key nginx_http_port configuration:plain_nginx_port
key nginx_https_port configuration:nginx_port
key public_ipv4 configuration:public-ipv4
key slave_instance_list :slave_instance_list
key extra_slave_instance_list :extra_slave_instance_list
......@@ -270,20 +250,15 @@ extra-context =
key local_ipv4 :local_ipv4
key local_ipv6 :local_ipv6
key global_ipv6 slap-network-information:global-ipv6
key varnginx directory:varnginx
key empty_template software-release-path:template-empty
key template_custom_slave_configuration software-release-path:template-slave-configuration
key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
key template_cached_slave_configuration software-release-path:template-cached-slave-virtualhost
key template_eventsource_slave_configuration software-release-path:template-nginx-eventsource-slave-virtualhost
key template_notebook_slave_configuration software-release-path:template-nginx-notebook-slave-virtualhost
key software_type :software_type
key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered
key frontend_graceful_reload caddy-configuration:frontend-graceful-command
key nginx_graceful_reload nginx-configuration:nginx-graceful-command
section frontend_configuration frontend-configuration
section caddy_configuration caddy-configuration
section nginx_configuration nginx-configuration
key monitor_base_url monitor-instance-parameter:monitor-base-url
key plugin_directory directory:plugin
key promise_directory directory:promises
......@@ -388,7 +363,6 @@ slave-with-cache-configuration = ${directory:etc}/caddy-slave-with-cache-conf.d/
cache = ${directory:var}/cache
mod-ssl = ${:cache}/httpd_mod_ssl
slave-log = ${directory:log}/httpd
nginx-slave-configuration = ${directory:etc}/nginx-slave-conf.d/
autocert = ${directory:srv}/autocert
master-autocert-dir = ${:autocert}/master-autocert
custom-ssl-directory = ${:slave-configuration}/ssl
......@@ -444,13 +418,6 @@ rotate-num = 30
# or access log, and that this will trigger postrotate script.
post = ${frontend-caddy-lazy-graceful:rendered} &
[logrotate-entry-nginx]
<= logrotate-entry-base
name = caddy-nginx
log = ${nginx-configuration:error_log} ${nginx-configuration:access_log}
rotate-num = 30
post = ${nginx-configuration:nginx-graceful-command}
#################
# Trafficserver
#################
......@@ -593,20 +560,6 @@ extra-context =
key sha256sum :sha256sum
key signature_file :signature_file
[frontend-nginx-graceful]
< = jinja2-template-base
template = {{ parameter_dict['template_graceful_script'] }}
rendered = ${directory:etc-run}/frontend-nginx-safe-graceful
mode = 0700
path_list = ${dynamic-nginx-frontend-template:rendered} ${caddy-directory:nginx-slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
sha256sum = {{ parameter_dict['sha256sum'] }}
signature_file = ${directory:run}/nginx_graceful_signature
extra-context =
key graceful_reload_command nginx-configuration:nginx-graceful-command
key path_list :path_list
key sha256sum :sha256sum
key signature_file :signature_file
[frontend-caddy-validate]
< = jinja2-template-base
template = {{ parameter_dict['template_validate_script'] }}
......@@ -620,19 +573,6 @@ extra-context =
key sha256sum :sha256sum
key signature_file :signature_file
[frontend-nginx-validate]
< = jinja2-template-base
template = {{ parameter_dict['template_validate_script'] }}
rendered = ${directory:bin}/frontend-nginx-validate
mode = 0700
sha256sum = {{ parameter_dict['sha256sum'] }}
signature_file = ${directory:run}/nginx_validate_signature
extra-context =
key wrapper nginx-wrapper:wrapper-path
key path_list frontend-nginx-graceful:path_list
key sha256sum :sha256sum
key signature_file :signature_file
[frontend-caddy-lazy-graceful]
< = jinja2-template-base
template = {{ parameter_dict['template_caddy_lazy_script_call'] }}
......@@ -759,104 +699,6 @@ module = check_url_available
name = re6st-connectivity.py
config-url = ${configuration:re6st-verification-url}
#######################
# Nginx
#
[nginx-wrapper]
recipe = slapos.cookbook:wrapper
environment =
CADDYPATH=${directory:nginx_cluster}
command-line = {{ parameter_dict['caddy'] }}
-conf ${dynamic-nginx-frontend-template:rendered}
-log ${nginx-configuration:error_log}
-log-roll-mb 0
{% if instance_parameter['configuration.global-disable-http2'].lower() in TRUE_VALUES %}
-http2=false
{% else %}
-http2=true
{% endif %}
-grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s
-disable-http-challenge
-disable-tls-alpn-challenge
wrapper-path = ${directory:bin}/nginx-wrapper
[nginx-frontend]
recipe = slapos.cookbook:wrapper
command-line = ${nginx-wrapper:wrapper-path} -pidfile ${nginx-configuration:pid-file}
wrapper-path = ${directory:service}/frontend_nginx
hash-files = ${buildout:directory}/software_release/buildout.cfg
[dynamic-nginx-frontend-template]
< = jinja2-template-base
template = {{ parameter_dict['template_nging_configuration'] }}
rendered = ${directory:etc}/nginx.cfg
mode = 0600
extra-context =
key port nginx-configuration:port
key local_ip nginx-configuration:local_ip
key plain_port nginx-configuration:plain_port
key slave_configuration_directory nginx-configuration:slave-configuration-directory
key error_log nginx-configuration:error_log
key access_log nginx-configuration:access_log
key not_found_file caddy-configuration:not-found-file
key master_certificate caddy-configuration:master-certificate
# BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:rendered
# BBB: SlapOS Master non-zero knowledge END
[nginx-configuration]
access_log = ${directory:log}/nginx-access.log
error_log = ${directory:log}/nginx-error.log
ip = ${slap-network-information:global-ipv6}
local_ip = ${slap-network-information:local-ipv4}
port = ${configuration:nginx_port}
plain_port = ${configuration:plain_nginx_port}
worker_processes = 4
worker_connections = 1024
slave-configuration-directory = ${caddy-directory:nginx-slave-configuration}
pid-file = ${directory:run}/nginx.pid
nginx-graceful-command = ${:nginx-configuration-verification} && kill -USR1 $(cat ${:pid-file})
nginx-configuration-verification = ${frontend-nginx-validate:rendered}
[promise-nginx-configuration]
<= promise-plugin-base
module = validate_frontend_configuration
name = nginx-configuration-promise.py
config-verification-script = ${nginx-configuration:nginx-configuration-verification}
[promise-nginx-frontend-v4-https]
<= promise-plugin-base
module = check_port_listening
name = nginx_frontend_ipv4_https.py
config-hostname = {{ instance_parameter['ipv4-random'] }}
config-port = ${configuration:nginx_port}
[promise-nginx-frontend-v4-http]
<= promise-plugin-base
module = check_port_listening
name = nginx_frontend_ipv4_http.py
config-hostname = {{ instance_parameter['ipv4-random'] }}
config-port = ${configuration:plain_nginx_port}
[promise-nginx-frontend-v6-https]
<= promise-plugin-base
module = check_port_listening
name = nginx_frontend_ipv6_https.py
config-hostname = {{ instance_parameter['ipv6-random'] }}
config-port = ${configuration:nginx_port}
[promise-nginx-frontend-v6-http]
<= promise-plugin-base
module = check_port_listening
name = nginx_frontend_ipv6_http.py
config-hostname = {{ instance_parameter['ipv6-random'] }}
config-port = ${configuration:plain_nginx_port}
[promise-nginx-is-process-older-than-dependency-set]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['bin_directory'] }}/is-process-older-than-dependency-set ${nginx-configuration:pid-file}
wrapper-path = ${directory:promise}/promise-nginx-is-process-older-than-dependency-set
[port-redirection]
<= jinja2-template-base
template = inline:
......
......@@ -79,6 +79,12 @@ context =
{% set slave_error_list = [] %}
{% set slave_warning_list = [] %}
{% set slave_server_alias_unclashed = [] %}
{% set slave_type = slave.get('type') %}
{% if slave_type == 'eventsource' %}
{% do slave_error_list.append('type:eventsource is not implemented') %}
{% elif slave_type not in [None, '', 'default', 'zope', 'redirect', 'notebook', 'websocket'] %}
{% do slave_error_list.append('type:%s is not supported' % (slave_type,)) %}
{% endif %}
{# BBB: apache_custom_https AND apache_custom_http #}
{% set custom_domain = slave.get('custom_domain') %}
{% if custom_domain and custom_domain in used_host_list %}
......
......@@ -46,7 +46,7 @@
"nginx-domain": {
"description": "Base Domain for create subdomains (ie.: example2.com) for websocket, notebook and eventsource.",
"pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$",
"title": "Nginx Domain",
"title": "[NOT IMPLEMENTED] Nginx Domain",
"type": "string"
},
"public-ipv4": {
......
......@@ -107,6 +107,22 @@
"title": "type:zope Backend Path",
"type": "string"
},
"websocket-path-list": {
"default": "",
"description": "Space separated list of path to the websocket application. If not set the whole slave will be websocket, if set then / will be HTTP, and /<websocket-path> will be WSS. In order to have ' ' in the space use '%20'",
"title": "type:websocket Websocket Application Path List",
"type": "string"
},
"websocket-transparent": {
"default": "true",
"description": "If set to false, websocket slave will be without Caddy's transparent proxy mode. Depending on the application the setting shall be false or true. Defaults to true for transparent proxying.",
"enum": [
"false",
"true"
],
"title": "type:websocket Transparent proxy",
"type": "string"
},
"prefer-gzip-encoding-to-backend": {
"default": "false",
"description": "If set to true, frontend will rewrite Accept-Encoding request header to simply 'gzip' for all variants of Accept-Encoding containing 'gzip', in order to maximize cache hits for resources cached with Vary: Accept-Encoding when enable_cache is used",
......@@ -148,12 +164,13 @@
},
"type": {
"default": "",
"description": "Type of slave. If redirect, the slave will redirect to the given url. If zope, the rewrite rules will be compatible with Virtual Host Monster. Implemented are default, zope and redirect, not implemneted are notebook and eventsource.",
"description": "Type of slave. If redirect, the slave will redirect to the given url. If zope, the rewrite rules will be compatible with Virtual Host Monster. Implemented are default, zope, redirect, notebook and websocket, not implemneted is eventsource.",
"enum": [
"",
"zope",
"redirect",
"notebook",
"websocket",
"eventsource"
],
"title": "Backend Type",
......
......@@ -9,7 +9,7 @@
},
"type": {
"default": "",
"description": "Type of slave. If redirect, the slave will redirect to the given url. If zope, the rewrite rules will be compatible with Virtual Host Monster. Implemented are default, zope and redirect, not implemneted are notebook and eventsource.",
"description": "Type of slave. If redirect, the slave will redirect to the given url. If zope, the rewrite rules will be compatible with Virtual Host Monster. Implemented are default, zope, redirect, notebook and websocket, not implemneted is eventsource.",
"enum": [
"",
"zope"
......
......@@ -9,7 +9,6 @@
{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) %}
{% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) %}
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{% set NGINX_TYPE_LIST = ['eventsource', 'notebook'] %}
{% set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': local_ipv4, 'http_port': http_port, 'https_port': https_port} %}
{% set slave_log_dict = {} %}
{% if extra_slave_instance_list %}
......@@ -98,11 +97,7 @@ output = {{ plugin_directory }}/${:name}
{# Set slave domain if none was defined #}
{% if slave_instance.get('custom_domain', None) == None %}
{% set domain_prefix = slave_instance.get('slave_reference').replace("-", "").replace("_", "").lower() %}
{% if slave_type in NGINX_TYPE_LIST %}
{% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('nginx-domain', slapparameter_dict.get('domain')))) %}
{% else %}
{% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) %}
{% endif %}
{% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) %}
{% endif %}
{% set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') %}
......@@ -223,8 +218,6 @@ certificate = {{ certificate }}
https_port = {{ dumps('' ~ https_port) }}
http_port = {{ dumps('' ~ http_port) }}
local_ipv4 = {{ dumps('' ~ local_ipv4) }}
nginx_http_port = {{ dumps('' ~ nginx_http_port) }}
nginx_https_port = {{ dumps('' ~ nginx_https_port) }}
cached_port = {{ dumps('' ~ cached_port) }}
ssl_cached_port = {{ ('' ~ ssl_cached_port) }}
{# BBB: apache_custom_https and apache_custom_http #}
......@@ -251,26 +244,20 @@ caddy_custom_https = {{ dumps(caddy_custom_https) }}
[{{ slave_section_title }}]
< = jinja2-template-base
{% if slave_type in NGINX_TYPE_LIST %}
rendered = {{ nginx_configuration_directory }}/${:filename}
{% else %}
rendered = {{ caddy_configuration_directory }}/${:filename}
{% endif %}
{% if caddy_custom_http or caddy_custom_https %}
template = {{ template_custom_slave_configuration }}
{% elif slave_type == 'eventsource' %}
template = {{ template_eventsource_slave_configuration }}
{% elif slave_type == 'notebook' %}
template = {{ template_notebook_slave_configuration }}
extra-context =
section slave_parameter {{ slave_configuration_section_name }}
{% else %}
template = {{ template_default_slave_configuration }}
extra-context =
section slave_parameter {{ slave_configuration_section_name }}
import urllib_module urllib
{% endif %}
filename = {{ '%s.conf' % slave_reference }}
extra-context =
section slave_parameter {{ slave_configuration_section_name }}
{{ '\n' }}
......@@ -407,16 +394,6 @@ ipv6-port = {{ cached_port }}
ipv4-port = {{ ssl_cached_port }}
ipv6-port = {{ ssl_cached_port }}
[tunnel-6to4-base-nginx_http_port]
<= tunnel-6to4-base
ipv4-port = {{ nginx_http_port }}
ipv6-port = {{ nginx_http_port }}
[tunnel-6to4-base-nginx_https_port]
<= tunnel-6to4-base
ipv4-port = {{ nginx_https_port }}
ipv6-port = {{ nginx_https_port }}
{# Define log access #}
[caddy-log-access-parameters]
caddy_log_directory = {{ dumps(caddy_log_directory) }}
......@@ -458,7 +435,7 @@ command-line = {{ kedifa_updater }}
--server-ca-certificate {{ kedifa_caucase_ca_certificate }}
--identity {{ kedifa_login_certificate }}
--master-certificate {{ master_certificate }}
--on-update "{{ frontend_graceful_reload }} ; {{ nginx_graceful_reload }}"
--on-update "{{ frontend_graceful_reload }}"
${kedifa-updater-mapping:file}
{{ kedifa_updater_state_file }}
......@@ -498,8 +475,6 @@ parts +=
tunnel-6to4-base-https_port
tunnel-6to4-base-cached_port
tunnel-6to4-base-ssl_cached_port
tunnel-6to4-base-nginx_http_port
tunnel-6to4-base-nginx_https_port
expose-csr_id
cache-access = {{ cache_access }}
......
{%- set url = slave_parameter.get('url') %}
{%- set https_url = slave_parameter.get('https-url', url) %}
{%- if url.startswith("http://") or url.startswith("https://") %}
{%- set upstream = url.split("/")[2] %}
{%- set https_upstream = https_url.split("/")[2] %}
# SSL-enabled
https://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_https_port'] }} {
bind {{ slave_parameter['local_ipv4'] }}
# Compress the output
gzip
log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ slave_parameter.get('error_log') }} {
rotate_size 0
}
tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} {
alpn http/1.1
}
proxy / {{ https_upstream }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
transparent
insecure_skip_verify
}
rewrite {
regexp "/(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/?"
to /proxy/{1}
}
proxy /proxy/ {{ https_upstream }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
header_upstream X-Real-IP {remote}
header_upstream Host {host}
websocket
without /proxy/
insecure_skip_verify
}
}
# SSL-disabled
http://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_http_port'] }} {
bind {{ slave_parameter['local_ipv4'] }}
# Compress the output
gzip
log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ slave_parameter.get('error_log') }} {
rotate_size 0
}
proxy / {{ upstream }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
transparent
insecure_skip_verify
}
rewrite {
regexp "/(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/?"
to /proxy/{1}
}
proxy /proxy/ {{ upstream }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
header_upstream X-Real-IP {remote}
header_upstream Host {host}
websocket
without /proxy/
insecure_skip_verify
}
}
{%- endif %}
# TODO-Caddy worker_processes $${nginx-configuration:worker_processes};
# TODO-Caddy events {
# TODO-Caddy worker_connections $${nginx-configuration:worker_connections};
# TODO-Caddy # multi_accept on;
# TODO-Caddy }
# TODO-Caddy http {
##
# Basic Settings
##
# TODO-Caddy sendfile on;
# TODO-Caddy tcp_nopush on;
# TODO-Caddy tcp_nodelay on;
# TODO-Caddy keepalive_timeout 65;
# TODO-Caddy types_hash_max_size 2048;
# TODO-Caddy server_tokens off;
# TODO-Caddy log_format custom '$remote_addr - $remote_user $time_local $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time';
# TODO-Caddy access_log $${nginx-configuration:access_log} custom;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
# TODO-Caddy default_type application/octet-stream;
# TODO-Caddy ssl_certificate $${ca-frontend:cert-file};
# TODO-Caddy ssl_certificate_key $${ca-frontend:key-file};
##
# Gzip Settings
##
# TODO-Caddy gzip on;
# TODO-Caddy gzip_disable "msie6";
# TODO-Caddy gzip_vary on;
# TODO-Caddy gzip_proxied any;
# TODO-Caddy gzip_comp_level 6;
# TODO-Caddy gzip_buffers 16 8k;
# TODO-Caddy gzip_http_version 1.1;
# TODO-Caddy gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# Push stream Settings
##
# TODO-Caddy push_stream_shared_memory_size 32m;
# TODO-Caddy fastcgi_temp_path $${directory:varnginx} 1 2;
# TODO-Caddy uwsgi_temp_path $${directory:varnginx} 1 2;
# TODO-Caddy scgi_temp_path $${directory:varnginx} 1 2;
# TODO-Caddy client_body_temp_path $${directory:varnginx} 1 2;
# TODO-Caddy proxy_temp_path $${directory:varnginx} 1 2;
# TODO-Caddy }
import {{ slave_configuration_directory }}/*.conf
# Catch-all and 404 for not configured instances
:{{ port }} {
tls {{ master_certificate }} {{ master_certificate }}
bind {{ local_ip }}
# Serve an error 204 (No Content) for favicon.ico
status 204 /favicon.ico
status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ error_log }} {
rotate_size 0
* {{ not_found_file }}
}
}
:{{ plain_port }} {
bind {{ local_ip }}
# Serve an error 204 (No Content) for favicon.ico
status 204 /favicon.ico
status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ error_log }} {
rotate_size 0
* {{ not_found_file }}
}
}
......@@ -15,10 +15,5 @@ T-2/etc/plugin/check-free-disk-space.py: OK
T-2/etc/plugin/frontend-caddy-configuration-promise.py: ERROR
T-2/etc/plugin/monitor-bootstrap-status.py: OK
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-2/etc/plugin/nginx-configuration-promise.py: ERROR
T-2/etc/plugin/nginx_frontend_ipv4_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-2/etc/promise/promise-nginx-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
......@@ -10,8 +10,6 @@ T-1:kedifa-{hash}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-2:6tunnel-11080-{hash}-on-watch STOPPED
T-2:6tunnel-11443-{hash}-on-watch STOPPED
T-2:6tunnel-12080-{hash}-on-watch STOPPED
T-2:6tunnel-12443-{hash}-on-watch STOPPED
T-2:6tunnel-26011-{hash}-on-watch STOPPED
T-2:6tunnel-26012-{hash}-on-watch STOPPED
T-2:bootstrap-monitor STOPPED
......@@ -19,9 +17,7 @@ T-2:certificate_authority-{hash}-on-watch STOPPED
T-2:crond-{hash}-on-watch STOPPED
T-2:expose-csr_id-{hash}-on-watch STOPPED
T-2:frontend-caddy-safe-graceful STOPPED
T-2:frontend-nginx-safe-graceful STOPPED
T-2:frontend_caddy-{hash}-on-watch STOPPED
T-2:frontend_nginx-{hash}-on-watch STOPPED
T-2:kedifa-login-certificate-caucase-updater-on-watch STOPPED
T-2:kedifa-updater-{hash}-on-watch STOPPED
T-2:monitor-httpd-{hash}-on-watch STOPPED
......
......@@ -7,7 +7,5 @@ T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_site_1_access_log
T-2/var/log/httpd/_site_1_error_log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/nginx-access.log
T-2/var/log/nginx-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
\ No newline at end of file
......@@ -6,8 +6,4 @@ T-2/var/run/caddy_validate_signature
T-2/var/run/caddy_validate_signature.status
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/monitor/monitor-bootstrap.pid
T-2/var/run/nginx.pid
T-2/var/run/nginx_graceful_signature
T-2/var/run/nginx_validate_signature
T-2/var/run/nginx_validate_signature.status
\ No newline at end of file
T-2/var/run/monitor/monitor-bootstrap.pid
\ No newline at end of file
......@@ -15,10 +15,5 @@ T-2/etc/plugin/check-free-disk-space.py: OK
T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
T-2/etc/plugin/monitor-bootstrap-status.py: OK
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-2/etc/plugin/nginx-configuration-promise.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-2/etc/promise/promise-nginx-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
......@@ -10,8 +10,6 @@ T-1:kedifa-{hash}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-2:6tunnel-11080-{hash}-on-watch RUNNING
T-2:6tunnel-11443-{hash}-on-watch RUNNING
T-2:6tunnel-12080-{hash}-on-watch RUNNING
T-2:6tunnel-12443-{hash}-on-watch RUNNING
T-2:6tunnel-26011-{hash}-on-watch RUNNING
T-2:6tunnel-26012-{hash}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
......@@ -19,9 +17,7 @@ T-2:certificate_authority-{hash}-on-watch RUNNING
T-2:crond-{hash}-on-watch RUNNING
T-2:expose-csr_id-{hash}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING
......
......@@ -11,7 +11,5 @@ T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/nginx-access.log
T-2/var/log/nginx-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
\ No newline at end of file
......@@ -6,8 +6,4 @@ T-2/var/run/caddy_validate_signature
T-2/var/run/caddy_validate_signature.status
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/monitor/monitor-bootstrap.pid
T-2/var/run/nginx.pid
T-2/var/run/nginx_graceful_signature
T-2/var/run/nginx_validate_signature
T-2/var/run/nginx_validate_signature.status
\ No newline at end of file
T-2/var/run/monitor/monitor-bootstrap.pid
\ No newline at end of file
......@@ -19,10 +19,5 @@ T-2/etc/plugin/check-free-disk-space.py: OK
T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
T-2/etc/plugin/monitor-bootstrap-status.py: OK
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-2/etc/plugin/nginx-configuration-promise.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-2/etc/promise/promise-nginx-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
......@@ -10,8 +10,6 @@ T-1:kedifa-{hash}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-2:6tunnel-11080-{hash}-on-watch RUNNING
T-2:6tunnel-11443-{hash}-on-watch RUNNING
T-2:6tunnel-12080-{hash}-on-watch RUNNING
T-2:6tunnel-12443-{hash}-on-watch RUNNING
T-2:6tunnel-26011-{hash}-on-watch RUNNING
T-2:6tunnel-26012-{hash}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
......@@ -19,9 +17,7 @@ T-2:certificate_authority-{hash}-on-watch RUNNING
T-2:crond-{hash}-on-watch RUNNING
T-2:expose-csr_id-{hash}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING