apache-frontend: Merge Cache and Non-cache configuration

  Use a single apache server to handle cache and normal apache configurations. With trafficserver,
  the access would follow the model:

    Apache > Traffic Server > Apache 'Cache' > Backend

  Now the configuration changed to:

    Apache > Traffic Server > Apache (same as before) > Backend

  This simplify the amount of apache process to manage on the frontend.

software/apache-frontend/common.cfg

@@ -84,19 +84,7 @@ mode = 640
 [template-apache-frontend-configuration]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/templates/apache.conf.in
-md5sum = 8ff17b2a0d0495ec935e378f3976de71
-mode = 640
-
-[template-apache-cached-configuration]
-recipe = slapos.recipe.build:download
-url = ${:_profile_base_location_}/templates/apache_cached.conf.in
-md5sum = 86dcbdc0874d3c1b8971b76b70c4df65
-mode = 640
-
-[template-rewrite-cached]
-recipe = slapos.recipe.build:download
-url = ${:_profile_base_location_}/templates/apache_cached_rewrite.txt.in
-md5sum = 2f30af4f9da340c2b0618599da03ed4b
+md5sum = 7d5f0f38e4dd81ff26f2499890b13315
 mode = 640
 
 [template-custom-slave-list]

software/apache-frontend/instance-apache-frontend.cfg

@@ -8,22 +8,18 @@ parts =
   ca-frontend
   certificate-authority
   logrotate-entry-apache
-  logrotate-entry-apache-cached
   apache-frontend
-  apache-cached
   switch-apache-softwaretype
   frontend-apache-graceful
-  cached-apache-graceful
   dynamic-template-default-vh
   not-found-html
   promise-frontend-apache-configuration
-  promise-cached-apache-configuration
   promise-apache-frontend-v4-https
   promise-apache-frontend-v4-http
   promise-apache-frontend-v6-https
   promise-apache-frontend-v6-http
-  promise-apache-cached
-  promise-apache-ssl-cached
+  promise-apache-frontend-cached
+  promise-apache-frontend-ssl-cached 
 
   trafficserver-launcher
   trafficserver-reload
@@ -144,6 +140,7 @@ extensions = jinja2.ext.do
 extra-context =
     key apache_configuration_directory apache-directory:slave-configuration
     key apache_cached_configuration_directory apache-directory:slave-with-cache-configuration
+    key slave_with_cache_configuration_directory apache-directory:slave-with-cache-configuration
     key cached_port apache-configuration:cache-through-port
     key ssl_cached_port apache-configuration:ssl-cache-through-port
     key http_port instance-parameter:configuration.plain_http_port
@@ -151,7 +148,6 @@ extra-context =
     key public_ipv4 instance-parameter:configuration.public-ipv4
     key slave_instance_list instance-parameter:slave-instance-list
     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
-    key rewrite_cached_configuration apache-configuration:cached-rewrite-file
     key custom_ssl_directory apache-directory:vh-ssl
     key apache_log_directory apache-directory:slave-log
     key local_ipv4 instance-parameter:ipv4-random
@@ -204,6 +200,9 @@ extra-context =
     key error_log apache-configuration:error-log
     key pid_file apache-configuration:pid-file
     key slave_configuration_directory apache-directory:slave-configuration
+    key cached_port apache-configuration:cache-through-port
+    key ssl_cached_port apache-configuration:ssl-cache-through-port
+    key slave_with_cache_configuration_directory apache-directory:slave-with-cache-configuration
     section frontend_configuration frontend-configuration
 
 [apache-frontend]
@@ -214,41 +213,6 @@ wait-for-files =
 	       $${ca-frontend:cert-file}
 	       $${ca-frontend:key-file}
 
-# Deploy Apache for cached website
-[dynamic-apache-cached-template]
-< = jinja2-template-base
-template = ${template-apache-cached-configuration:target}
-rendered = $${apache-configuration:cached-configuration}
-extra-context =
-    raw httpd_home ${apache-2.2:location}
-    key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
-    key domain instance-parameter:configuration.domain
-    key document_root apache-directory:document-root
-    key instance_home buildout:directory
-    key ipv4_addr instance-parameter:ipv4-random
-    key cached_port apache-configuration:cache-through-port
-    key ssl_cached_port apache-configuration:ssl-cache-through-port
-    key server_admin instance-parameter:configuration.server-admin
-    key protected_path apache-configuration:protected-path
-    key access_control_string apache-configuration:access-control-string
-    key login_certificate ca-frontend:cert-file
-    key login_key ca-frontend:key-file
-    key ca_dir  certificate-authority:ca-dir
-    key ca_crl certificate-authority:ca-crl
-    key access_log apache-configuration:cache-access-log
-    key error_log apache-configuration:cache-error-log
-    key pid_file apache-configuration:cache-pid-file
-    key slave_with_cache_configuration_directory apache-directory:slave-with-cache-configuration
-    key apachecachedmap_path apache-configuration:cached-rewrite-file
-
-[apache-cached]
-recipe = slapos.cookbook:wrapper
-command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-cached-template:rendered} -DFOREGROUND
-wrapper-path = $${directory:service}/frontend_cached_apache
-wait-for-files =
-	       $${ca-frontend:cert-file}
-	       $${ca-frontend:key-file}
-
 [not-found-html]
 recipe = slapos.cookbook:symbolic.link
 target-directory = $${apache-directory:document-root}
@@ -267,22 +231,13 @@ slave-log = $${directory:log}/httpd
 
 [apache-configuration]
 frontend-configuration = $${directory:etc}/apache_frontend.conf
-cached-configuration = $${directory:etc}/apache_frontend_cached.conf
 access-log = $${directory:log}/frontend-apache-access.log
 error-log = $${directory:log}/frontend-apache-error.log
 pid-file = $${directory:run}/httpd.pid
 protected-path = /
 access-control-string = none
-cached-rewrite-file = $${directory:etc}/apache_rewrite_cached.txt
 frontend-configuration-verification = ${apache-2.2:location}/bin/httpd -Sf $${:frontend-configuration} > /dev/null
 frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi
-cached-configuration-verification = ${apache-2.2:location}/bin/httpd -Sf $${:cached-configuration} > /dev/null
-cached-graceful-command = $${:cached-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${apache-configuration:cache-pid-file}); fi
-
-# Apache for cache configuration
-cache-access-log = $${directory:log}/frontend-apache-access-cached.log
-cache-error-log = $${directory:log}/frontend-apache-error-cached.log
-cache-pid-file = $${directory:run}/httpd-cached.pid
 
 # Comunication with ats
 cache-port = $${trafficserver-variable:input-port}
@@ -486,14 +441,6 @@ mode = 0700
 extra-context =
     key content apache-configuration:frontend-graceful-command
 
-[cached-apache-graceful]
-< = jinja2-template-base
-template = ${template-wrapper:output}
-rendered = $${directory:etc-run}/cached-apache-safe-graceful
-mode = 0700
-extra-context =
-    key content apache-configuration:cached-graceful-command
-
 # Promises checking configuration:
 [promise-frontend-apache-configuration]
 < = jinja2-template-base
@@ -503,14 +450,6 @@ mode = 0700
 extra-context =
     key content apache-configuration:frontend-configuration-verification
 
-[promise-cached-apache-configuration]
-< = jinja2-template-base
-template = ${template-wrapper:output}
-rendered = $${directory:promise}/cached-apache-configuration-promise
-mode = 0700
-extra-context =
-    key content apache-configuration:cached-configuration-verification
-
 [promise-apache-frontend-v4-https]
 recipe = slapos.cookbook:check_port_listening
 path = $${directory:promise}/apache_frontend_ipv4_https
@@ -535,13 +474,13 @@ path = $${directory:promise}/apache_frontend_ipv6_http
 hostname = $${instance-parameter:ipv6-random}
 port = $${instance-parameter:configuration.plain_http_port}
 
-[promise-apache-cached]
+[promise-apache-frontend-cached]
 recipe = slapos.cookbook:check_port_listening
 path = $${directory:promise}/apache_cached
 hostname = $${instance-parameter:ipv4-random}
 port = $${apache-configuration:cache-through-port}
 
-[promise-apache-ssl-cached]
+[promise-apache-frontend-ssl-cached]
 recipe = slapos.cookbook:check_port_listening
 path = $${directory:promise}/apache_ssl_cached
 hostname = $${instance-parameter:ipv4-random}

software/apache-frontend/templates/apache.conf.in

@@ -7,6 +7,8 @@ ServerName {{ domain }}
 DocumentRoot {{ document_root }}
 ServerRoot {{ instance_home }}
 
+{{ "Listen %s:%s" % (ipv4_addr, cached_port)  }}
+{{ "Listen %s:%s" % (ipv4_addr, ssl_cached_port)  }}
 {% for ip in (ipv4_addr, "[%s]" % ipv6_addr) -%}
 {%   for port in (http_port, https_port) -%}
 {{ "Listen %s:%s" % (ip, port)  }}
@@ -138,5 +140,9 @@ NameVirtualHost *:{{ http_port }}
 NameVirtualHost *:{{ https_port }}
 include {{ slave_configuration_directory }}/*.conf
 
+NameVirtualHost *:{{ cached_port }}
+NameVirtualHost *:{{ ssl_cached_port }}
+include {{ slave_with_cache_configuration_directory }}/*.conf
+
 ErrorDocument 404 /notfound.html
 RewriteRule (.*) /notfound.html [R=404,L]

software/apache-frontend/templates/apache_cached.conf.in

-# Apache configuration file for Zope
-# Automatically generated
-
-# Basic server configuration
-PidFile "{{ pid_file }}"
-ServerName {{ domain }}
-DocumentRoot {{ document_root }}
-ServerRoot {{ instance_home }}
-
-{{ "Listen %s:%s" % (ipv4_addr, cached_port)  }}
-{{ "Listen %s:%s" % (ipv4_addr, ssl_cached_port)  }}
-
-
-ServerAdmin {{ server_admin }}
-DefaultType text/plain
-TypesConfig {{ httpd_home }}/conf/mime.types
-AddType application/x-compress .Z
-AddType application/x-gzip .gz .tgz
-
-# As backend is trusting REMOTE_USER header unset it always
-RequestHeader unset REMOTE_USER
-
-ServerTokens Prod
-
-# Log configuration
-ErrorLog "{{ error_log }}"
-LogLevel info
-# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b" common
-# CustomLog "{{ access_log }}" common
-LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
-CustomLog "{{ access_log }}" combined
-
-<Directory {{ protected_path }}>
-  Order Deny,Allow
-  Allow from {{ access_control_string }}
-</Directory>
-
-<Directory {{ document_root }}>
-  Order Allow,Deny
-  Allow from All
-</Directory>
-
-# List of modules
-#LoadModule unixd_module modules/mod_unixd.so
-#LoadModule access_compat_module modules/mod_access_compat.so
-#LoadModule authz_core_module modules/mod_authz_core.so
-LoadModule authz_host_module  {{ httpd_home }}/modules/mod_authz_host.so
-LoadModule log_config_module  {{ httpd_home }}/modules/mod_log_config.so
-LoadModule deflate_module     {{ httpd_home }}/modules/mod_deflate.so
-LoadModule setenvif_module    {{ httpd_home }}/modules/mod_setenvif.so
-LoadModule version_module     {{ httpd_home }}/modules/mod_version.so
-LoadModule proxy_module       {{ httpd_home }}/modules/mod_proxy.so
-LoadModule proxy_http_module  {{ httpd_home }}/modules/mod_proxy_http.so
-LoadModule ssl_module         {{ httpd_home }}/modules/mod_ssl.so
-LoadModule mime_module        {{ httpd_home }}/modules/mod_mime.so
-LoadModule dav_module         {{ httpd_home }}/modules/mod_dav.so
-LoadModule dav_fs_module      {{ httpd_home }}/modules/mod_dav_fs.so
-LoadModule negotiation_module {{ httpd_home }}/modules/mod_negotiation.so
-LoadModule rewrite_module     {{ httpd_home }}/modules/mod_rewrite.so
-LoadModule headers_module     {{ httpd_home }}/modules/mod_headers.so
-LoadModule cache_module       {{ httpd_home }}/modules/mod_cache.so
-LoadModule mem_cache_module   {{ httpd_home }}/modules/mod_mem_cache.so
-LoadModule antiloris_module   {{ httpd_home }}/modules/mod_antiloris.so
-
-# The following directives modify normal HTTP response behavior to
-# handle known problems with browser implementations.
-BrowserMatch "Mozilla/2" nokeepalive
-BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
-                        downgrade-1.0 force-response-1.0
-BrowserMatch "RealPlayer 4\.0" force-response-1.0
-BrowserMatch "Java/1\.0" force-response-1.0
-BrowserMatch "JDK/1\.0" force-response-1.0
-# The following directive disables redirects on non-GET requests for
-# a directory that does not include the trailing slash.  This fixes a
-# problem with Microsoft WebFolders which does not appropriately handle
-# redirects for folders with DAV methods.
-# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
-BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
-BrowserMatch "MS FrontPage" redirect-carefully
-BrowserMatch "^WebDrive" redirect-carefully
-BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
-BrowserMatch "^gnome-vfs" redirect-carefully
-BrowserMatch "^XML Spy" redirect-carefully
-BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
-
-# Cache directives
-CacheEnable mem /
-CacheDefaultExpire 3600
-MCacheSize 8192
-MCacheMaxObjectCount 1000
-MCacheMaxObjectSize 8192
-MCacheRemovalAlgorithm LRU
-
-# Deflate
-AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
-BrowserMatch ^Mozilla/4 gzip-only-text/html
-BrowserMatch ^Mozilla/4\.0[678] no-gzip
-BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
-
-# SSL Configuration
-SSLCertificateFile {{ login_certificate }}
-SSLCertificateKeyFile {{ login_key }}
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
-SSLSessionCacheTimeout  300
-SSLRandomSeed startup /dev/urandom 256
-SSLRandomSeed connect builtin
-SSLProtocol all -SSLv2 -SSLv3
-SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
-SSLHonorCipherOrder on
-
-<FilesMatch "\.(cgi|shtml|phtml|php)$">
-      SSLOptions +StdEnvVars
-</FilesMatch>
-# Accept proxy to sites using self-signed SSL certificates
-SSLProxyCheckPeerCN off
-SSLProxyCheckPeerExpire off
-
-NameVirtualHost *:{{ cached_port }}
-NameVirtualHost *:{{ ssl_cached_port }}
-
-include {{ slave_with_cache_configuration_directory }}/*.conf
-
-ErrorDocument 404 /notfound.html
-RewriteRule (.*) /notfound.html [R=404,L]
-

software/apache-frontend/templates/apache_cached_rewrite.txt.in

-{% for server_tuple in server_dict.items() -%}
-{{ "%s %s" % server_tuple }}
-{% endfor -%}