caddy-frontend: Keep certificate and key in one file

This is consistent across usage in caddy-frontend and allow better reusage.

caddy-frontend: Keep certificate and key in one file
This is consistent across usage in caddy-frontend and allow better reusage.
6f3eafe0 · Łukasz Nowak · Łukasz Nowak · 341df23f · 6f3eafe0 · 6f3eafe0
Commit 6f3eafe0 authored Apr 01, 2019 by Łukasz Nowak Committed by Łukasz Nowak Apr 12, 2019
5 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b

 [template-apache-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = abbbc8f24cdef389b9b2859b0ef8dd0e
+md5sum = 55f607a1cc8059db76b3c9057435a5ab

 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -30,7 +30,7 @@ md5sum = 81ad603fe0a1e29948bd81b457e8d7a4

 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = dfbe4378610aa42f2cbc2a55d386324e
+md5sum = 016094d0a251092bf12659cb992d693d

 [template-slave-configuration]
 filename = templates/custom-virtualhost.conf.in
@@ -42,7 +42,7 @@ md5sum = 38e9994be01ea1b8a379f8ff7aa05438

 [template-caddy-frontend-configuration]
 filename = templates/Caddyfile.in
-md5sum = df8c08c9aecb48fdbcdfca40f9cf74a4
+md5sum = e3adb1b48862e57de160b167ad1402b8

 [caddy-backend-url-validator]
 filename = templates/caddy-backend-url-validator.in
@@ -66,7 +66,7 @@ md5sum = 907372828d1ceb05c41240078196f439

 [template-log-access]
 filename = templates/template-log-access.conf.in
-md5sum = 704f37bfdd52fe628ae81d41abba8d7a
+md5sum = 24f7fb0b7df0dd19256933fb3af49754

 [template-empty]
 filename = templates/empty.in

--- a/software/caddy-frontend/instance-apache-frontend.cfg.in
+++ b/software/caddy-frontend/instance-apache-frontend.cfg.in
@@ -100,7 +100,6 @@ single-custom-personal = ${dynamic-custom-personal-template-slave-list:rendered}
 template-log-access = {{ parameter_dict['template_log_access'] }}
 log-access-configuration = ${directory:etc}/log-access.conf
 ip-access-certificate = ${self-signed-ip-access:certificate}
-ip-access-key = ${self-signed-ip-access:key}
 caddy-directory = {{ parameter_dict['caddy_location'] }}
 caddy-ipv6 = {{ instance_parameter['ipv6-random'] }}
 caddy-https-port = ${configuration:port}
@@ -111,17 +110,16 @@ recipe = plone.recipe.command
 update-command = ${:command}
 ipv6 = ${slap-network-information:global-ipv6}
 ipv4 = {{instance_parameter['ipv4-random']}}
-key = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.key
 certificate = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt
 stop-on-error = True
 command =
-  [ -f ${:key} ] && [ -f ${:certificate} ] && exit 0
-  rm -f ${:key} ${:certificate}
+  [ -f ${:certificate} ] && exit 0
+  rm -f ${:certificate}
  /bin/bash -c ' \
  {{ parameter_dict['openssl'] }} req \
     -new -newkey rsa:2048 -sha256 \
     -nodes -x509 -days 36500 \
-     -keyout ${:key} \
+     -keyout ${:certificate} \
     -subj "/CN=Self Signed IP Access" \
     -reqexts SAN \
     -extensions SAN \

--- a/software/caddy-frontend/templates/Caddyfile.in
+++ b/software/caddy-frontend/templates/Caddyfile.in
@@ -42,7 +42,7 @@ import {{ slave_with_cache_configuration_directory }}/*.conf

 # Access to server-status Caddy-style
 https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {
-  tls {{ frontend_configuration['ip-access-certificate'] }} {{ frontend_configuration['ip-access-key'] }}
+  tls {{ frontend_configuration['ip-access-certificate'] }} {{ frontend_configuration['ip-access-certificate'] }}
  # Compress the output
  gzip
  bind {{ local_ipv4 }}

--- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
+++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
@@ -466,7 +466,6 @@ global_ipv6 = {{ dumps(global_ipv6) }}
 https_port = {{ dumps(https_port) }}
 http_port = {{ dumps(http_port) }}
 ip_access_certificate = {{ frontend_configuration.get('ip-access-certificate') }}
-ip_access_key = {{ frontend_configuration.get('ip-access-key') }}
 access_log = {{ dumps(access_log) }}
 error_log = {{ dumps(error_log) }}
 not_found_file = {{ dumps(not_found_file) }}

--- a/software/caddy-frontend/templates/template-log-access.conf.in
+++ b/software/caddy-frontend/templates/template-log-access.conf.in
@@ -4,7 +4,7 @@ https://[{{ parameter_dict['global_ipv6'] }}]:{{ parameter_dict['https_port'] }}
  bind {{ parameter_dict['local_ipv4'] }}
  root {{ directory }}/
  browse
-  tls {{ parameter_dict['ip_access_certificate'] }} {{ parameter_dict['ip_access_key'] }}
+  tls {{ parameter_dict['ip_access_certificate'] }} {{ parameter_dict['ip_access_certificate'] }}
  basicauth "{{ slave }}" {{ slave_password[slave] | trim }} {
    "Log Access {{ slave }}"
    /