apache-frontend: Add new slave configuration parameters and 404 error for missing instances

Added:
server-alias
disable-no-cache-request
prefer-gzip-encoding-to-backend
disabled-cookie-list

software/apache-frontend/common.cfg

@@ -96,7 +96,7 @@ mode = 640
 [template-apache-frontend-configuration]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/templates/apache.conf.in
-md5sum = eb509d5b924464b08e28d296da93b58c
+md5sum = 6c72015a9af4f1edab63712f5c6aec99
 mode = 640
 
 [template-apache-cached-configuration]
@@ -133,7 +133,7 @@ mode = 640
 [template-default-slave-virtualhost]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
-md5sum = 3671d13456cec8c3347e8a6ad0badbff
+md5sum = 8422c3c0d643edacfa8b11d2d1e5ce17
 mode = 640
 
 [template-log-access]

software/apache-frontend/instance-slave-apache-input-schema.json

@@ -15,6 +15,14 @@
       "type": "string",
       "pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$"
     },
+
+    "server-alias": {
+      "title": "Server Alias",
+      "description": "Server Alias List separated by space",
+      "type": "string",
+      "default": ""
+    },
+
     "type": {
       "title": "Backend Type",
       "description": "Type of the backend",
@@ -71,6 +79,30 @@
       "default": "false",
       "enum": ["false", "true"]
     },
+
+    "disable-no-cache-request": {
+      "title": "Disable 'no-cache' requests",
+      "description": "If set to true, no-cache control headers will be disabled",
+      "type": "string",
+      "default": "false",
+      "enum": ["false", "true"]
+    },
+
+    "prefer-gzip-encoding-to-backend": {
+      "title": "Prefer gzip Encoding for Backend",
+      "description": "If set to true, if a request is made with accept encoding 'gzip', only that one will be transferred to the backend",
+      "type": "string",
+      "default": "false",
+      "enum": ["false", "true"]
+    },
+
+    "disabled-cookie-list": {
+      "title": "Disabled Cookies",
+      "description": "List of Cookies separated by space that will not be sent to the backend",
+      "type": "string",
+      "default": ""
+    },
+
     "apache_custom_http": {
       "title": "HTTP configuration",
       "description": "Raw http configuration in python template format. Your site will be rejected if you use it without notification and approval of the frontend adminastrator",

software/apache-frontend/templates/apache.conf.in

@@ -41,6 +41,10 @@ CustomLog "{{ access_log }}" combined
 <Directory {{ document_root }}>
   Order Allow,Deny
   Allow from All
+  Options -Indexes
+  ErrorDocument 404 /notfound.html
+  RewriteEngine on
+  RewriteRule ^/?$ notfound.html [R=404,L]
 </Directory>
 
 # List of modules
@@ -129,3 +133,6 @@ include {{frontend_configuration.get('log-access-configuration')}}
 NameVirtualHost *:{{ http_port }}
 NameVirtualHost *:{{ https_port }}
 include {{ slave_configuration_directory }}/*.conf
+
+ErrorDocument 404 /notfound.html
+RewriteRule (.*) /notfound.html [R=404,L]

software/apache-frontend/templates/default-virtualhost.conf.in

 {% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
+{% set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%}
+{%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
  
 <VirtualHost *:{{ https_port }}>
   ServerName {{ slave_parameter.get('custom_domain') }}
   ServerAlias {{ slave_parameter.get('custom_domain') }}
 
+{%- if 'server-alias' in slave_parameter -%}
+  {% set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
+  {%- for server_alias in server_alias_list %}
+  ServerAlias {{ server_alias }}
+  {% endfor %}
+{%- endif %}
+
   SSLEngine on
   SSLProxyEngine on
   SSLProtocol all -SSLv2 -SSLv3
@@ -34,6 +43,22 @@
   ProxyTimeout 600
   RewriteEngine On
 
+{% if disable_no_cache_header %}
+  RequestHeader unset Cache-Control
+  RequestHeader unset Pragma
+{% endif -%}
+
+{% if 'disabled-cookie-list' in slave_parameter -%}
+  {% set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() %}
+  {%- for disabled_cookie in disabled_cookie_list %}
+{{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
+  {% endfor -%}
+{% endif %}
+
+{%- if prefer_gzip %}
+  RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
+{% endif %}
+
 {% if slave_parameter.get('type', '') ==  'zope' -%}
   {% if 'default-path' in slave_parameter %}
   RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
@@ -53,6 +78,14 @@
 <VirtualHost *:{{ http_port }}>
   ServerName {{ slave_parameter.get('custom_domain') }}
   ServerAlias {{ slave_parameter.get('custom_domain') }}
+
+{%- if 'server-alias' in slave_parameter %}
+  {% set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
+  {%- for server_alias in server_alias_list %}
+  ServerAlias {{ server_alias }}
+  {% endfor -%}
+{% endif %}
+
   SSLProxyEngine on
   # Rewrite part
   ProxyVia On
@@ -69,6 +102,22 @@
   # Remove "Secure" from cookies, as backend may be https
   Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
 
+{% if disable_no_cache_header %}
+  RequestHeader unset Cache-Control
+  RequestHeader unset Pragma
+{% endif -%}
+
+{% if 'disabled-cookie-list' in slave_parameter -%}
+  {% set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() %}
+  {%- for disabled_cookie in disabled_cookie_list %}
+{{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
+  {% endfor -%}
+{% endif %}
+
+{%- if prefer_gzip %}
+  RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
+{% endif %}
+
 # Next line is forbidden and people who copy it will be hanged short
 {% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
 {% if https_only -%}