Commit a2f40501 by Łukasz Nowak Committed by Łukasz Nowak

caddy-frontend: Serve notebook in main process

There is no need anymore to have two processes for normal and nginx slaves,
as nginx ones are served by caddy anyway.

Also inform the requester that type:eventsource is not implemented.
1 parent 590f0cff
Showing 105 changed files with 75 additions and 718 deletions
......@@ -523,7 +523,6 @@ Note that in some cases promises will fail:
* not possible to request frontend slave for monitoring (monitoring frontend promise)
* no slaves present (configuration promise and others)
* no cached slave present (configuration promise and others)
* no nginx style slave present (websocket, notebook) (configuration promise and others)
This is known issue and shall be tackled soon.
......
......@@ -8,7 +8,7 @@ Generally things to be done with ``caddy-frontend``:
* **Jérome Perrin**: *For event source, if I understand https://github.com/mholt/caddy/issues/1355 correctly, we could use caddy as a proxy in front of nginx-push-stream . If we have a "central shared" caddy instance, can it handle keeping connections opens for many clients ?*
* ``check-error-on-caddy-log`` like ``check-error-on-apache-log``
* move out ``test/utils.py`` and use it from shared python distribution
* reduce the time of configuration validation (in ``instance-apache-frontend.cfg.in`` sections ``[configtest]``, ``[caddy-configuration]``, ``[nginx-configuration]``), as it is not scalable on frontend with 2000+ slaves (takes few minutes instead of few, < 5, seconds), issue posted `upstream <https://github.com/mholt/caddy/issues/2220>`_
* reduce the time of configuration validation (in ``instance-apache-frontend.cfg.in`` sections ``[configtest]``, ``[caddy-configuration]``), as it is not scalable on frontend with 2000+ slaves (takes few minutes instead of few, < 5, seconds), issue posted `upstream <https://github.com/mholt/caddy/issues/2220>`_
* drop ``6tunnel`` and use ``bind`` in Caddy configuration, as soon as multiple binds will be possible, tracked in upstream `bind: support multiple values <https://github.com/mholt/caddy/pull/2128>`_ and `ipv6: does not bind on ipv4 and ipv6 for sites that resolve to both <https://github.com/mholt/caddy/issues/864>`_
* use caddy-frontend in `standalone style playbooks <https://lab.nexedi.com/nexedi/slapos.package/tree/master/playbook/roles/standalone-shared>`_
* in ``templates/apache-custom-slave-list.cfg.in`` avoid repetetive ``part_list.append`` and use macro like in ERP5 SR (cf `Vincent's comment <https://lab.nexedi.com/nexedi/slapos/merge_requests/373#note_64362>`_)
......
......@@ -22,15 +22,15 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend]
filename = instance-apache-frontend.cfg.in
md5sum = ab5312fb5454d5358b22b000cf6ed124
md5sum = bde0f62dfe2eeef8f10b4315535095cb
[template-apache-replicate]
filename = instance-apache-replicate.cfg.in
md5sum = 37edefdb9963daa67b01e5d55d97c17d
md5sum = a4303904fa1dfebcbb40f28cd715e7cf
[template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
md5sum = f9efdfe7a7e3a78f0b15f414b5469316
md5sum = 71dfc1c57988416f5a40ced83acda2a7
[template-slave-configuration]
filename = templates/custom-virtualhost.conf.in
......@@ -54,7 +54,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in
md5sum = 6037ecfd80b5af4e826c7869c19da07c
md5sum = 9de6875635038f88be4f039e03deb1c0
[template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in
......@@ -84,18 +84,10 @@ md5sum = baf7b89cc9ab5506100b0c900808c1ea
filename = templates/trafficserver/logging.config.jinja2
md5sum = cd6bb9bd0734f17469b0ca88f8b1a531
[template-nginx-configuration]
filename = templates/nginx.cfg.in
md5sum = d4c6c585c8a7da12c16b4b8e5a1cd90a
[template-nginx-eventsource-slave-virtualhost]
filename = templates/nginx-eventsource-slave.conf.in
md5sum = 217a6c801b8330b0b825f7b8b4c77184
[template-nginx-notebook-slave-virtualhost]
filename = templates/nginx-notebook-slave.conf.in
md5sum = 982489258b9c2cafc9b52a94e7a8660f
[template-caddy-lazy-script-call]
filename = templates/apache-lazy-script-call.sh.in
md5sum = b9f73f6323f9fceea054c46c854d2862
......
......@@ -123,9 +123,6 @@ template_caddy_lazy_script_call = ${template-caddy-lazy-script-call:target}
template_default_slave_virtualhost = ${template-default-slave-virtualhost:target}
template_empty = ${template-empty:target}
template_log_access = ${template-log-access:target}
template_nging_configuration = ${template-nginx-configuration:output}
template_nginx_eventsource_slave_virtualhost = ${template-nginx-eventsource-slave-virtualhost:target}
template_nginx_notebook_slave_virtualhost = ${template-nginx-notebook-slave-virtualhost:target}
template_not_found_html = ${template-not-found-html:target}
template_slave_configuration = ${template-slave-configuration:target}
template_slave_list = ${template-slave-list:target}
......@@ -240,13 +237,6 @@ filename = storage.config.jinja2
url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
filename = logging.config.jinja2
# NGINX Configuration
[template-nginx-configuration]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/templates/nginx.cfg.in
output = ${buildout:directory}/template-nginx.cfg.in
mode = 0644
[template-caddy-lazy-script-call]
<=download-template
filename = apache-lazy-script-call.sh.in
......@@ -259,14 +249,6 @@ filename = graceful-script.sh.in
<=download-template
filename = validate-script.sh.in
[template-nginx-eventsource-slave-virtualhost]
<=download-template
filename = nginx-eventsource-slave.conf.in
[template-nginx-notebook-slave-virtualhost]
<=download-template
filename = nginx-notebook-slave.conf.in
# Migrated from KVM recipe
[http-proxy]
# https://github.com/nodejitsu/node-http-proxy
......
......@@ -11,12 +11,10 @@ parts =
directory
configtest
logrotate-entry-caddy
logrotate-entry-nginx
caddy-frontend
switch-caddy-softwaretype
caucase-updater
frontend-caddy-graceful
frontend-nginx-graceful
not-found-html
port-redirection
promise-frontend-caddy-configuration
......@@ -28,13 +26,6 @@ parts =
promise-caddy-frontend-ssl-cached
promise-caddy-is-process-older-than-dependency-set
promise-nginx-frontend-v4-https
promise-nginx-frontend-v4-http
promise-nginx-frontend-v6-https
promise-nginx-frontend-v6-http
promise-nginx-configuration
promise-nginx-is-process-older-than-dependency-set
trafficserver-launcher
trafficserver-reload
trafficserver-configuration-directory
......@@ -47,9 +38,6 @@ parts =
trafficserver-promise-listen-port
trafficserver-promise-cache-availability
## Nginx
nginx-frontend
## Monitor for Caddy
monitor-base
monitor-ats-cache-stats-wrapper
......@@ -81,10 +69,7 @@ ca-dir = ${:srv}/ssl
bbb-ssl-dir = ${:srv}/bbb-ssl
# BBB: SlapOS Master non-zero knowledge END
varnginx = ${:var}/nginx
frontend_cluster = ${:var}/frontend_cluster
nginx_cluster = ${:var}/nginx_cluster
# csr_id publication
csr_id = ${:srv}/csr_id
......@@ -168,8 +153,6 @@ template-slave-configuration = {{ parameter_dict['template_slave_configuration']
template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }}
template-cached-slave-virtualhost = {{ parameter_dict['template_cached_slave_virtualhost'] }}
caddy-location = {{ parameter_dict['caddy_location'] }}
template-nginx-eventsource-slave-virtualhost = {{ parameter_dict['template_nginx_eventsource_slave_virtualhost'] }}
template-nginx-notebook-slave-virtualhost = {{ parameter_dict['template_nginx_notebook_slave_virtualhost'] }}
[kedifa-login-config]
d = ${directory:ca-dir}
......@@ -237,7 +220,6 @@ extra-context =
key kedifa_caucase_ca_certificate kedifa-login-config:ca-certificate
key kedifa_login_certificate kedifa-login-config:certificate
key caddy_configuration_directory caddy-directory:slave-configuration
key nginx_configuration_directory caddy-directory:nginx-slave-configuration
key caddy_cached_configuration_directory caddy-directory:slave-with-cache-configuration
key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
key kedifa_updater :kedifa-updater
......@@ -257,8 +239,6 @@ extra-context =
key csr_cas_ca_certificate kedifa-login-config:cas-ca-certificate
key http_port configuration:plain_http_port
key https_port configuration:port
key nginx_http_port configuration:plain_nginx_port
key nginx_https_port configuration:nginx_port
key public_ipv4 configuration:public-ipv4
key slave_instance_list :slave_instance_list
key extra_slave_instance_list :extra_slave_instance_list
......@@ -270,20 +250,15 @@ extra-context =
key local_ipv4 :local_ipv4
key local_ipv6 :local_ipv6
key global_ipv6 slap-network-information:global-ipv6
key varnginx directory:varnginx
key empty_template software-release-path:template-empty
key template_custom_slave_configuration software-release-path:template-slave-configuration
key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
key template_cached_slave_configuration software-release-path:template-cached-slave-virtualhost
key template_eventsource_slave_configuration software-release-path:template-nginx-eventsource-slave-virtualhost
key template_notebook_slave_configuration software-release-path:template-nginx-notebook-slave-virtualhost
key software_type :software_type
key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered
key frontend_graceful_reload caddy-configuration:frontend-graceful-command
key nginx_graceful_reload nginx-configuration:nginx-graceful-command
section frontend_configuration frontend-configuration
section caddy_configuration caddy-configuration
section nginx_configuration nginx-configuration
key monitor_base_url monitor-instance-parameter:monitor-base-url
key plugin_directory directory:plugin
key promise_directory directory:promises
......@@ -388,7 +363,6 @@ slave-with-cache-configuration = ${directory:etc}/caddy-slave-with-cache-conf.d/
cache = ${directory:var}/cache
mod-ssl = ${:cache}/httpd_mod_ssl
slave-log = ${directory:log}/httpd
nginx-slave-configuration = ${directory:etc}/nginx-slave-conf.d/
autocert = ${directory:srv}/autocert
master-autocert-dir = ${:autocert}/master-autocert
custom-ssl-directory = ${:slave-configuration}/ssl
......@@ -444,13 +418,6 @@ rotate-num = 30
# or access log, and that this will trigger postrotate script.
post = ${frontend-caddy-lazy-graceful:rendered} &
[logrotate-entry-nginx]
<= logrotate-entry-base
name = caddy-nginx
log = ${nginx-configuration:error_log} ${nginx-configuration:access_log}
rotate-num = 30
post = ${nginx-configuration:nginx-graceful-command}
#################
# Trafficserver
#################
......@@ -593,20 +560,6 @@ extra-context =
key sha256sum :sha256sum
key signature_file :signature_file
[frontend-nginx-graceful]
< = jinja2-template-base
template = {{ parameter_dict['template_graceful_script'] }}
rendered = ${directory:etc-run}/frontend-nginx-safe-graceful
mode = 0700
path_list = ${dynamic-nginx-frontend-template:rendered} ${caddy-directory:nginx-slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
sha256sum = {{ parameter_dict['sha256sum'] }}
signature_file = ${directory:run}/nginx_graceful_signature
extra-context =
key graceful_reload_command nginx-configuration:nginx-graceful-command
key path_list :path_list
key sha256sum :sha256sum
key signature_file :signature_file
[frontend-caddy-validate]
< = jinja2-template-base
template = {{ parameter_dict['template_validate_script'] }}
......@@ -620,19 +573,6 @@ extra-context =
key sha256sum :sha256sum
key signature_file :signature_file
[frontend-nginx-validate]
< = jinja2-template-base
template = {{ parameter_dict['template_validate_script'] }}
rendered = ${directory:bin}/frontend-nginx-validate
mode = 0700
sha256sum = {{ parameter_dict['sha256sum'] }}
signature_file = ${directory:run}/nginx_validate_signature
extra-context =
key wrapper nginx-wrapper:wrapper-path
key path_list frontend-nginx-graceful:path_list
key sha256sum :sha256sum
key signature_file :signature_file
[frontend-caddy-lazy-graceful]
< = jinja2-template-base
template = {{ parameter_dict['template_caddy_lazy_script_call'] }}
......@@ -759,104 +699,6 @@ module = check_url_available
name = re6st-connectivity.py
config-url = ${configuration:re6st-verification-url}
#######################
# Nginx
#
[nginx-wrapper]
recipe = slapos.cookbook:wrapper
environment =
CADDYPATH=${directory:nginx_cluster}
command-line = {{ parameter_dict['caddy'] }}
-conf ${dynamic-nginx-frontend-template:rendered}
-log ${nginx-configuration:error_log}
-log-roll-mb 0
{% if instance_parameter['configuration.global-disable-http2'].lower() in TRUE_VALUES %}
-http2=false
{% else %}
-http2=true
{% endif %}
-grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s
-disable-http-challenge
-disable-tls-alpn-challenge
wrapper-path = ${directory:bin}/nginx-wrapper
[nginx-frontend]
recipe = slapos.cookbook:wrapper
command-line = ${nginx-wrapper:wrapper-path} -pidfile ${nginx-configuration:pid-file}
wrapper-path = ${directory:service}/frontend_nginx
hash-files = ${buildout:directory}/software_release/buildout.cfg
[dynamic-nginx-frontend-template]
< = jinja2-template-base
template = {{ parameter_dict['template_nging_configuration'] }}
rendered = ${directory:etc}/nginx.cfg
mode = 0600
extra-context =
key port nginx-configuration:port
key local_ip nginx-configuration:local_ip
key plain_port nginx-configuration:plain_port
key slave_configuration_directory nginx-configuration:slave-configuration-directory
key error_log nginx-configuration:error_log
key access_log nginx-configuration:access_log
key not_found_file caddy-configuration:not-found-file
key master_certificate caddy-configuration:master-certificate
# BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:rendered
# BBB: SlapOS Master non-zero knowledge END
[nginx-configuration]
access_log = ${directory:log}/nginx-access.log
error_log = ${directory:log}/nginx-error.log
ip = ${slap-network-information:global-ipv6}
local_ip = ${slap-network-information:local-ipv4}
port = ${configuration:nginx_port}
plain_port = ${configuration:plain_nginx_port}
worker_processes = 4
worker_connections = 1024
slave-configuration-directory = ${caddy-directory:nginx-slave-configuration}
pid-file = ${directory:run}/nginx.pid
nginx-graceful-command = ${:nginx-configuration-verification} && kill -USR1 $(cat ${:pid-file})
nginx-configuration-verification = ${frontend-nginx-validate:rendered}
[promise-nginx-configuration]
<= promise-plugin-base
module = validate_frontend_configuration
name = nginx-configuration-promise.py
config-verification-script = ${nginx-configuration:nginx-configuration-verification}
[promise-nginx-frontend-v4-https]
<= promise-plugin-base
module = check_port_listening
name = nginx_frontend_ipv4_https.py
config-hostname = {{ instance_parameter['ipv4-random'] }}
config-port = ${configuration:nginx_port}
[promise-nginx-frontend-v4-http]
<= promise-plugin-base
module = check_port_listening
name = nginx_frontend_ipv4_http.py
config-hostname = {{ instance_parameter['ipv4-random'] }}
config-port = ${configuration:plain_nginx_port}
[promise-nginx-frontend-v6-https]
<= promise-plugin-base
module = check_port_listening
name = nginx_frontend_ipv6_https.py
config-hostname = {{ instance_parameter['ipv6-random'] }}
config-port = ${configuration:nginx_port}
[promise-nginx-frontend-v6-http]
<= promise-plugin-base
module = check_port_listening
name = nginx_frontend_ipv6_http.py
config-hostname = {{ instance_parameter['ipv6-random'] }}
config-port = ${configuration:plain_nginx_port}
[promise-nginx-is-process-older-than-dependency-set]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['bin_directory'] }}/is-process-older-than-dependency-set ${nginx-configuration:pid-file}
wrapper-path = ${directory:promise}/promise-nginx-is-process-older-than-dependency-set
[port-redirection]
<= jinja2-template-base
template = inline:
......
......@@ -79,6 +79,12 @@ context =
{% set slave_error_list = [] %}
{% set slave_warning_list = [] %}
{% set slave_server_alias_unclashed = [] %}
{% set slave_type = slave.get('type') %}
{% if slave_type == 'eventsource' %}
{% do slave_error_list.append('type:eventsource is not implemented') %}
{% elif slave_type not in [None, '', 'default', 'zope', 'redirect', 'notebook'] %}
{% do slave_error_list.append('type:%s is not supported' % (slave_type,)) %}
{% endif %}
{# BBB: apache_custom_https AND apache_custom_http #}
{% set custom_domain = slave.get('custom_domain') %}
{% if custom_domain and custom_domain in used_host_list %}
......
......@@ -46,7 +46,7 @@
"nginx-domain": {
"description": "Base Domain for create subdomains (ie.: example2.com) for websocket, notebook and eventsource.",
"pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$",
"title": "Nginx Domain",
"title": "[NOT IMPLEMENTED] Nginx Domain",
"type": "string"
},
"public-ipv4": {
......
......@@ -9,7 +9,6 @@
{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) %}
{% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) %}
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{% set NGINX_TYPE_LIST = ['eventsource', 'notebook'] %}
{% set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': local_ipv4, 'http_port': http_port, 'https_port': https_port} %}
{% set slave_log_dict = {} %}
{% if extra_slave_instance_list %}
......@@ -98,11 +97,7 @@ output = {{ plugin_directory }}/${:name}
{# Set slave domain if none was defined #}
{% if slave_instance.get('custom_domain', None) == None %}
{% set domain_prefix = slave_instance.get('slave_reference').replace("-", "").replace("_", "").lower() %}
{% if slave_type in NGINX_TYPE_LIST %}
{% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('nginx-domain', slapparameter_dict.get('domain')))) %}
{% else %}
{% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) %}
{% endif %}
{% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) %}
{% endif %}
{% set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') %}
......@@ -223,8 +218,6 @@ certificate = {{ certificate }}
https_port = {{ dumps('' ~ https_port) }}
http_port = {{ dumps('' ~ http_port) }}
local_ipv4 = {{ dumps('' ~ local_ipv4) }}
nginx_http_port = {{ dumps('' ~ nginx_http_port) }}
nginx_https_port = {{ dumps('' ~ nginx_https_port) }}
cached_port = {{ dumps('' ~ cached_port) }}
ssl_cached_port = {{ ('' ~ ssl_cached_port) }}
{# BBB: apache_custom_https and apache_custom_http #}
......@@ -251,19 +244,10 @@ caddy_custom_https = {{ dumps(caddy_custom_https) }}
[{{ slave_section_title }}]
< = jinja2-template-base
{% if slave_type in NGINX_TYPE_LIST %}
rendered = {{ nginx_configuration_directory }}/${:filename}
{% else %}
rendered = {{ caddy_configuration_directory }}/${:filename}
{% endif %}
{% if caddy_custom_http or caddy_custom_https %}
template = {{ template_custom_slave_configuration }}
{% elif slave_type == 'eventsource' %}
template = {{ template_eventsource_slave_configuration }}
{% elif slave_type == 'notebook' %}
template = {{ template_notebook_slave_configuration }}
{% else %}
template = {{ template_default_slave_configuration }}
{% endif %}
......@@ -407,16 +391,6 @@ ipv6-port = {{ cached_port }}
ipv4-port = {{ ssl_cached_port }}
ipv6-port = {{ ssl_cached_port }}
[tunnel-6to4-base-nginx_http_port]
<= tunnel-6to4-base
ipv4-port = {{ nginx_http_port }}
ipv6-port = {{ nginx_http_port }}
[tunnel-6to4-base-nginx_https_port]
<= tunnel-6to4-base
ipv4-port = {{ nginx_https_port }}
ipv6-port = {{ nginx_https_port }}
{# Define log access #}
[caddy-log-access-parameters]
caddy_log_directory = {{ dumps(caddy_log_directory) }}
......@@ -458,7 +432,7 @@ command-line = {{ kedifa_updater }}
--server-ca-certificate {{ kedifa_caucase_ca_certificate }}
--identity {{ kedifa_login_certificate }}
--master-certificate {{ master_certificate }}
--on-update "{{ frontend_graceful_reload }} ; {{ nginx_graceful_reload }}"
--on-update "{{ frontend_graceful_reload }}"
${kedifa-updater-mapping:file}
{{ kedifa_updater_state_file }}
......@@ -498,8 +472,6 @@ parts +=
tunnel-6to4-base-https_port
tunnel-6to4-base-cached_port
tunnel-6to4-base-ssl_cached_port
tunnel-6to4-base-nginx_http_port
tunnel-6to4-base-nginx_https_port
expose-csr_id
cache-access = {{ cache_access }}
......
......@@ -23,6 +23,10 @@
{%- do https_host_list.append('https://%s:%s' % (host, slave_parameter['https_port'] )) %}
{%- endfor %} {#- for host in host_list #}
{%- set default_path = slave_parameter.get('default-path', '').strip('/') | urlencode %}
{%- if slave_type == 'notebook' %}
{# notebook needs http 1.1 max #}
{%- set enable_h2 = False %}
{%- endif %}
{%- for tls in [True, False] %}
{%- if tls %}
......@@ -68,12 +72,12 @@
if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
to {1}
}
{% else %}
{% elif slave_type != 'notebook' %}
rewrite {
regexp (.*)
to {1}
}
{% endif %}
{% endif %} {# elif slave_type != 'notebook' #}
{%- endif %} {#- if not (slave_type == 'zope' and backend_url) #}
{%- if not tls and https_only %}
......@@ -158,6 +162,26 @@
redir 302 {
/ {{ backend_url }}{rewrite_uri}
} {# redir #}
{%- elif slave_type == 'notebook' %}
proxy / {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
transparent
insecure_skip_verify
}
rewrite {
regexp "/(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/?"
to /proxy/{1}
}
proxy /proxy/ {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
header_upstream X-Real-IP {remote}
header_upstream Host {host}
websocket
without /proxy/
insecure_skip_verify
}
{%- else %} {#- if slave_type == 'zope' and backend_url #}
# Default configuration
{%- if default_path %}
......
{%- set url = slave_parameter.get('url') %}
{%- set https_url = slave_parameter.get('https-url', url) %}
{%- if url.startswith("http://") or url.startswith("https://") %}
{%- set upstream = url.split("/")[2] %}
{%- set https_upstream = https_url.split("/")[2] %}
# SSL-enabled
https://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_https_port'] }} {
bind {{ slave_parameter['local_ipv4'] }}
# Compress the output
gzip
log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ slave_parameter.get('error_log') }} {
rotate_size 0
}
tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} {
alpn http/1.1
}
proxy / {{ https_upstream }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
transparent
insecure_skip_verify
}
rewrite {
regexp "/(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/?"
to /proxy/{1}
}
proxy /proxy/ {{ https_upstream }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
header_upstream X-Real-IP {remote}
header_upstream Host {host}
websocket
without /proxy/
insecure_skip_verify
}
}
# SSL-disabled
http://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_http_port'] }} {
bind {{ slave_parameter['local_ipv4'] }}
# Compress the output
gzip
log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ slave_parameter.get('error_log') }} {
rotate_size 0
}
proxy / {{ upstream }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
transparent
insecure_skip_verify
}
rewrite {
regexp "/(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/?"
to /proxy/{1}
}
proxy /proxy/ {{ upstream }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
header_upstream X-Real-IP {remote}
header_upstream Host {host}
websocket
without /proxy/
insecure_skip_verify
}
}
{%- endif %}
# TODO-Caddy worker_processes $${nginx-configuration:worker_processes};
# TODO-Caddy events {
# TODO-Caddy worker_connections $${nginx-configuration:worker_connections};
# TODO-Caddy # multi_accept on;
# TODO-Caddy }
# TODO-Caddy http {
##
# Basic Settings
##
# TODO-Caddy sendfile on;
# TODO-Caddy tcp_nopush on;
# TODO-Caddy tcp_nodelay on;
# TODO-Caddy keepalive_timeout 65;
# TODO-Caddy types_hash_max_size 2048;
# TODO-Caddy server_tokens off;
# TODO-Caddy log_format custom '$remote_addr - $remote_user $time_local $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time';
# TODO-Caddy access_log $${nginx-configuration:access_log} custom;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
# TODO-Caddy default_type application/octet-stream;
# TODO-Caddy ssl_certificate $${ca-frontend:cert-file};
# TODO-Caddy ssl_certificate_key $${ca-frontend:key-file};
##
# Gzip Settings
##
# TODO-Caddy gzip on;
# TODO-Caddy gzip_disable "msie6";
# TODO-Caddy gzip_vary on;
# TODO-Caddy gzip_proxied any;
# TODO-Caddy gzip_comp_level 6;
# TODO-Caddy gzip_buffers 16 8k;
# TODO-Caddy gzip_http_version 1.1;
# TODO-Caddy gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# Push stream Settings
##
# TODO-Caddy push_stream_shared_memory_size 32m;
# TODO-Caddy fastcgi_temp_path $${directory:varnginx} 1 2;
# TODO-Caddy uwsgi_temp_path $${directory:varnginx} 1 2;
# TODO-Caddy scgi_temp_path $${directory:varnginx} 1 2;
# TODO-Caddy client_body_temp_path $${directory:varnginx} 1 2;
# TODO-Caddy proxy_temp_path $${directory:varnginx} 1 2;
# TODO-Caddy }
import {{ slave_configuration_directory }}/*.conf
# Catch-all and 404 for not configured instances
:{{ port }} {
tls {{ master_certificate }} {{ master_certificate }}
bind {{ local_ip }}
# Serve an error 204 (No Content) for favicon.ico
status 204 /favicon.ico
status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ error_log }} {
rotate_size 0
* {{ not_found_file }}
}
}
:{{ plain_port }} {
bind {{ local_ip }}
# Serve an error 204 (No Content) for favicon.ico
status 204 /favicon.ico
status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ error_log }} {
rotate_size 0
* {{ not_found_file }}
}
}
......@@ -15,10 +15,5 @@ T-2/etc/plugin/check-free-disk-space.py: OK
T-2/etc/plugin/frontend-caddy-configuration-promise.py: ERROR
T-2/etc/plugin/monitor-bootstrap-status.py: OK
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-2/etc/plugin/nginx-configuration-promise.py: ERROR
T-2/etc/plugin/nginx_frontend_ipv4_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-2/etc/promise/promise-nginx-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
......@@ -10,8 +10,6 @@ T-1:kedifa-{hash}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-2:6tunnel-11080-{hash}-on-watch STOPPED
T-2:6tunnel-11443-{hash}-on-watch STOPPED
T-2:6tunnel-12080-{hash}-on-watch STOPPED
T-2:6tunnel-12443-{hash}-on-watch STOPPED
T-2:6tunnel-26011-{hash}-on-watch STOPPED
T-2:6tunnel-26012-{hash}-on-watch STOPPED
T-2:bootstrap-monitor STOPPED
......@@ -19,9 +17,7 @@ T-2:certificate_authority-{hash}-on-watch STOPPED
T-2:crond-{hash}-on-watch STOPPED
T-2:expose-csr_id-{hash}-on-watch STOPPED
T-2:frontend-caddy-safe-graceful STOPPED
T-2:frontend-nginx-safe-graceful STOPPED
T-2:frontend_caddy-{hash}-on-watch STOPPED
T-2:frontend_nginx-{hash}-on-watch STOPPED
T-2:kedifa-login-certificate-caucase-updater-on-watch STOPPED
T-2:kedifa-updater-{hash}-on-watch STOPPED
T-2:monitor-httpd-{hash}-on-watch STOPPED
......
......@@ -7,7 +7,5 @@ T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_site_1_access_log
T-2/var/log/httpd/_site_1_error_log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/nginx-access.log
T-2/var/log/nginx-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
\ No newline at end of file
......@@ -6,8 +6,4 @@ T-2/var/run/caddy_validate_signature
T-2/var/run/caddy_validate_signature.status
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/monitor/monitor-bootstrap.pid
T-2/var/run/nginx.pid
T-2/var/run/nginx_graceful_signature
T-2/var/run/nginx_validate_signature
T-2/var/run/nginx_validate_signature.status
\ No newline at end of file
T-2/var/run/monitor/monitor-bootstrap.pid
\ No newline at end of file
......@@ -15,10 +15,5 @@ T-2/etc/plugin/check-free-disk-space.py: OK
T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
T-2/etc/plugin/monitor-bootstrap-status.py: OK
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-2/etc/plugin/nginx-configuration-promise.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-2/etc/promise/promise-nginx-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
......@@ -10,8 +10,6 @@ T-1:kedifa-{hash}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-2:6tunnel-11080-{hash}-on-watch RUNNING
T-2:6tunnel-11443-{hash}-on-watch RUNNING
T-2:6tunnel-12080-{hash}-on-watch RUNNING
T-2:6tunnel-12443-{hash}-on-watch RUNNING
T-2:6tunnel-26011-{hash}-on-watch RUNNING
T-2:6tunnel-26012-{hash}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
......@@ -19,9 +17,7 @@ T-2:certificate_authority-{hash}-on-watch RUNNING
T-2:crond-{hash}-on-watch RUNNING
T-2:expose-csr_id-{hash}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING
......
......@@ -11,7 +11,5 @@ T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/nginx-access.log
T-2/var/log/nginx-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
\ No newline at end of file
......@@ -6,8 +6,4 @@ T-2/var/run/caddy_validate_signature
T-2/var/run/caddy_validate_signature.status
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/monitor/monitor-bootstrap.pid
T-2/var/run/nginx.pid
T-2/var/run/nginx_graceful_signature
T-2/var/run/nginx_validate_signature
T-2/var/run/nginx_validate_signature.status
\ No newline at end of file
T-2/var/run/monitor/monitor-bootstrap.pid
\ No newline at end of file
......@@ -19,10 +19,5 @@ T-2/etc/plugin/check-free-disk-space.py: OK
T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
T-2/etc/plugin/monitor-bootstrap-status.py: OK
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-2/etc/plugin/nginx-configuration-promise.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-2/etc/promise/promise-nginx-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
......@@ -10,8 +10,6 @@ T-1:kedifa-{hash}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-2:6tunnel-11080-{hash}-on-watch RUNNING
T-2:6tunnel-11443-{hash}-on-watch RUNNING
T-2:6tunnel-12080-{hash}-on-watch RUNNING
T-2:6tunnel-12443-{hash}-on-watch RUNNING
T-2:6tunnel-26011-{hash}-on-watch RUNNING
T-2:6tunnel-26012-{hash}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
......@@ -19,9 +17,7 @@ T-2:certificate_authority-{hash}-on-watch RUNNING
T-2:crond-{hash}-on-watch RUNNING
T-2:expose-csr_id-{hash}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING
......
......@@ -11,7 +11,5 @@ T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/nginx-access.log
T-2/var/log/nginx-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
\ No newline at end of file
......@@ -6,8 +6,4 @@ T-2/var/run/caddy_validate_signature
T-2/var/run/caddy_validate_signature.status
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/monitor/monitor-bootstrap.pid
T-2/var/run/nginx.pid
T-2/var/run/nginx_graceful_signature
T-2/var/run/nginx_validate_signature
T-2/var/run/nginx_validate_signature.status
\ No newline at end of file
T-2/var/run/monitor/monitor-bootstrap.pid
\ No newline at end of file