Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Carlos Ramos Carreño
erp5
Commits
572b8e6d
Commit
572b8e6d
authored
Jan 08, 2013
by
Marco Mariani
Browse files
Options
Browse Files
Download
Plain Diff
Merge remote-tracking branch 'origin/master' into lapp-resilient3
parents
1a31d960
a695668b
Changes
11
Hide whitespace changes
Inline
Side-by-side
Showing
11 changed files
with
369 additions
and
136 deletions
+369
-136
CHANGES.txt
CHANGES.txt
+16
-0
component/busybox/buildout.cfg
component/busybox/buildout.cfg
+1
-1
setup.py
setup.py
+27
-1
slapos/recipe/apache_frontend/__init__.py
slapos/recipe/apache_frontend/__init__.py
+61
-11
slapos/recipe/apache_frontend/template/apache.conf.in
slapos/recipe/apache_frontend/template/apache.conf.in
+28
-20
slapos/recipe/apache_frontend/template/apache.conf.path-protected.in
...pe/apache_frontend/template/apache.conf.path-protected.in
+7
-3
software/apache-frontend/README.apache_frontend.txt
software/apache-frontend/README.apache_frontend.txt
+77
-16
software/apache-frontend/common.cfg
software/apache-frontend/common.cfg
+51
-0
software/apache-frontend/development.cfg
software/apache-frontend/development.cfg
+32
-0
software/apache-frontend/instance.cfg
software/apache-frontend/instance.cfg
+22
-1
software/apache-frontend/software.cfg
software/apache-frontend/software.cfg
+47
-83
No files found.
CHANGES.txt
View file @
572b8e6d
Changes
Changes
=======
=======
0.71.1 (2013-01-04)
-------------------
* Frontend: Sort instances by reference to avoid attacks. [Cedric de Saint
Martin]
* Frontend: Add public_ipv4 parameter support to ease deployment of slave
frontend. [Cedric de Saint Martin]
* Frontend: Move apache_frontend wrappers to watched directory (etc/service).
[Cedric de Saint Martin]
* Frontend: Add native path to varnish environment. [Cedric de Saint Martin]
0.71 (2012-12-20)
-----------------
* frontend: Add "path" parameter for Zope instances. [Cedric de Saint Martin]
0.70 (2012-11-05)
0.70 (2012-11-05)
-----------------
-----------------
...
...
component/busybox/buildout.cfg
View file @
572b8e6d
...
@@ -5,7 +5,7 @@ parts = busybox
...
@@ -5,7 +5,7 @@ parts = busybox
[busybox]
[busybox]
recipe = slapos.recipe.build
recipe = slapos.recipe.build
url = http://git.busybox.net/busybox/snapshot/busybox-1_20_1.tar.gz
url = http://git.busybox.net/busybox/snapshot/busybox-1_20_1.tar.gz
md5sum =
15758fc37ae8051d6def1b8afb691821
md5sum =
2dcfee8add6b9c52d6a91e97ba705b66
script =
script =
extract_dir = self.extract(self.download(%(url)r, %(md5sum)r))
extract_dir = self.extract(self.download(%(url)r, %(md5sum)r))
workdir = guessworkdir(extract_dir)
workdir = guessworkdir(extract_dir)
...
...
setup.py
View file @
572b8e6d
##############################################################################
#
# Copyright (c) 2010-2013 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from
setuptools
import
setup
,
find_packages
from
setuptools
import
setup
,
find_packages
import
glob
import
glob
import
os
import
os
version
=
'0.7
0.1
-dev'
version
=
'0.7
1.2
-dev'
name
=
'slapos.cookbook'
name
=
'slapos.cookbook'
long_description
=
open
(
"README.txt"
).
read
()
+
"
\
n
"
+
\
long_description
=
open
(
"README.txt"
).
read
()
+
"
\
n
"
+
\
open
(
"CHANGES.txt"
).
read
()
+
"
\
n
"
open
(
"CHANGES.txt"
).
read
()
+
"
\
n
"
...
...
slapos/recipe/apache_frontend/__init__.py
View file @
572b8e6d
...
@@ -28,6 +28,7 @@ from slapos.recipe.librecipe import BaseSlapRecipe
...
@@ -28,6 +28,7 @@ from slapos.recipe.librecipe import BaseSlapRecipe
import
os
import
os
import
pkg_resources
import
pkg_resources
import
hashlib
import
hashlib
import
operator
import
sys
import
sys
import
zc.buildout
import
zc.buildout
import
zc.recipe.egg
import
zc.recipe.egg
...
@@ -43,6 +44,9 @@ class Recipe(BaseSlapRecipe):
...
@@ -43,6 +44,9 @@ class Recipe(BaseSlapRecipe):
'template/%s'
%
template_name
)
'template/%s'
%
template_name
)
def
_install
(
self
):
def
_install
(
self
):
# Define directory not defined in deprecated lib
self
.
service_directory
=
os
.
path
.
join
(
self
.
etc_directory
,
'service'
)
# Check for mandatory arguments
# Check for mandatory arguments
frontend_domain_name
=
self
.
parameter_dict
.
get
(
"domain"
)
frontend_domain_name
=
self
.
parameter_dict
.
get
(
"domain"
)
if
frontend_domain_name
is
None
:
if
frontend_domain_name
is
None
:
...
@@ -69,9 +73,17 @@ class Recipe(BaseSlapRecipe):
...
@@ -69,9 +73,17 @@ class Recipe(BaseSlapRecipe):
rewrite_rule_list
=
[]
rewrite_rule_list
=
[]
rewrite_rule_zope_list
=
[]
rewrite_rule_zope_list
=
[]
rewrite_rule_zope_path_list
=
[]
slave_dict
=
{}
slave_dict
=
{}
service_dict
=
{}
service_dict
=
{}
# Sort slave instance by reference to avoid most security issues
slave_instance_list
=
sorted
(
slave_instance_list
,
key
=
operator
.
itemgetter
(
'slave_reference'
))
# dict of used domains, only used to track duplicates
domain_dict
=
{}
for
slave_instance
in
slave_instance_list
:
for
slave_instance
in
slave_instance_list
:
backend_url
=
slave_instance
.
get
(
"url"
,
None
)
backend_url
=
slave_instance
.
get
(
"url"
,
None
)
reference
=
slave_instance
.
get
(
"slave_reference"
)
reference
=
slave_instance
.
get
(
"slave_reference"
)
...
@@ -97,6 +109,12 @@ class Recipe(BaseSlapRecipe):
...
@@ -97,6 +109,12 @@ class Recipe(BaseSlapRecipe):
domain
=
"%s.%s"
%
(
reference
.
replace
(
"-"
,
""
).
lower
(),
domain
=
"%s.%s"
%
(
reference
.
replace
(
"-"
,
""
).
lower
(),
frontend_domain_name
)
frontend_domain_name
)
if
domain_dict
.
get
(
domain
):
# This domain already has been processed, skip this new one
continue
else
:
domain_dict
[
domain
]
=
True
# Define the URL where the instance will be available
# Define the URL where the instance will be available
# WARNING: we use default ports (443, 80) here.
# WARNING: we use default ports (443, 80) here.
slave_dict
[
reference
]
=
"%s%s/"
%
(
scheme
,
domain
)
slave_dict
[
reference
]
=
"%s%s/"
%
(
scheme
,
domain
)
...
@@ -118,6 +136,9 @@ class Recipe(BaseSlapRecipe):
...
@@ -118,6 +136,9 @@ class Recipe(BaseSlapRecipe):
# RewriteMap for Zope Virtual Host Monster websites.
# RewriteMap for Zope Virtual Host Monster websites.
if
slave_instance
.
get
(
"type"
,
""
).
lower
()
in
[
'zope'
]:
if
slave_instance
.
get
(
"type"
,
""
).
lower
()
in
[
'zope'
]:
rewrite_rule_zope_list
.
append
(
rewrite_rule
)
rewrite_rule_zope_list
.
append
(
rewrite_rule
)
# For Zope, we have another dict containing the path e.g '/erp5/...
rewrite_rule_path
=
"%s %s"
%
(
domain
,
slave_instance
.
get
(
'path'
,
''
))
rewrite_rule_zope_path_list
.
append
(
rewrite_rule_path
)
else
:
else
:
rewrite_rule_list
.
append
(
rewrite_rule
)
rewrite_rule_list
.
append
(
rewrite_rule
)
...
@@ -152,6 +173,7 @@ class Recipe(BaseSlapRecipe):
...
@@ -152,6 +173,7 @@ class Recipe(BaseSlapRecipe):
name
=
frontend_domain_name
,
name
=
frontend_domain_name
,
rewrite_rule_list
=
rewrite_rule_list
,
rewrite_rule_list
=
rewrite_rule_list
,
rewrite_rule_zope_list
=
rewrite_rule_zope_list
,
rewrite_rule_zope_list
=
rewrite_rule_zope_list
,
rewrite_rule_zope_path_list
=
rewrite_rule_zope_path_list
,
key
=
key
,
certificate
=
certificate
)
key
=
key
,
certificate
=
certificate
)
# Send connection informations about each slave
# Send connection informations about each slave
...
@@ -160,9 +182,12 @@ class Recipe(BaseSlapRecipe):
...
@@ -160,9 +182,12 @@ class Recipe(BaseSlapRecipe):
"instance: %s"
%
reference
)
"instance: %s"
%
reference
)
try
:
try
:
connection_dict
=
{
connection_dict
=
{
'frontend_ipv6_address'
:
self
.
getGlobalIPv6Address
(),
# Send the public IPs (if possible) so that user knows what IP
'frontend_ipv4_address'
:
self
.
getLocalIPv4Address
(),
# to bind to its domain name
'site_url'
:
url
'frontend_ipv6_address'
:
self
.
getGlobalIPv6Address
(),
'frontend_ipv4_address'
:
self
.
parameter_dict
.
get
(
"public-ipv4"
,
self
.
getLocalIPv4Address
()),
'site_url'
:
url
,
}
}
self
.
setConnectionDict
(
connection_dict
,
reference
)
self
.
setConnectionDict
(
connection_dict
,
reference
)
except
:
except
:
...
@@ -289,7 +314,7 @@ class Recipe(BaseSlapRecipe):
...
@@ -289,7 +314,7 @@ class Recipe(BaseSlapRecipe):
self
.
_createDirectory
(
crontabs
)
self
.
_createDirectory
(
crontabs
)
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'crond'
,
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'crond'
,
'slapos.recipe.librecipe.execute'
,
'execute'
)],
self
.
ws
,
sys
.
executable
,
'slapos.recipe.librecipe.execute'
,
'execute'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper
_directory
,
arguments
=
[
self
.
service
_directory
,
arguments
=
[
self
.
options
[
'dcrond_binary'
].
strip
(),
'-s'
,
cron_d
,
'-c'
,
crontabs
,
self
.
options
[
'dcrond_binary'
].
strip
(),
'-s'
,
cron_d
,
'-c'
,
crontabs
,
'-t'
,
timestamps
,
'-f'
,
'-l'
,
'5'
,
'-M'
,
catcher
]
'-t'
,
timestamps
,
'-f'
,
'-l'
,
'5'
,
'-M'
,
catcher
]
)[
0
]
)[
0
]
...
@@ -346,10 +371,13 @@ class Recipe(BaseSlapRecipe):
...
@@ -346,10 +371,13 @@ class Recipe(BaseSlapRecipe):
)
)
self
.
_writeFile
(
openssl_configuration
,
pkg_resources
.
resource_string
(
self
.
_writeFile
(
openssl_configuration
,
pkg_resources
.
resource_string
(
__name__
,
'template/openssl.cnf.ca.in'
)
%
config
)
__name__
,
'template/openssl.cnf.ca.in'
)
%
config
)
# XXX-Cedric: Don't use this, but use slapos.recipe.certificate_authority
# from the instance profile.
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([
(
'certificate_authority'
,
__name__
+
'.certificate_authority'
,
(
'certificate_authority'
,
__name__
+
'.certificate_authority'
,
'runCertificateAuthority'
)],
'runCertificateAuthority'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper
_directory
,
arguments
=
[
dict
(
self
.
ws
,
sys
.
executable
,
self
.
service
_directory
,
arguments
=
[
dict
(
openssl_configuration
=
openssl_configuration
,
openssl_configuration
=
openssl_configuration
,
openssl_binary
=
self
.
options
[
'openssl_binary'
],
openssl_binary
=
self
.
options
[
'openssl_binary'
],
certificate
=
os
.
path
.
join
(
self
.
ca_dir
,
'cacert.pem'
),
certificate
=
os
.
path
.
join
(
self
.
ca_dir
,
'cacert.pem'
),
...
@@ -382,6 +410,8 @@ class Recipe(BaseSlapRecipe):
...
@@ -382,6 +410,8 @@ class Recipe(BaseSlapRecipe):
name
+
'.lock'
)
name
+
'.lock'
)
apache_conf
[
'document_root'
]
=
os
.
path
.
join
(
self
.
data_root_directory
,
apache_conf
[
'document_root'
]
=
os
.
path
.
join
(
self
.
data_root_directory
,
'htdocs'
)
'htdocs'
)
apache_conf
[
'instance_home'
]
=
os
.
path
.
join
(
self
.
work_directory
)
apache_conf
[
'httpd_home'
]
=
self
.
options
[
'httpd_home'
]
apache_conf
[
'ip_list'
]
=
ip_list
apache_conf
[
'ip_list'
]
=
ip_list
apache_conf
[
'port'
]
=
port
apache_conf
[
'port'
]
=
port
apache_conf
[
'server_admin'
]
=
'admin@'
apache_conf
[
'server_admin'
]
=
'admin@'
...
@@ -419,10 +449,11 @@ class Recipe(BaseSlapRecipe):
...
@@ -419,10 +449,11 @@ class Recipe(BaseSlapRecipe):
"-f"
,
config_file
,
"-f"
,
config_file
,
"-a"
,
varnish_config
[
"port"
],
"-T"
,
varnish_config
[
"control_port"
],
"-a"
,
varnish_config
[
"port"
],
"-T"
,
varnish_config
[
"control_port"
],
"-s"
,
varnish_config
[
"storage"
]]
"-s"
,
varnish_config
[
"storage"
]]
environment
=
dict
(
PATH
=
self
.
options
[
"binutils_directory"
])
environment
=
dict
(
PATH
=
"%s:%s"
%
(
self
.
options
[
"binutils_directory"
],
os
.
environ
.
get
(
'PATH'
)))
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
name
,
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
name
,
'slapos.recipe.librecipe.execute'
,
'executee'
)],
self
.
ws
,
'slapos.recipe.librecipe.execute'
,
'executee'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper
_directory
,
arguments
=
[
varnish_argument_list
,
sys
.
executable
,
self
.
service
_directory
,
arguments
=
[
varnish_argument_list
,
environment
])[
0
]
environment
])[
0
]
self
.
path_list
.
append
(
wrapper
)
self
.
path_list
.
append
(
wrapper
)
...
@@ -461,7 +492,7 @@ class Recipe(BaseSlapRecipe):
...
@@ -461,7 +492,7 @@ class Recipe(BaseSlapRecipe):
stunnel_conf
))
stunnel_conf
))
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'stunnel'
,
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'stunnel'
,
'slapos.recipe.librecipe.execute'
,
'execute_wait'
)],
self
.
ws
,
'slapos.recipe.librecipe.execute'
,
'execute_wait'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper
_directory
,
arguments
=
[
sys
.
executable
,
self
.
service
_directory
,
arguments
=
[
[
self
.
options
[
'stunnel_binary'
].
strip
(),
stunnel_conf_path
],
[
self
.
options
[
'stunnel_binary'
].
strip
(),
stunnel_conf_path
],
[
certificate
,
key
]]
[
certificate
,
key
]]
)[
0
]
)[
0
]
...
@@ -470,8 +501,17 @@ class Recipe(BaseSlapRecipe):
...
@@ -470,8 +501,17 @@ class Recipe(BaseSlapRecipe):
def
installFrontendApache
(
self
,
ip_list
,
key
,
certificate
,
name
,
def
installFrontendApache
(
self
,
ip_list
,
key
,
certificate
,
name
,
port
=
4443
,
plain_http_port
=
8080
,
port
=
4443
,
plain_http_port
=
8080
,
rewrite_rule_list
=
[],
rewrite_rule_zope_list
=
[],
rewrite_rule_list
=
None
,
rewrite_rule_zope_list
=
None
,
rewrite_rule_zope_path_list
=
None
,
access_control_string
=
None
):
access_control_string
=
None
):
if
rewrite_rule_list
is
None
:
rewrite_rule_list
=
[]
if
rewrite_rule_zope_list
is
None
:
rewrite_rule_zope_list
=
[]
if
rewrite_rule_zope_path_list
is
None
:
rewrite_rule_zope_path_list
=
[]
# Create htdocs, populate it with default 404 document
# Create htdocs, populate it with default 404 document
htdocs_location
=
os
.
path
.
join
(
self
.
data_root_directory
,
'htdocs'
)
htdocs_location
=
os
.
path
.
join
(
self
.
data_root_directory
,
'htdocs'
)
self
.
_createDirectory
(
htdocs_location
)
self
.
_createDirectory
(
htdocs_location
)
...
@@ -512,9 +552,14 @@ class Recipe(BaseSlapRecipe):
...
@@ -512,9 +552,14 @@ class Recipe(BaseSlapRecipe):
# Create configuration file and rewritemaps
# Create configuration file and rewritemaps
apachemap_name
=
"apachemap.txt"
apachemap_name
=
"apachemap.txt"
apachemapzope_name
=
"apachemapzope.txt"
apachemapzope_name
=
"apachemapzope.txt"
apachemapzopepath_name
=
"apachemapzopepath.txt"
self
.
createConfigurationFile
(
apachemap_name
,
"
\
n
"
.
join
(
rewrite_rule_list
))
self
.
createConfigurationFile
(
apachemap_name
,
"
\
n
"
.
join
(
rewrite_rule_list
))
self
.
createConfigurationFile
(
apachemapzope_name
,
self
.
createConfigurationFile
(
apachemapzope_name
,
"
\
n
"
.
join
(
rewrite_rule_zope_list
))
"
\
n
"
.
join
(
rewrite_rule_zope_list
))
self
.
createConfigurationFile
(
apachemapzopepath_name
,
"
\
n
"
.
join
(
rewrite_rule_zope_path_list
))
apache_conf
=
self
.
_getApacheConfigurationDict
(
name
,
ip_list
,
port
)
apache_conf
=
self
.
_getApacheConfigurationDict
(
name
,
ip_list
,
port
)
apache_conf
[
'ssl_snippet'
]
=
self
.
substituteTemplate
(
apache_conf
[
'ssl_snippet'
]
=
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'apache.ssl-snippet.conf.in'
),
self
.
getTemplateFilename
(
'apache.ssl-snippet.conf.in'
),
...
@@ -532,12 +577,17 @@ class Recipe(BaseSlapRecipe):
...
@@ -532,12 +577,17 @@ class Recipe(BaseSlapRecipe):
path
=
self
.
substituteTemplate
(
path
=
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'apache.conf.path-protected.in'
),
self
.
getTemplateFilename
(
'apache.conf.path-protected.in'
),
dict
(
path
=
'/'
,
access_control_string
=
'none'
))
dict
(
path
=
'/'
,
access_control_string
=
'none'
,
document_root
=
apache_conf
[
'document_root'
],
)
)
apache_conf
.
update
(
**
dict
(
apache_conf
.
update
(
**
dict
(
path_enable
=
path
,
path_enable
=
path
,
apachemap_path
=
os
.
path
.
join
(
self
.
etc_directory
,
apachemap_name
),
apachemap_path
=
os
.
path
.
join
(
self
.
etc_directory
,
apachemap_name
),
apachemapzope_path
=
os
.
path
.
join
(
self
.
etc_directory
,
apachemapzope_name
),
apachemapzope_path
=
os
.
path
.
join
(
self
.
etc_directory
,
apachemapzope_name
),
apachemapzopepath_path
=
os
.
path
.
join
(
self
.
etc_directory
,
apachemapzopepath_name
),
apache_domain
=
name
,
apache_domain
=
name
,
https_port
=
port
,
https_port
=
port
,
plain_http_port
=
plain_http_port
,
plain_http_port
=
plain_http_port
,
...
@@ -553,7 +603,7 @@ class Recipe(BaseSlapRecipe):
...
@@ -553,7 +603,7 @@ class Recipe(BaseSlapRecipe):
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([(
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([(
'frontend_apache'
,
'slapos.recipe.erp5.apache'
,
'runApache'
)],
self
.
ws
,
'frontend_apache'
,
'slapos.recipe.erp5.apache'
,
'runApache'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper
_directory
,
arguments
=
[
sys
.
executable
,
self
.
service
_directory
,
arguments
=
[
dict
(
dict
(
required_path_list
=
[
key
,
certificate
],
required_path_list
=
[
key
,
certificate
],
binary
=
self
.
options
[
'httpd_binary'
],
binary
=
self
.
options
[
'httpd_binary'
],
...
...
slapos/recipe/apache_frontend/template/apache.conf.in
View file @
572b8e6d
...
@@ -5,12 +5,13 @@
...
@@ -5,12 +5,13 @@
PidFile "%(pid_file)s"
PidFile "%(pid_file)s"
ServerName %(server_name)s
ServerName %(server_name)s
DocumentRoot %(document_root)s
DocumentRoot %(document_root)s
ServerRoot %(instance_home)s
%(listen)s
%(listen)s
ServerAdmin %(server_admin)s
ServerAdmin %(server_admin)s
DefaultType text/plain
DefaultType text/plain
TypesConfig conf/mime.types
TypesConfig
%(httpd_home)s/
conf/mime.types
AddType application/x-compress .Z
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-gzip .gz .tgz
...
@@ -32,23 +33,23 @@ CustomLog "%(access_log)s" common
...
@@ -32,23 +33,23 @@ CustomLog "%(access_log)s" common
#LoadModule unixd_module modules/mod_unixd.so
#LoadModule unixd_module modules/mod_unixd.so
#LoadModule access_compat_module modules/mod_access_compat.so
#LoadModule access_compat_module modules/mod_access_compat.so
#LoadModule authz_core_module modules/mod_authz_core.so
#LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_host_module
%(httpd_home)s/
modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule log_config_module
%(httpd_home)s/
modules/mod_log_config.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule deflate_module
%(httpd_home)s/
modules/mod_deflate.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule setenvif_module
%(httpd_home)s/
modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule version_module
%(httpd_home)s/
modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_module
%(httpd_home)s/
modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_http_module
%(httpd_home)s/
modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule ssl_module
%(httpd_home)s/
modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule mime_module
%(httpd_home)s/
modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_module
%(httpd_home)s/
modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_fs_module
%(httpd_home)s/
modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule negotiation_module
%(httpd_home)s/
modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule rewrite_module
%(httpd_home)s/
modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule headers_module
%(httpd_home)s/
modules/mod_headers.so
LoadModule cache_module modules/mod_cache.so
LoadModule cache_module
%(httpd_home)s/
modules/mod_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule mem_cache_module
%(httpd_home)s/
modules/mod_mem_cache.so
LoadModule antiloris_module modules/mod_antiloris.so
LoadModule antiloris_module
%(httpd_home)s/
modules/mod_antiloris.so
# The following directives modify normal HTTP response behavior to
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
# handle known problems with browser implementations.
...
@@ -99,17 +100,24 @@ Header append Vary User-Agent
...
@@ -99,17 +100,24 @@ Header append Vary User-Agent
ProxyTimeout 600
ProxyTimeout 600
RewriteEngine On
RewriteEngine On
# Define the two rewritemaps : one for zope, one generic
# Define the two RewriteMaps (key -> value store): one for Zope, one generic
# containing: rewritten URL -> original URL (a.k.a VirtualHostBase in Zope)
RewriteMap apachemapzope txt:%(apachemapzope_path)s
RewriteMap apachemapzope txt:%(apachemapzope_path)s
RewriteMap apachemapgeneric txt:%(apachemap_path)s
RewriteMap apachemapgeneric txt:%(apachemap_path)s
# Define another RewriteMap for Zope, containing:
# rewritten URL -> VirtualHostRoot
RewriteMap apachemapzopepath txt:%(apachemapzopepath_path)s
# First, we check if we have a zope backend server
# First, we check if we have a zope backend server
# If so, let's use Virtual Host Daemon rewrite
# If so, let's use Virtual Host Daemon rewrite
RewriteCond ${apachemapzope:%%{SERVER_NAME}} >""
RewriteCond ${apachemapzope:%%{SERVER_NAME}} >""
RewriteRule ^/(.*)$ ${apachemapzope:%%{SERVER_NAME}}/VirtualHostBase/https/%%{SERVER_NAME}:%%{SERVER_PORT}/VirtualHostRoot/$1 [L,P]
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ ${apachemapzope:%%{SERVER_NAME}}/VirtualHostBase/https/%%{SERVER_NAME}:443/${apachemapzopepath:%%{SERVER_NAME}}/VirtualHostRoot/$1 [L,P]
# If we have generic backend server, let's rewrite without virtual host daemon
# If we have generic backend server, let's rewrite without virtual host daemon
RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
# If nothing exist : put a nice error
# If nothing exist : put a nice error
...
...
slapos/recipe/apache_frontend/template/apache.conf.path-protected.in
View file @
572b8e6d
# Path protected
<Directory %(path)s>
<Location %(path)s>
Order Deny,Allow
Order Deny,Allow
Allow from %(access_control_string)s
Allow from %(access_control_string)s
</Location>
</Directory>
<Directory %(document_root)s>
Order Allow,Deny
Allow from All
</Directory>
software/apache-frontend/README.apache_frontend.txt
View file @
572b8e6d
...
@@ -9,15 +9,22 @@ It means that a single main instance of Apache will be used to act as frontend
...
@@ -9,15 +9,22 @@ It means that a single main instance of Apache will be used to act as frontend
for many slaves.
for many slaves.
How to
use
How to
deploy a frontend server
==========
==========
=====================
First, you will need to request a "master" instance of Apache Frontend with
This is to deploy an entire frontend server with a public IPv4.
"domain" parameter, like::
If you want to use an already deployed frontend to make your service available
via ipv4, switch to the "Example" parts.
First, you will need to request a "master" instance of Apache Frontend with:
* A "domain" parameter where the frontend will be available
* A "public-ipv4" parameter to state which public IPv4 will be used
like::
<?xml version='1.0' encoding='utf-8'?>
<?xml version='1.0' encoding='utf-8'?>
<instance>
<instance>
<parameter id="domain">moulefrite.org</parameter>
<parameter id="domain">moulefrite.org</parameter>
<parameter id="p
ort">443
</parameter>
<parameter id="p
ublic-ipv4">xxx.xxx.xxx.xxx
</parameter>
</instance>
</instance>
Then, it is possible to request many slave instances
Then, it is possible to request many slave instances
...
@@ -69,11 +76,11 @@ url of backend to use.
...
@@ -69,11 +76,11 @@ url of backend to use.
"url" is a mandatory parameter.
"url" is a mandatory parameter.
Example: http://mybackend.com/myresource
Example: http://mybackend.com/myresource
cache
enable_
cache
~~~~~
~~~~~
Specify if slave instance should use a varnish / stunnel to connect to backend.
Specify if slave instance should use a varnish / stunnel to connect to backend.
Possible values: "true", "false".
Possible values: "true", "false".
"
cache" is an optional parameter. Defaults to "false".
"
enable_cache" is an optional parameter. Defaults to "false".
Example: true
Example: true
type
type
...
@@ -81,30 +88,83 @@ type
...
@@ -81,30 +88,83 @@ type
Specify if slave instance will redirect to a zope backend. If specified, Apache
Specify if slave instance will redirect to a zope backend. If specified, Apache
RewriteRule will use Zope's Virtual Host Daemon.
RewriteRule will use Zope's Virtual Host Daemon.
Possible values: "zope", "default".
Possible values: "zope", "default".
"type" is an optional parameter. Defaults to "default".
"type" is an optional parameter. Defaults to "default".
Example: zope
Example: zope
custom_domain
custom_domain
~~~~~~~~~~~~~
~~~~~~~~~~~~~
Domain name to use as frontend. The frontend will be accessible from this domain.
Domain name to use as frontend. The frontend will be accessible from this domain.
"custom_domain" is an optional parameter. Defaults to
"custom_domain" is an optional parameter. Defaults to
[instancereference].[masterdomain].
[instancereference].[masterdomain].
Example: www.mycustomdomain.com
Example: www.mycustomdomain.com
path
~~~~
Only used if type is "zope".
Will append the specified path to the "VirtualHostRoot" of the zope's
VirtualHostMonster.
"path" is an optional parameter, ignored if not specified.
Example of value: "/erp5/web_site_module/hosting/"
Examples
========
Here are some example of how to make your SlapOS service available through
an already deployed frontend.
Simple Example
--------------
Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be
redirected and accessible from the proxy::
instance = request(
software_release=apache_frontend,
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234",
}
)
Zope Example
------------
Request slave frontend instance using a Zope backend so that
https://[1:2:3:4:5:6:7:8]:1234 will be redirected and accessible from the
proxy::
instance = request(
software_release=apache_frontend,
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234",
"type":"zope",
}
)
Advanced example
Advanced example
================
----------------
Request slave frontend instance using a Zope backend, with Varnish activated,
Request slave frontend instance using a Zope backend, with Varnish activated,
listening to a custom domain::
listening to a custom domain and redirecting to /erp5/ so that
https://[1:2:3:4:5:6:7:8]:1234/erp5/ will be redirected and accessible from
the proxy::
instance = request(
instance = request(
software_release=apache_frontend,
software_release=apache_frontend,
partition_reference='frontend2',
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
shared=True,
partition_parameter_kw={
partition_parameter_kw={
"url":"https://[1:2:3:4
]:1234/someresource
",
"url":"https://[1:2:3:4
:5:6:7:8]:1234
",
"cache":"true",
"
enable_
cache":"true",
"type":"zope",
"type":"zope",
"path":"/erp5",
"custom_domain":"mycustomdomain.com",
"custom_domain":"mycustomdomain.com",
}
}
)
)
...
@@ -115,8 +175,9 @@ Notes
...
@@ -115,8 +175,9 @@ Notes
It is not possible with slapos to listen to port <= 1024, because process are
It is not possible with slapos to listen to port <= 1024, because process are
not run as root. It is a good idea then to go on the node where the instance is
not run as root. It is a good idea then to go on the node where the instance is
and set some iptables rules like (if using default ports)::
and set some iptables rules like (if using default ports)::
iptables -t nat -A PREROUTING -p tcp -d {public ip} --dport 443 -j DNAT --to-destination {listening ip}:4443
iptables -t nat -A PREROUTING -p tcp -d {public_ip} --dport 80 -j DNAT --to-destination {listening ip}:8080
iptables -t nat -A PREROUTING -p tcp -d {public_ipv4} --dport 443 -j DNAT --to-destination {listening_ipv4}:4443
iptables -t nat -A PREROUTING -p tcp -d {public_ipv4} --dport 80 -j DNAT --to-destination {listening_ipv4}:8080
Where {public ip} is the public IP of your server, or at least the LAN IP to where your NAT will forward to.
Where {public ip} is the public IP of your server, or at least the LAN IP to where your NAT will forward to.
{listening ip} is the private ipv4 (like 10.0.34.123) that the instance is using and sending as connection parameter.
{listening ip} is the private ipv4 (like 10.0.34.123) that the instance is using and sending as connection parameter.
software/apache-frontend/common.cfg
0 → 100644
View file @
572b8e6d
[buildout]
extends =
../../component/binutils/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/apache/buildout.cfg
../../component/stunnel/buildout.cfg
../../component/varnish/buildout.cfg
../../component/dcron/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/rdiff-backup/buildout.cfg
../../stack/slapos.cfg
parts =
template
binutils
apache-2.2
apache-antiloris-apache-2.2
stunnel
varnish-2.1
dcron
logrotate
rdiff-backup
# Buildoutish
eggs
instance-recipe-egg
[instance-recipe]
# Note: In case if specific instantiation recipe is used this is the place to
# put its name
egg = slapos.cookbook
module = apache.frontend
[instance-recipe-egg]
recipe = zc.recipe.egg
eggs = ${instance-recipe:egg}
[eggs]
recipe = zc.recipe.egg
eggs =
${lxml-python:egg}
[template]
# Default template for apache instance.
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg
md5sum = fea902a2b9dbf8c80ff201bcf73f9396
output = ${buildout:directory}/template.cfg
mode = 0644
\ No newline at end of file
software/apache-frontend/development.cfg
0 → 100644
View file @
572b8e6d
# Development profile of apache-frontend.
# Exactly the same as software.cfg, but fetch the slapos.cookbook
# from git repository instead of fetching stable version,
# allowing to play with bleeding edge environment.
# You'll need to run buildout twice for this profile.
[buildout]
extends =
# Extend in this order, otherwise "parts" will be taken from git profile
../../component/git/buildout.cfg
common.cfg
parts +=
slapos.cookbook-repository
develop =
${:parts-directory}/slapos.cookbook-repository
[slapos.cookbook-repository]
recipe = slapos.recipe.build:gitclone
repository = http://git.erp5.org/repos/slapos.git
branch = frontend
git-executable = ${git:location}/bin/git
[check-recipe]
recipe = plone.recipe.command
stop-on-error = true
update-command = ${:command}
command =
grep parts ${buildout:develop-eggs-directory}/slapos.cookbook.egg-link &&
software/apache-frontend/instance.cfg
View file @
572b8e6d
[buildout]
[buildout]
parts =
parts =
directory
instance
instance
configtest
eggs-directory = ${buildout:eggs-directory}
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
# Create all needed directories
[directory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc/
var = $${buildout:directory}/var/
srv = $${buildout:directory}/srv/
bin = $${buildout:directory}/bin/
service = $${:etc}/service
# Deploy Apache (old way, with monolithic recipe)
[instance]
[instance]
recipe = ${instance-recipe:egg}:${instance-recipe:module}
recipe = ${instance-recipe:egg}:${instance-recipe:module}
httpd_home = ${apache-2.2:location}
httpd_binary = ${apache-2.2:location}/bin/httpd
httpd_binary = ${apache-2.2:location}/bin/httpd
logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
openssl_binary = ${openssl:location}/bin/openssl
openssl_binary = ${openssl:location}/bin/openssl
...
@@ -14,5 +28,12 @@ dcrond_binary = ${dcron:location}/sbin/crond
...
@@ -14,5 +28,12 @@ dcrond_binary = ${dcron:location}/sbin/crond
varnishd_binary = ${varnish-2.1:location}/sbin/varnishd
varnishd_binary = ${varnish-2.1:location}/sbin/varnishd
stunnel_binary = ${stunnel:location}/bin/stunnel
stunnel_binary = ${stunnel:location}/bin/stunnel
rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
gcc_binary =
${gcc-java-minimal:location}/bin/
gcc
gcc_binary = gcc
binutils_directory = ${binutils:location}/bin/
binutils_directory = ${binutils:location}/bin/
# Create wrapper for "apachectl conftest" in bin
[configtest]
recipe = slapos.cookbook:wrapper
command-line = $${instance:httpd_binary} -f $${directory:etc}/apache_frontend.conf -t
output = $${directory:bin}/apache-configtest
software/apache-frontend/software.cfg
View file @
572b8e6d
[buildout]
[buildout]
versions = versions
extends = common.cfg
extends =
../../component/binutils/buildout.cfg
../../component/gcc/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/apache/buildout.cfg
../../component/stunnel/buildout.cfg
../../component/varnish/buildout.cfg
../../component/dcron/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/rdiff-backup/buildout.cfg
../../stack/slapos.cfg
parts =
template
binutils
gcc-java-minimal
apache-2.2
apache-antiloris-apache-2.2
stunnel
varnish-2.1
dcron
logrotate
rdiff-backup
# Buildoutish
eggs
instance-recipe-egg
[instance-recipe]
# Note: In case if specific instantiation recipe is used this is the place to
# put its name
egg = slapos.cookbook
module = apache.frontend
[instance-recipe-egg]
recipe = zc.recipe.egg
eggs = ${instance-recipe:egg}
[eggs]
recipe = zc.recipe.egg
eggs =
${lxml-python:egg}
[template]
# Default template for apache instance.
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg
md5sum = 74c0f41246d167c020854a212e919ce4
output = ${buildout:directory}/template.cfg
mode = 0644
[versions]
[versions]
Jinja2 = 2.6
Jinja2 = 2.6
Werkzeug = 0.8.3
Werkzeug = 0.8.3
buildout-versions = 1.7
buildout-versions = 1.7
hexagonit.recipe.cmmi = 1.
5.0
hexagonit.recipe.cmmi = 1.
6
meld3 = 0.6.
8
meld3 = 0.6.
10
rdiff-backup = 1.0.5
rdiff-backup = 1.0.5
slapos.cookbook = 0.52
slapos.cookbook = 0.71.1
slapos.recipe.template = 2.3
slapos.recipe.build = 0.11.5
slapos.recipe.template = 2.4.2
# Required by:
# Required by:
# slapos.core==0.
24
# slapos.core==0.
33.1
Flask = 0.
8
Flask = 0.
9
# Required by:
# Required by:
#
slapos.cookbook==0.52
#
hexagonit.recipe.cmmi==1.6
PyXML = 0.8.4
hexagonit.recipe.download = 1.6
# Required by:
# Required by:
# slapos.cookbook==0.
52
# slapos.cookbook==0.
71.1
inotifyx = 0.2.0
inotifyx = 0.2.0
# Required by:
# Required by:
# slapos.cookbook==0.
52
# slapos.cookbook==0.
71.1
# slapos.core==0.
24
# slapos.core==0.
33.1
# xml-marshaller==0.9.7
# xml-marshaller==0.9.7
lxml =
2.3.4
lxml =
3.0.2
# Required by:
# Required by:
# slapos.cookbook==0.
52
# slapos.cookbook==0.
71.1
netaddr = 0.7.
6
netaddr = 0.7.
10
# Required by:
# Required by:
# slapos.core==0.
24
# slapos.core==0.
33.1
netifaces = 0.8
netifaces = 0.8
# Required by:
# Required by:
# slapos.cookbook==0.52
# slapos.cookbook==0.71.1
# slapos.core==0.24
pytz = 2012j
# zc.buildout==1.6.0-dev-SlapOS-004
# Required by:
# slapos.cookbook==0.71.1
# slapos.core==0.33.1
# zc.buildout==1.6.0-dev-SlapOS-010
# zc.recipe.egg==1.3.2
# zc.recipe.egg==1.3.2
setuptools = 0.6c12dev-r88846
setuptools = 0.6c12dev-r88846
# Required by:
# Required by:
# slapos.cookbook==0.
52
# slapos.cookbook==0.
71.1
slapos.core = 0.
24
slapos.core = 0.
33.1
# Required by:
# Required by:
# slapos.core==0.
24
# slapos.core==0.
33.1
supervisor = 3.0
a12
supervisor = 3.0
b1
# Required by:
# Required by:
# slapos.cookbook==0.
52
# slapos.cookbook==0.
71.1
xml-marshaller = 0.9.7
xml-marshaller = 0.9.7
# Required by:
# Required by:
# slapos.co
okbook==0.52
# slapos.co
re==0.33.1
z
c.recipe.egg = 1.3.2
z
ope.interface = 4.0.3
# Required by:
# slapos.core==0.24
zope.interface = 4.0.0
[networkcache]
[networkcache]
# Cedric de Saint Martin signature certificate
# signature certificates of the following uploaders.
# Cedric de Saint Martin
# Romain Courteaud
signature-certificate-list =
signature-certificate-list =
-----BEGIN CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB9jCCAV+gAwIBAgIJAO4V/jiMoICoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
MIIB9jCCAV+gAwIBAgIJAO4V/jiMoICoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
...
@@ -133,3 +84,16 @@ signature-certificate-list =
...
@@ -133,3 +84,16 @@ signature-certificate-list =
Gn9t8mdVQflNqOlAMkOlUv1ZugCt9rXYQOV7rrEYJBWirn43BOMn9Flp2nibblby
Gn9t8mdVQflNqOlAMkOlUv1ZugCt9rXYQOV7rrEYJBWirn43BOMn9Flp2nibblby
If1a2ZoqHRxoNo2yTmm7TSYRORWVS+vvfjY=
If1a2ZoqHRxoNo2yTmm7TSYRORWVS+vvfjY=
-----END CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB4DCCAUkCADANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJGUjEZMBcGA1UE
CBMQRGVmYXVsdCBQcm92aW5jZTEPMA0GA1UEChMGTmV4ZWRpMB4XDTExMDkxNTA5
MDAwMloXDTEyMDkxNTA5MDAwMlowOTELMAkGA1UEBhMCRlIxGTAXBgNVBAgTEERl
ZmF1bHQgUHJvdmluY2UxDzANBgNVBAoTBk5leGVkaTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEApYZv6OstoqNzxG1KI6iE5U4Ts2Xx9lgLeUGAMyfJLyMmRLhw
boKOyJ9Xke4dncoBAyNPokUR6iWOcnPHtMvNOsBFZ2f7VA28em3+E1JRYdeNUEtX
Z0s3HjcouaNAnPfjFTXHYj4um1wOw2cURSPuU5dpzKBbV+/QCb5DLheynisCAwEA
ATANBgkqhkiG9w0BAQsFAAOBgQBCZLbTVdrw3RZlVVMFezSHrhBYKAukTwZrNmJX
mHqi2tN8tNo6FX+wmxUUAf3e8R2Ymbdbn2bfbPpcKQ2fG7PuKGvhwMG3BlF9paEC
q7jdfWO18Zp/BG7tagz0jmmC4y/8akzHsVlruo2+2du2freE8dK746uoMlXlP93g
QUUGLQ==
-----END CERTIFICATE-----
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment