You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

277 lines
7.7 KiB

  1. # -*- mode: shell-script -*-
  2. export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled"
  3. ## XXXvlab: berk, sending conf via environment and args.
  4. apache_ssl_proxy_config () {
  5. local DOMAIN="$1" TARGET="$2" CUSTOM_RULES="$3" CREDS="$4"
  6. ## target is meant to be a charm name
  7. PASSWORD_FILE=/etc/apache2/sites-enabled/${DOMAIN}.passwd
  8. CRED_PART=
  9. if [ "$CREDS" ]; then
  10. CRED_PART="
  11. AuthType basic
  12. AuthName "private"
  13. AuthUserFile ${PASSWORD_FILE}
  14. Require valid-user
  15. "
  16. rm -f "$SERVICE_CONFIGSTORE$PASSWORD_FILE"
  17. include parse
  18. first=c
  19. while read-0 login password; do
  20. debug "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'"
  21. echo "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'"
  22. [ "$first" ] && first=
  23. done < <(echo "$CREDS" | shyaml key-values-0 2>/dev/null) |
  24. docker run -i --entrypoint "/bin/bash" \
  25. -v "$APACHE_CONFIG_LOCATION:/etc/apache2/sites-enabled" \
  26. "$DOCKER_BASE_IMAGE" || return 1
  27. fi
  28. if [ -z "$SSL_CERT" ]; then
  29. SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
  30. fi
  31. if [ -z "$SSL_KEY" ]; then
  32. SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key
  33. fi
  34. cat <<EOF
  35. <IfModule mod_ssl.c>
  36. <VirtualHost *:443>
  37. ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN}
  38. ServerName ${DOMAIN}
  39. $(
  40. while read-0 alias; do
  41. echo " ServerAlias $alias"
  42. done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null)
  43. )
  44. ServerSignature Off
  45. CustomLog /var/log/apache2/s-${DOMAIN}_access.log combined
  46. ErrorLog /var/log/apache2/s-${DOMAIN}_error.log
  47. ErrorLog syslog:local2
  48. <IfModule mod_proxy.c>
  49. ProxyRequests Off
  50. <Proxy *>
  51. Order deny,allow
  52. Allow from all
  53. </Proxy>
  54. ProxyVia On
  55. ProxyPass / http://$TARGET/ retry=0
  56. <Location / >
  57. ${CRED_PART}
  58. ProxyPassReverse /
  59. </Location>
  60. </IfModule>
  61. ## Forbid any cache, this is only usefull on dev server.
  62. #Header set Cache-Control "no-cache"
  63. #Header set Access-Control-Allow-Origin "*"
  64. #Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
  65. #Header set Access-Control-Allow-Headers "origin, content-type, accept"
  66. RequestHeader set "X-Forwarded-Proto" "https"
  67. ## Fix IE problem (httpapache proxy dav error 408/409)
  68. SetEnv proxy-nokeepalive 1
  69. #ServerSignature On
  70. SSLProxyEngine On
  71. SSLEngine On
  72. ## Full stance
  73. SSLCertificateFile $SSL_CERT
  74. SSLCertificateKeyFile $SSL_KEY
  75. $([ "$SSL_CA_CERT" ] && echo "SSLCACertificateFile $SSL_CA_CERT")
  76. SSLVerifyClient None
  77. $CUSTOM_RULES
  78. </VirtualHost>
  79. </IfModule>
  80. EOF
  81. }
  82. export -f apache_ssl_proxy_config
  83. apache_ssl_config() {
  84. local DOMAIN=$1
  85. if [ -z "$SSL_CERT" ]; then
  86. SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
  87. fi
  88. if [ -z "$SSL_KEY" ]; then
  89. SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key
  90. fi
  91. PASSWORD_FILE=/etc/apache2/sites-enabled/${DOMAIN}.passwd
  92. CRED_PART=
  93. if [ "$CREDS" ]; then
  94. CRED_PART="
  95. AuthType basic
  96. AuthName \"private\"
  97. AuthUserFile ${PASSWORD_FILE}
  98. Require valid-user
  99. "
  100. include parse || true
  101. first=
  102. if ! [ -e "$CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$PASSWORD_FILE" ]; then
  103. debug "No file $CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$PASSWORD_FILE, creating password file." || true
  104. first=c
  105. fi
  106. while read-0 login password; do
  107. debug "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" || true
  108. echo "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'"
  109. if [ "$first" ]; then
  110. first=
  111. fi
  112. done < <(echo "$CREDS" | shyaml key-values-0 2>/dev/null) |
  113. docker run -i --entrypoint "/bin/bash" \
  114. -v "$APACHE_CONFIG_LOCATION:/etc/apache2/sites-enabled" \
  115. "$DOCKER_BASE_IMAGE" || return 1
  116. else
  117. CRED_PART="allow from all"
  118. fi
  119. cat <<EOF
  120. <IfModule mod_ssl.c>
  121. <VirtualHost *:443>
  122. ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN}
  123. ServerName ${DOMAIN}
  124. $(
  125. while read-0 alias; do
  126. echo " ServerAlias $alias"
  127. done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null)
  128. )
  129. ServerSignature Off
  130. CustomLog /var/log/apache2/s-${DOMAIN}_access.log combined
  131. ErrorLog /var/log/apache2/s-${DOMAIN}_error.log
  132. ErrorLog syslog:local2
  133. DocumentRoot /var/www/${DOMAIN}
  134. <Directory />
  135. Options FollowSymLinks
  136. AllowOverride None
  137. </Directory>
  138. <Directory /var/www/${DOMAIN}>
  139. Options Indexes FollowSymLinks MultiViews
  140. AllowOverride all
  141. ${CRED_PART}
  142. </Directory>
  143. SSLEngine On
  144. ## Full stance
  145. SSLCertificateFile $SSL_CERT
  146. SSLCertificateKeyFile $SSL_KEY
  147. $([ "$SSL_CA_CERT" ] && echo "SSLCACertificateFile $SSL_CA_CERT")
  148. SSLVerifyClient None
  149. </VirtualHost>
  150. </IfModule>
  151. EOF
  152. }
  153. export -f apache_ssl_config
  154. apache_ssl_add () {
  155. local DOMAIN="$1"
  156. DOCKER_SITE_PATH=/var/www/$DOMAIN
  157. BASE=$DATASTORE/$BASE_CHARM_NAME
  158. DST=$BASE$DOCKER_SITE_PATH
  159. # [ -e "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" ] && return 0
  160. mkdir -p "$APACHE_CONFIG_LOCATION" || return 1
  161. apache_ssl_config "$DOMAIN" > "$APACHE_CONFIG_LOCATION/$DOMAIN.conf"
  162. www_data_gid=$(cached_cmd_on_base_image apache 'id -g www-data') || {
  163. debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image."
  164. return 1
  165. }
  166. mkdir -p "$DST"
  167. setfacl -R -m g:"$www_data_gid":rx "$DST"
  168. info "Added $DOMAIN apache config."
  169. }
  170. export -f apache_ssl_add
  171. apache_ssl_proxy_add () {
  172. local DOMAIN="$1" TARGET="$2" CUSTOM_RULES="$3" CREDS="$4"
  173. mkdir -p "$APACHE_CONFIG_LOCATION" || return 1
  174. apache_ssl_proxy_config "$DOMAIN" "$TARGET" "$CUSTOM_RULES" "$CREDS" > "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" || return 1
  175. info "Added $DOMAIN as a proxy to $TARGET."
  176. }
  177. export -f apache_ssl_proxy_add
  178. apache_code_dir() {
  179. local domain="$1" location="$2"
  180. config-add "
  181. $MASTER_BASE_CHARM_NAME:
  182. volumes:
  183. - $location:/var/www/$domain
  184. "
  185. }
  186. apache_data_dir() {
  187. local DOMAIN=$1 DATA_COMMA_SEPARATED=$2
  188. DOCKER_SITE_PATH=/var/www/$DOMAIN
  189. BASE=$DATASTORE/$BASE_CHARM_NAME
  190. DST=$BASE$DOCKER_SITE_PATH
  191. DATA=()
  192. while IFS="," read -ra ADDR; do
  193. for dir in "${ADDR[@]}"; do
  194. mkdir -p "$DST/$dir"
  195. DATA+=($dir)
  196. done
  197. done <<< "$DATA_COMMA_SEPARATED"
  198. www_data_gid=$(cached_cmd_on_base_image apache 'id -g www-data') || {
  199. debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image."
  200. return 1
  201. }
  202. info "www-data gid from ${DARKYELLOW}apache${NORMAL} is '$www_data_gid'"
  203. dirs=()
  204. for d in "${DATA[@]}"; do
  205. dirs+=("$DST/$d")
  206. done
  207. chgrp "$www_data_gid" "${dirs[@]}" -R && chmod 775 "${dirs[@]}" -R
  208. config-add "
  209. $MASTER_BASE_CHARM_NAME:
  210. volumes:
  211. $(
  212. for d in "${DATA[@]}"; do
  213. echo " - $DST/$d:$DOCKER_SITE_PATH/$d"
  214. done
  215. )"
  216. }
  217. deploy_files() {
  218. local src="$1" dst="$2"
  219. if ! [ -d "$dst" ]; then
  220. err "Destination '$dst' does not exist or is not a directory"
  221. return 1
  222. fi
  223. (
  224. cd "$dst" && info "In $dst:" &&
  225. get_file "$src" | tar xv
  226. )
  227. }
  228. export -f deploy_files