You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
# -*- mode: shell-script -*-
export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled"
## XXXvlab: berk, sending conf via environment and args. apache_ssl_proxy_config () { local DOMAIN="$1" TARGET="$2" CUSTOM_RULES="$3" CREDS="$4" ## target is meant to be a charm name
PASSWORD_FILE=/etc/apache2/sites-enabled/${DOMAIN}.passwd CRED_PART= if [ "$CREDS" ]; then CRED_PART=" AuthType basic AuthName "private" AuthUserFile ${PASSWORD_FILE} Require valid-user " rm -f "$SERVICE_CONFIGSTORE$PASSWORD_FILE" include parse first=c while read-0 login password; do debug "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" echo "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" [ "$first" ] && first= done < <(echo "$CREDS" | shyaml key-values-0 2>/dev/null) | docker run -i --entrypoint "/bin/bash" \ -v "$APACHE_CONFIG_LOCATION:/etc/apache2/sites-enabled" \ "$DOCKER_BASE_IMAGE" || return 1 fi
if [ -z "$SSL_CERT" ]; then SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem fi
if [ -z "$SSL_KEY" ]; then SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key fi
cat <<EOF <IfModule mod_ssl.c>
<VirtualHost *:443> ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN} ServerName ${DOMAIN} $( while read-0 alias; do echo " ServerAlias $alias" done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null) ) ServerSignature Off CustomLog /var/log/apache2/s-${DOMAIN}_access.log combined ErrorLog /var/log/apache2/s-${DOMAIN}_error.log ErrorLog syslog:local2
<IfModule mod_proxy.c> ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyVia On ProxyPass / http://$TARGET/ retry=0 <Location / > ${CRED_PART} ProxyPassReverse / </Location> </IfModule>
## Forbid any cache, this is only usefull on dev server. #Header set Cache-Control "no-cache" #Header set Access-Control-Allow-Origin "*" #Header set Access-Control-Allow-Methods "POST, GET, OPTIONS" #Header set Access-Control-Allow-Headers "origin, content-type, accept"
RequestHeader set "X-Forwarded-Proto" "https"
## Fix IE problem (httpapache proxy dav error 408/409) SetEnv proxy-nokeepalive 1 #ServerSignature On SSLProxyEngine On SSLEngine On
## Full stance SSLCertificateFile $SSL_CERT SSLCertificateKeyFile $SSL_KEY $([ "$SSL_CA_CERT" ] && echo "SSLCACertificateFile $SSL_CA_CERT") SSLVerifyClient None
$CUSTOM_RULES
</VirtualHost>
</IfModule> EOF
} export -f apache_ssl_proxy_config
apache_ssl_config() { local DOMAIN=$1
if [ -z "$SSL_CERT" ]; then SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem fi
if [ -z "$SSL_KEY" ]; then SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key fi
PASSWORD_FILE=/etc/apache2/sites-enabled/${DOMAIN}.passwd CRED_PART= if [ "$CREDS" ]; then CRED_PART=" AuthType basic AuthName \"private\" AuthUserFile ${PASSWORD_FILE} Require valid-user " include parse || true first= if ! [ -e "$CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$PASSWORD_FILE" ]; then debug "No file $CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$PASSWORD_FILE, creating password file." || true first=c fi while read-0 login password; do debug "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" || true echo "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" if [ "$first" ]; then first= fi done < <(echo "$CREDS" | shyaml key-values-0 2>/dev/null) | docker run -i --entrypoint "/bin/bash" \ -v "$APACHE_CONFIG_LOCATION:/etc/apache2/sites-enabled" \ "$DOCKER_BASE_IMAGE" || return 1 else CRED_PART="allow from all" fi
cat <<EOF <IfModule mod_ssl.c>
<VirtualHost *:443> ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN} ServerName ${DOMAIN} $( while read-0 alias; do echo " ServerAlias $alias" done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null) )
ServerSignature Off CustomLog /var/log/apache2/s-${DOMAIN}_access.log combined ErrorLog /var/log/apache2/s-${DOMAIN}_error.log ErrorLog syslog:local2
DocumentRoot /var/www/${DOMAIN}
<Directory /> Options FollowSymLinks AllowOverride None </Directory>
<Directory /var/www/${DOMAIN}> Options Indexes FollowSymLinks MultiViews AllowOverride all ${CRED_PART} </Directory>
SSLEngine On
## Full stance SSLCertificateFile $SSL_CERT SSLCertificateKeyFile $SSL_KEY $([ "$SSL_CA_CERT" ] && echo "SSLCACertificateFile $SSL_CA_CERT") SSLVerifyClient None
</VirtualHost>
</IfModule> EOF
} export -f apache_ssl_config
apache_ssl_add () { local DOMAIN="$1" DOCKER_SITE_PATH=/var/www/$DOMAIN BASE=$DATASTORE/$BASE_CHARM_NAME DST=$BASE$DOCKER_SITE_PATH # [ -e "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" ] && return 0 mkdir -p "$APACHE_CONFIG_LOCATION" || return 1 apache_ssl_config "$DOMAIN" > "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" www_data_gid=$(cached_cmd_on_base_image apache 'id -g www-data') || { debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image." return 1 } mkdir -p "$DST" setfacl -R -m g:"$www_data_gid":rx "$DST" info "Added $DOMAIN apache config." } export -f apache_ssl_add
apache_ssl_proxy_add () { local DOMAIN="$1" TARGET="$2" CUSTOM_RULES="$3" CREDS="$4"
mkdir -p "$APACHE_CONFIG_LOCATION" || return 1 apache_ssl_proxy_config "$DOMAIN" "$TARGET" "$CUSTOM_RULES" "$CREDS" > "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" || return 1 info "Added $DOMAIN as a proxy to $TARGET." } export -f apache_ssl_proxy_add
apache_code_dir() { local domain="$1" location="$2" config-add " $MASTER_BASE_CHARM_NAME: volumes: - $location:/var/www/$domain " }
apache_data_dir() { local DOMAIN=$1 DATA_COMMA_SEPARATED=$2
DOCKER_SITE_PATH=/var/www/$DOMAIN BASE=$DATASTORE/$BASE_CHARM_NAME DST=$BASE$DOCKER_SITE_PATH DATA=() while IFS="," read -ra ADDR; do for dir in "${ADDR[@]}"; do mkdir -p "$DST/$dir" DATA+=($dir) done done <<< "$DATA_COMMA_SEPARATED"
www_data_gid=$(cached_cmd_on_base_image apache 'id -g www-data') || { debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image." return 1 } info "www-data gid from ${DARKYELLOW}apache${NORMAL} is '$www_data_gid'"
dirs=() for d in "${DATA[@]}"; do dirs+=("$DST/$d") done
chgrp "$www_data_gid" "${dirs[@]}" -R && chmod 775 "${dirs[@]}" -R
config-add " $MASTER_BASE_CHARM_NAME: volumes: $( for d in "${DATA[@]}"; do echo " - $DST/$d:$DOCKER_SITE_PATH/$d" done )"
}
deploy_files() { local src="$1" dst="$2"
if ! [ -d "$dst" ]; then err "Destination '$dst' does not exist or is not a directory" return 1 fi ( cd "$dst" && info "In $dst:" && get_file "$src" | tar xv ) } export -f deploy_files
|