From d1a0f5b39ef9f227cbb4727a64aa537ae7192c05 Mon Sep 17 00:00:00 2001 From: Valentin Lab Date: Sat, 15 Dec 2018 15:37:41 +0100 Subject: [PATCH] new: [apache] automatic redirection from ``http`` to ``https``. --- apache/lib/common | 22 +++++++++++++++++++++- apache/test/vhost_cert_provider | 17 ++++++++++++++++- apache/test/vhost_files | 14 +++++++++++--- 3 files changed, 48 insertions(+), 5 deletions(-) diff --git a/apache/lib/common b/apache/lib/common index 27aa98a..725c9c9 100644 --- a/apache/lib/common +++ b/apache/lib/common @@ -40,6 +40,7 @@ export -f apache_publish_dir apache_vhost_create () { + local custom_rules export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled" vhost_statement SERVER_ALIAS=$(relation-get server-aliases 2>/dev/null) || true @@ -50,6 +51,25 @@ apache_vhost_create () { if is_protocol_enabled https; then read-0 SSL_PLUGIN_FUN SSL_CFG_VALUE SSL_CFG_OPTIONS < <(ssl_get_plugin_fun) || return 1 "$SSL_PLUGIN_FUN"_vars "$SSL_CFG_OPTIONS" "$SSL_CFG_VALUE" || return 1 + redirect=$(relation-get 'redirect-to-ssl' 2>/dev/null) || true + if is_protocol_enabled http; then + redirect=${redirect:-true} + else + redirect=false + fi + if [ "$redirect" == "true" ]; then + custom_rules=$(_get_custom_rules) || return 1 + if [[ "$custom_rules" != *"## Auto-redirection from http to https"* ]]; then + relation-set apache-custom-rules "- | + ## Auto-redirection from http to https + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,QSA] +$(if [ "$custom_rules" ]; then + echo "- |"$'\n'"$(echo "$custom_rules" | prefix " ")" + fi)" + fi + fi fi vhost_statement=$(apache_vhost_statement "$PROTOCOLS") || return 1 echo "$vhost_statement"| file_put "$APACHE_CONFIG_LOCATION/$prefix$DOMAIN.conf" || return 1 @@ -100,7 +120,7 @@ __vhost_cfg_normalize_protocol() { case "$protocol" in auto) if __vhost_cfg_ssl="$(_get_ssl_option_value)"; then - protocol="https" + protocol="http,https" export __vhost_cfg_ssl else protocol="http" diff --git a/apache/test/vhost_cert_provider b/apache/test/vhost_cert_provider index 7b0209d..2224394 100644 --- a/apache/test/vhost_cert_provider +++ b/apache/test/vhost_cert_provider @@ -24,6 +24,13 @@ relation-get() { } export -f relation-get +relation-set() { + local key="$1" value="$2" + echo "relation-set $key:" >&2 + echo "$value" | prefix " | " >&2 +} +export -f relation-set + get_service_relations() { printf "%s\0" "${RELATIONS[@]}" } @@ -135,7 +142,15 @@ ssl: ' RELATIONS=(cert-provider foo a True) apache_vhost_create" "known cert key" -noerror +is errlvl 0 +is err part "\ +relation-set apache-custom-rules: + | - | + | ## Auto-redirection from http to https + | RewriteEngine On + | RewriteCond %{HTTPS} off + | RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,QSA] + |" is out reg 'Calling: compose .*foo: options: .*run --rm --service-ports foo.*' is out part 'config-add | services: diff --git a/apache/test/vhost_files b/apache/test/vhost_files index b46b241..dadeb0f 100644 --- a/apache/test/vhost_files +++ b/apache/test/vhost_files @@ -22,6 +22,13 @@ relation-get() { } export -f relation-get +relation-set() { + local key="$1" value="$2" + echo "relation-set $key:" >&2 + echo "$value" | prefix " | " >&2 +} +export -f relation-set + get_service_relations() { printf "%s\0" "${RELATIONS[@]}" } @@ -98,9 +105,9 @@ CFG=' ssl: true ' apache_vhost_create" -noerror +is errlvl 0 +is err part "## Auto-redirection from http to https" is out reg '^file_put \$SERVICE_CONFIGSTORE/.*/www.example.com.conf' -is err '' try " @@ -118,7 +125,8 @@ ssl: cert: c ' apache_vhost_create" -noerror +is errlvl 0 +is err part "## Auto-redirection from http to https" is out part 'file_put $CONFIGSTORE/$BASE_SERVICE_NAME/etc/ssl/certs/www.example.com.pem | c' is out part 'file_put $CONFIGSTORE/$BASE_SERVICE_NAME/etc/ssl/private/www.example.com.key