Browse Source

new: [apache] automatic redirection from ``http`` to ``https``.

framadate
Valentin Lab 6 years ago
parent
commit
d1a0f5b39e
  1. 22
      apache/lib/common
  2. 17
      apache/test/vhost_cert_provider
  3. 14
      apache/test/vhost_files

22
apache/lib/common

@ -40,6 +40,7 @@ export -f apache_publish_dir
apache_vhost_create () { apache_vhost_create () {
local custom_rules
export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled" vhost_statement export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled" vhost_statement
SERVER_ALIAS=$(relation-get server-aliases 2>/dev/null) || true SERVER_ALIAS=$(relation-get server-aliases 2>/dev/null) || true
@ -50,6 +51,25 @@ apache_vhost_create () {
if is_protocol_enabled https; then if is_protocol_enabled https; then
read-0 SSL_PLUGIN_FUN SSL_CFG_VALUE SSL_CFG_OPTIONS < <(ssl_get_plugin_fun) || return 1 read-0 SSL_PLUGIN_FUN SSL_CFG_VALUE SSL_CFG_OPTIONS < <(ssl_get_plugin_fun) || return 1
"$SSL_PLUGIN_FUN"_vars "$SSL_CFG_OPTIONS" "$SSL_CFG_VALUE" || return 1 "$SSL_PLUGIN_FUN"_vars "$SSL_CFG_OPTIONS" "$SSL_CFG_VALUE" || return 1
redirect=$(relation-get 'redirect-to-ssl' 2>/dev/null) || true
if is_protocol_enabled http; then
redirect=${redirect:-true}
else
redirect=false
fi
if [ "$redirect" == "true" ]; then
custom_rules=$(_get_custom_rules) || return 1
if [[ "$custom_rules" != *"## Auto-redirection from http to https"* ]]; then
relation-set apache-custom-rules "- |
## Auto-redirection from http to https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,QSA]
$(if [ "$custom_rules" ]; then
echo "- |"$'\n'"$(echo "$custom_rules" | prefix " ")"
fi)"
fi
fi
fi fi
vhost_statement=$(apache_vhost_statement "$PROTOCOLS") || return 1 vhost_statement=$(apache_vhost_statement "$PROTOCOLS") || return 1
echo "$vhost_statement"| file_put "$APACHE_CONFIG_LOCATION/$prefix$DOMAIN.conf" || return 1 echo "$vhost_statement"| file_put "$APACHE_CONFIG_LOCATION/$prefix$DOMAIN.conf" || return 1
@ -100,7 +120,7 @@ __vhost_cfg_normalize_protocol() {
case "$protocol" in case "$protocol" in
auto) auto)
if __vhost_cfg_ssl="$(_get_ssl_option_value)"; then if __vhost_cfg_ssl="$(_get_ssl_option_value)"; then
protocol="https"
protocol="http,https"
export __vhost_cfg_ssl export __vhost_cfg_ssl
else else
protocol="http" protocol="http"

17
apache/test/vhost_cert_provider

@ -24,6 +24,13 @@ relation-get() {
} }
export -f relation-get export -f relation-get
relation-set() {
local key="$1" value="$2"
echo "relation-set $key:" >&2
echo "$value" | prefix " | " >&2
}
export -f relation-set
get_service_relations() { get_service_relations() {
printf "%s\0" "${RELATIONS[@]}" printf "%s\0" "${RELATIONS[@]}"
} }
@ -135,7 +142,15 @@ ssl:
' '
RELATIONS=(cert-provider foo a True) RELATIONS=(cert-provider foo a True)
apache_vhost_create" "known cert key" apache_vhost_create" "known cert key"
noerror
is errlvl 0
is err part "\
relation-set apache-custom-rules:
| - |
| ## Auto-redirection from http to https
| RewriteEngine On
| RewriteCond %{HTTPS} off
| RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,QSA]
|"
is out reg 'Calling: compose .*foo: options: <merge_yaml_str\(.a., .12., )>.*run --rm --service-ports foo.*' is out reg 'Calling: compose .*foo: options: <merge_yaml_str\(.a., .12., )>.*run --rm --service-ports foo.*'
is out part 'config-add is out part 'config-add
| services: | services:

14
apache/test/vhost_files

@ -22,6 +22,13 @@ relation-get() {
} }
export -f relation-get export -f relation-get
relation-set() {
local key="$1" value="$2"
echo "relation-set $key:" >&2
echo "$value" | prefix " | " >&2
}
export -f relation-set
get_service_relations() { get_service_relations() {
printf "%s\0" "${RELATIONS[@]}" printf "%s\0" "${RELATIONS[@]}"
} }
@ -98,9 +105,9 @@ CFG='
ssl: true ssl: true
' '
apache_vhost_create" apache_vhost_create"
noerror
is errlvl 0
is err part "## Auto-redirection from http to https"
is out reg '^file_put \$SERVICE_CONFIGSTORE/.*/www.example.com.conf' is out reg '^file_put \$SERVICE_CONFIGSTORE/.*/www.example.com.conf'
is err ''
try " try "
@ -118,7 +125,8 @@ ssl:
cert: c cert: c
' '
apache_vhost_create" apache_vhost_create"
noerror
is errlvl 0
is err part "## Auto-redirection from http to https"
is out part 'file_put $CONFIGSTORE/$BASE_SERVICE_NAME/etc/ssl/certs/www.example.com.pem is out part 'file_put $CONFIGSTORE/$BASE_SERVICE_NAME/etc/ssl/certs/www.example.com.pem
| c' | c'
is out part 'file_put $CONFIGSTORE/$BASE_SERVICE_NAME/etc/ssl/private/www.example.com.key is out part 'file_put $CONFIGSTORE/$BASE_SERVICE_NAME/etc/ssl/private/www.example.com.key

Loading…
Cancel
Save