diff --git a/apache/lib/common b/apache/lib/common index 69ac7c0..e9f3952 100644 --- a/apache/lib/common +++ b/apache/lib/common @@ -48,15 +48,23 @@ export -f apache_publish_dir apache_vhost_create() { - local type="$1" cfg="$2" custom_rules vhost_statement creds + local type="$1" cfg="$2" protocols="$3" dest="$4" custom_rules vhost_statement creds export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled" - protocols=$(__vhost_cfg_normalize_protocol "$cfg") || return 1 + if [ -z "$protocols" ]; then + protocols=$(__vhost_cfg_normalize_protocol "$cfg") || return 1 + fi + + domain=$(get_domain "$cfg") && relation-set domain "$domain" if is_protocol_enabled https "$protocols"; then + if [ -z "$domain" ]; then + err "You must specify a domain for ssl to work." + return 1 + fi read-0 ssl_plugin_fun ssl_cfg_value ssl_cfg_options < <(ssl_get_plugin_fun "$cfg") || return 1 - "$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" || return 1 + "$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" "$domain" || return 1 redirect=$(e "$cfg" | cfg-get-value 'redirect-to-ssl' 2>/dev/null) || true if is_protocol_enabled http "$protocols"; then redirect=${redirect:-true} @@ -90,18 +98,21 @@ $(if [ "$custom_rules" ]; then else relation-set protocol http fi - vhost_statement=$(apache_vhost_statement "$type" "$protocols" "$cfg") || { + vhost_statement=$(apache_vhost_statement "$type" "$protocols" "$cfg" "$domain") || { err "Failed to get vhost statement for type $type on ${protocols:1:-1}" return 1 } - domain=$(get_domain "$cfg") || return 1 - relation-set domain "$domain" - echo "$vhost_statement" | file_put "$APACHE_CONFIG_LOCATION/$domain.conf" || return 1 + dest=${dest:-$domain} + if [ -z "$dest" ]; then + err "Please set either a domain or set a destination file." + return 1 + fi + echo "$vhost_statement" | file_put "$APACHE_CONFIG_LOCATION/$dest.conf" || return 1 creds=$(e "$cfg" | cfg-get-value creds 2>/dev/null) || true if [ "$creds" ]; then - apache_passwd_file "$cfg" || return 1 + apache_passwd_file "$cfg" "$dest"|| return 1 fi if is_protocol_enabled https "$protocols"; then @@ -262,8 +273,7 @@ ssl_get_plugin_fun() { ssl_fallback_vars() { - local cfg="$1" ssl_cfg="$2" cert key ca_cert domain - domain=$(get_domain "$cfg") || return 1 + local cfg="$1" ssl_cfg="$2" value="$3" domain="$4" cert key ca_cert domain if __vhost_cfg_ssl_cert=$(echo "$ssl_cfg" | shyaml get-value cert 2>/dev/null); then __vhost_cfg_SSL_CERT_LOCATION=/etc/ssl/certs/${domain}.pem @@ -306,8 +316,7 @@ $volumes } ssl_plugin_cert-provider_vars() { - local cfg="$1" ssl_cfg="$2" - domain=$(get_domain "$cfg") || return 1 + local cfg="$1" ssl_cfg="$2" value="$3" domain="$4" __vhost_cfg_SSL_CERT_LOCATION=/etc/letsencrypt/live/${domain}/cert.pem __vhost_cfg_SSL_KEY_LOCATION=/etc/letsencrypt/live/${domain}/privkey.pem @@ -344,12 +353,12 @@ services: apache_passwd_file() { - local cfg="$1" creds + local cfg="$1" dest="$2" creds include parse || true ## XXXvlab: called twice... no better way to do this ? creds=$(e "$cfg" | cfg-get-value creds 2>/dev/null) || true - password_path=$(password-path-get "$cfg") + password_path=$(password-path-get "$dest") first= if ! [ -e "$CONFIGSTORE/$MASTER_TARGET_SERVICE_NAME$password_path" ]; then debug "No file $CONFIGSTORE/$MASTER_TARGET_SERVICE_NAME$password_path, creating password file." || true @@ -369,16 +378,16 @@ apache_passwd_file() { ## Produce the full statements depending on relation-get informations apache_vhost_statement() { - local type="$1" protocols="$2" cfg="$3" \ + local type="$1" protocols="$2" cfg="$3" domain="$4" \ vhost_statement if is_protocol_enabled http "$protocols"; then - __vhost_full_vhost_statement "$type" http "$cfg" || return 1 + __vhost_full_vhost_statement "$type" http "$cfg" "$domain" || return 1 fi if is_protocol_enabled https "$protocols"; then read-0 ssl_plugin_fun ssl_cfg_value ssl_cfg_options < <(ssl_get_plugin_fun "$cfg") || return 1 - "$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" || return 1 - vhost_statement=$(__vhost_full_vhost_statement "$type" https "$cfg") || return 1 + "$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" "$domain" || return 1 + vhost_statement=$(__vhost_full_vhost_statement "$type" https "$cfg" "$domain") || return 1 cat < @@ -509,14 +518,13 @@ EOF password-path-get() { - local cfg="$1" domain - domain=$(get_domain "$cfg") || return 1 - echo /etc/apache2/sites-enabled/${domain}.passwd + local dest="$1" + echo "/etc/apache2/sites-enabled/${dest}.passwd" } __vhost_creds_statement() { - local cfg="$1" password_path - password_path=$(password-path-get "$cfg") || return 1 + local cfg="$1" dest="$2" password_path + password_path=$(password-path-get "$dest") || return 1 if ! e "$cfg" | cfg-get-value creds >/dev/null 2>&1; then echo "Allow from all" return 0 @@ -533,8 +541,7 @@ EOF __vhost_head_statement() { - local cfg="$1" protocol="$2" server_aliases admin_mail - domain=$(get_domain "$cfg") || return 1 + local cfg="$1" protocol="$2" domain="$3" server_aliases admin_mail prefix admin_mail=$(e "$1" | cfg-get-value "admin-mail" 2>/dev/null) || true server_aliases=$(e "$cfg" | cfg-get-value server-aliases 2>/dev/null) || true [ "$server_aliases" == None ] && server_aliases="" @@ -664,7 +671,7 @@ target-get() { } __vhost_proxy_statement() { - local protocol="$1" cfg="$2" + local protocol="$1" cfg="$2" dest="$3" target=$(target-get "$cfg") || return 1 @@ -684,7 +691,7 @@ __vhost_proxy_statement() { ProxyVia On ProxyPass / http://$target/ retry=0 -$(__vhost_creds_statement "$cfg" | prefix " ") +$(__vhost_creds_statement "$cfg" "$dest" | prefix " ") ProxyPassReverse / $([ "$protocol" == "https" ] && echo " SSLProxyEngine On") @@ -699,11 +706,11 @@ EOF } __vhost_full_vhost_statement() { - local type="$1" protocol="$2" cfg="$3" head_statement custom_rules content_statement + local type="$1" protocol="$2" cfg="$3" domain="$4" head_statement custom_rules content_statement - head_statement=$(__vhost_head_statement "$cfg" "$protocol") || return 1 + head_statement=$(__vhost_head_statement "$cfg" "$protocol" "$domain") || return 1 custom_rules=$(__vhost_custom_rules "$cfg") || return 1 - content_statement=$(__vhost_content_statement "$type" "$protocol" "$cfg") || return 1 + content_statement=$(__vhost_content_statement "$type" "$protocol" "$cfg" "${domain:-html}") || return 1 case "$protocol" in https) @@ -733,9 +740,8 @@ EOF } __vhost_publish_dir_statement() { - local protocol="$1" cfg="$2" - domain=$(get_domain "$cfg") || return 1 - local_path="/var/www/${domain}" + local protocol="$1" cfg="$2" dest="$3" dest + local_path="/var/www/${dest}" cat < Options Indexes FollowSymLinks MultiViews AllowOverride all -$(__vhost_creds_statement "$cfg" | prefix " ") +$(__vhost_creds_statement "$cfg" "$dest" | prefix " ") EOF diff --git a/apache/test/vhost b/apache/test/vhost index e2cef37..6e8928c 100644 --- a/apache/test/vhost +++ b/apache/test/vhost @@ -39,8 +39,7 @@ trap "rm -rf \"$state_tmpdir\"" EXIT try " apache_vhost_statement publish_dir ,http, '\ -domain: www.example.com -'" +' www.example.com" noerror is out ' @@ -83,21 +82,19 @@ is out ' try " apache_vhost_statement publish_dir ,http, ' -domain: www.example.com server-aliases: - toto -'" +' www.example.com" noerror is out reg 'ServerAlias toto' try " apache_vhost_statement publish_dir ,http, ' -domain: www.example.com server-aliases: - toto - titi -'" +' www.example.com" noerror is out reg 'ServerAlias toto' is out reg 'ServerAlias titi' @@ -108,9 +105,7 @@ is out reg 'ServerAlias titi' ## try " -apache_vhost_statement publish_dir ,http, ' -domain: www.example.com -' +apache_vhost_statement publish_dir ,http, '' www.example.com " "credentials allow all" noerror is out reg 'Allow from all' @@ -118,11 +113,10 @@ is out reg 'Allow from all' try " apache_vhost_statement publish_dir ,http, ' -domain: www.example.com creds: toto: xxx titi: yyy -' +' www.example.com " "credentials with basic auth user/pass" noerror is out reg 'AuthType basic' @@ -135,11 +129,10 @@ is out reg 'Require valid-user' try " apache_vhost_statement web_proxy ,http, ' -domain: www.example.com target: popo:3333 creds: toto: titi -' +' www.example.com " "proxy explicit target" noerror is out reg 'ProxyPass / http://popo:3333/' @@ -159,10 +152,9 @@ is out part ' try " apache_vhost_statement web_proxy ,https, ' -domain: www.example.com ssl: true target: popo:3333 -' +' www.example.com " "ssl default generation (ssl-cert-snakeoil)" noerror is out reg 'VirtualHost \*:443' @@ -176,13 +168,12 @@ is out reg 'CustomLog /var/log/apache2/s-www.example.com_access.log combined' try " RELATIONS=() apache_vhost_statement web_proxy ,https, ' -domain: www.example.com ssl: ca-cert: a key: b cert: c target: popo:3333 -' +' www.example.com " "ssl providing keys inline" noerror is out reg 'SSLCertificateFile /etc/ssl/certs/www.example.com.pem' @@ -196,7 +187,6 @@ is out reg 'SSLCACertificateFile /etc/ssl/certs/www.example.com-ca.pem' try " apache_vhost_statement web_proxy ,https, ' -domain: www.example.com ssl: ca-cert: a key: b @@ -206,7 +196,7 @@ apache-custom-rules: | RewriteCond %{QUERY_STRING} !skin=formanoo RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302] target: popo:3333 -' +' www.example.com " "custom rules" noerror is out reg 'RewriteEngine On' @@ -218,7 +208,6 @@ is out reg 'RewriteEngine On' try " apache_vhost_statement web_proxy ,https,http, ' -domain: www.example.com ssl: ca-cert: a key: b @@ -228,7 +217,7 @@ apache-custom-rules: | RewriteCond %{QUERY_STRING} !skin=formanoo RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302] target: popo:3333 -' +' www.example.com " "both http and https" noerror is out '