# -*- mode: shell-script -*- export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled" ## XXXvlab: berk, sending conf via environment and args. apache_ssl_proxy_config () { local DOMAIN="$1" TARGET="$2" CUSTOM_RULES="$3" CREDS="$4" ## target is meant to be a charm name PASSWORD_FILE=/etc/apache2/sites-enabled/${DOMAIN}.passwd CRED_PART= if [ "$CREDS" ]; then CRED_PART=" AuthType basic AuthName "private" AuthUserFile ${PASSWORD_FILE} Require valid-user " rm -f "$SERVICE_CONFIGSTORE$PASSWORD_FILE" include parse first=c while read-0 login password; do debug "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" echo "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" [ "$first" ] && first= done < <(echo "$CREDS" | shyaml key-values-0 2>/dev/null) | docker run -i --entrypoint "/bin/bash" \ -v "$APACHE_CONFIG_LOCATION:/etc/apache2/sites-enabled" \ "$DOCKER_BASE_IMAGE" || return 1 fi if [ -z "$SSL_CERT" ]; then SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem fi if [ -z "$SSL_KEY" ]; then SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key fi cat < ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN} ServerName ${DOMAIN} $( while read-0 alias; do echo " ServerAlias $alias" done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null) ) ServerSignature Off CustomLog /var/log/apache2/s-${DOMAIN}_access.log combined ErrorLog /var/log/apache2/s-${DOMAIN}_error.log ErrorLog syslog:local2 ProxyRequests Off Order deny,allow Allow from all ProxyVia On ProxyPass / http://$TARGET/ retry=0 ${CRED_PART} ProxyPassReverse / ## Forbid any cache, this is only usefull on dev server. #Header set Cache-Control "no-cache" #Header set Access-Control-Allow-Origin "*" #Header set Access-Control-Allow-Methods "POST, GET, OPTIONS" #Header set Access-Control-Allow-Headers "origin, content-type, accept" RequestHeader set "X-Forwarded-Proto" "https" ## Fix IE problem (httpapache proxy dav error 408/409) SetEnv proxy-nokeepalive 1 #ServerSignature On SSLProxyEngine On SSLEngine On ## Full stance SSLCertificateFile $SSL_CERT SSLCertificateKeyFile $SSL_KEY $([ "$SSL_CA_CERT" ] && echo "SSLCACertificateFile $SSL_CA_CERT") SSLVerifyClient None $CUSTOM_RULES EOF } export -f apache_ssl_proxy_config apache_ssl_config() { local DOMAIN=$1 if [ -z "$SSL_CERT" ]; then SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem fi if [ -z "$SSL_KEY" ]; then SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key fi PASSWORD_FILE=/etc/apache2/sites-enabled/${DOMAIN}.passwd CRED_PART= if [ "$CREDS" ]; then CRED_PART=" AuthType basic AuthName \"private\" AuthUserFile ${PASSWORD_FILE} Require valid-user " include parse || true first= if ! [ -e "$CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$PASSWORD_FILE" ]; then debug "No file $CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$PASSWORD_FILE, creating password file." || true first=c fi while read-0 login password; do debug "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" || true echo "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" if [ "$first" ]; then first= fi done < <(echo "$CREDS" | shyaml key-values-0 2>/dev/null) | docker run -i --entrypoint "/bin/bash" \ -v "$APACHE_CONFIG_LOCATION:/etc/apache2/sites-enabled" \ "$DOCKER_BASE_IMAGE" || return 1 else CRED_PART="allow from all" fi cat < ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN} ServerName ${DOMAIN} $( while read-0 alias; do echo " ServerAlias $alias" done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null) ) ServerSignature Off CustomLog /var/log/apache2/s-${DOMAIN}_access.log combined ErrorLog /var/log/apache2/s-${DOMAIN}_error.log ErrorLog syslog:local2 DocumentRoot /var/www/${DOMAIN} Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride all ${CRED_PART} SSLEngine On ## Full stance SSLCertificateFile $SSL_CERT SSLCertificateKeyFile $SSL_KEY $([ "$SSL_CA_CERT" ] && echo "SSLCACertificateFile $SSL_CA_CERT") SSLVerifyClient None EOF } export -f apache_ssl_config apache_ssl_add () { local DOMAIN="$1" DOCKER_SITE_PATH=/var/www/$DOMAIN BASE=$DATASTORE/$BASE_CHARM_NAME DST=$BASE$DOCKER_SITE_PATH # [ -e "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" ] && return 0 mkdir -p "$APACHE_CONFIG_LOCATION" || return 1 apache_ssl_config "$DOMAIN" > "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" www_data_gid=$(cached_cmd_on_base_image apache 'id -g www-data') || { debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image." return 1 } mkdir -p "$DST" setfacl -R -m g:"$www_data_gid":rx "$DST" info "Added $DOMAIN apache config." } export -f apache_ssl_add apache_ssl_proxy_add () { local DOMAIN="$1" TARGET="$2" CUSTOM_RULES="$3" CREDS="$4" mkdir -p "$APACHE_CONFIG_LOCATION" || return 1 apache_ssl_proxy_config "$DOMAIN" "$TARGET" "$CUSTOM_RULES" "$CREDS" > "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" || return 1 info "Added $DOMAIN as a proxy to $TARGET." } export -f apache_ssl_proxy_add apache_code_dir() { local domain="$1" location="$2" config-add " $MASTER_BASE_CHARM_NAME: volumes: - $location:/var/www/$domain " } apache_data_dir() { local DOMAIN=$1 DATA_COMMA_SEPARATED=$2 DOCKER_SITE_PATH=/var/www/$DOMAIN BASE=$DATASTORE/$BASE_CHARM_NAME DST=$BASE$DOCKER_SITE_PATH DATA=() while IFS="," read -ra ADDR; do for dir in "${ADDR[@]}"; do mkdir -p "$DST/$dir" DATA+=($dir) done done <<< "$DATA_COMMA_SEPARATED" www_data_gid=$(cached_cmd_on_base_image apache 'id -g www-data') || { debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image." return 1 } info "www-data gid from ${DARKYELLOW}apache${NORMAL} is '$www_data_gid'" dirs=() for d in "${DATA[@]}"; do dirs+=("$DST/$d") done chgrp "$www_data_gid" "${dirs[@]}" -R && chmod 775 "${dirs[@]}" -R config-add " $MASTER_BASE_CHARM_NAME: volumes: $( for d in "${DATA[@]}"; do echo " - $DST/$d:$DOCKER_SITE_PATH/$d" done )" } deploy_files() { local src="$1" dst="$2" if ! [ -d "$dst" ]; then err "Destination '$dst' does not exist or is not a directory" return 1 fi ( cd "$dst" && info "In $dst:" && get_file "$src" | tar xv ) } export -f deploy_files