You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

350 lines
7.1 KiB

#!/bin/bash
exname=$(basename $0)
prefix_cmd="
. /etc/shlib
include common
include parse
. ../lib/common
"
# mock
relation-get() {
local key="$1"
echo "$CFG" | shyaml get-value "$key" 2>/dev/null
}
export -f relation-get
cfg-get-value() {
local key="$1"
shyaml get-value "$key" 2>/dev/null
}
export -f cfg-get-value
get_service_relations() {
printf "%s\0" "${RELATIONS[@]}"
}
export -f get_service_relations
export state_tmpdir=$(mktemp -d -t tmp.XXXXXXXXXX)
trap "rm -rf \"$state_tmpdir\"" EXIT
##
## Tests
##
try "
apache_vhost_statement publish_dir ,http, '\
domain: www.example.com
'"
noerror
is out '<VirtualHost *:80>
ServerAdmin contact@www.example.com
ServerName www.example.com
ServerSignature Off
CustomLog /var/log/apache2/www.example.com_access.log combined
ErrorLog /var/log/apache2/www.example.com_error.log
ErrorLog syslog:local2
##
## Publish directory /var/www/www.example.com
##
DocumentRoot /var/www/www.example.com
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/www.example.com>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Allow from all
</Directory>
## Forbid any cache, this is only usefull on dev server.
#Header set Cache-Control "no-cache"
#Header set Access-Control-Allow-Origin "*"
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
#Header set Access-Control-Allow-Headers "origin, content-type, accept"
</VirtualHost>' RTRIM
##
## Aliases
##
try "
apache_vhost_statement publish_dir ,http, '
domain: www.example.com
server-aliases:
- toto
'"
noerror
is out reg 'ServerAlias toto'
try "
apache_vhost_statement publish_dir ,http, '
domain: www.example.com
server-aliases:
- toto
- titi
'"
noerror
is out reg 'ServerAlias toto'
is out reg 'ServerAlias titi'
##
## Creds
##
try "
apache_vhost_statement publish_dir ,http, '
domain: www.example.com
'
" "credentials allow all"
noerror
is out reg 'Allow from all'
try "
apache_vhost_statement publish_dir ,http, '
domain: www.example.com
creds:
toto: xxx
titi: yyy
'
" "credentials with basic auth user/pass"
noerror
is out reg 'AuthType basic'
is out reg 'Require valid-user'
##
## proxy
##
try "
apache_vhost_statement web_proxy ,http, '
domain: www.example.com
target: popo:3333
creds:
toto: titi
'
" "proxy explicit target"
noerror
is out reg 'ProxyPass / http://popo:3333/'
is out part '
<Location / >
AuthType basic
AuthName "private"
AuthUserFile /etc/apache2/sites-enabled/www.example.com.passwd
Require valid-user
ProxyPassReverse /
</Location>
'
##
## ssl
##
try "
apache_vhost_statement web_proxy ,https, '
domain: www.example.com
ssl: true
target: popo:3333
'
" "ssl default generation (ssl-cert-snakeoil)"
noerror
is out reg 'VirtualHost \*:443'
is out reg '<IfModule mod_ssl.c>'
is out reg 'SSLEngine On'
is out reg 'SSLProxyEngine On'
is out reg 'ssl-cert-snakeoil'
is out reg 'CustomLog /var/log/apache2/s-www.example.com_access.log combined'
try "
RELATIONS=()
apache_vhost_statement web_proxy ,https, '
domain: www.example.com
ssl:
ca-cert: a
key: b
cert: c
target: popo:3333
'
" "ssl providing keys inline"
noerror
is out reg 'SSLCertificateFile /etc/ssl/certs/www.example.com.pem'
is out reg 'SSLCertificateKeyFile /etc/ssl/private/www.example.com.key'
is out reg 'SSLCACertificateFile /etc/ssl/certs/www.example.com-ca.pem'
##
## CustomRules
##
try "
apache_vhost_statement web_proxy ,https, '
domain: www.example.com
ssl:
ca-cert: a
key: b
cert: c
apache-custom-rules: |
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302]
target: popo:3333
'
" "custom rules"
noerror
is out reg 'RewriteEngine On'
##
## double def
##
try "
apache_vhost_statement web_proxy ,https,http, '
domain: www.example.com
ssl:
ca-cert: a
key: b
cert: c
apache-custom-rules: |
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302]
target: popo:3333
'
" "both http and https"
noerror
is out '<VirtualHost *:80>
ServerAdmin contact@www.example.com
ServerName www.example.com
ServerSignature Off
CustomLog /var/log/apache2/www.example.com_access.log combined
ErrorLog /var/log/apache2/www.example.com_error.log
ErrorLog syslog:local2
##
## Custom rules
##
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ ?skin=formanoo [L,QSA,R=302]
##
## Proxy declaration towards popo:3333
##
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyVia On
ProxyPass / http://popo:3333/ retry=0
<Location / >
Allow from all
ProxyPassReverse /
</Location>
</IfModule>
RequestHeader set "X-Forwarded-Proto" "http"
## Fix IE problem (httpapache proxy dav error 408/409)
SetEnv proxy-nokeepalive 1
## Forbid any cache, this is only usefull on dev server.
#Header set Cache-Control "no-cache"
#Header set Access-Control-Allow-Origin "*"
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
#Header set Access-Control-Allow-Headers "origin, content-type, accept"
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin contact@www.example.com
ServerName www.example.com
ServerSignature Off
CustomLog /var/log/apache2/s-www.example.com_access.log combined
ErrorLog /var/log/apache2/s-www.example.com_error.log
ErrorLog syslog:local2
##
## Custom rules
##
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ ?skin=formanoo [L,QSA,R=302]
##
## Proxy declaration towards popo:3333
##
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyVia On
ProxyPass / http://popo:3333/ retry=0
<Location / >
Allow from all
ProxyPassReverse /
</Location>
SSLProxyEngine On
</IfModule>
RequestHeader set "X-Forwarded-Proto" "https"
## Fix IE problem (httpapache proxy dav error 408/409)
SetEnv proxy-nokeepalive 1
## Forbid any cache, this is only usefull on dev server.
#Header set Cache-Control "no-cache"
#Header set Access-Control-Allow-Origin "*"
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
#Header set Access-Control-Allow-Headers "origin, content-type, accept"
##
## SSL Configuration
##
SSLEngine On
SSLCertificateFile /etc/ssl/certs/www.example.com.pem
SSLCertificateKeyFile /etc/ssl/private/www.example.com.key
SSLCACertificateFile /etc/ssl/certs/www.example.com-ca.pem
SSLVerifyClient None
</VirtualHost>
</IfModule>' RTRIM