You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
277 lines
7.7 KiB
277 lines
7.7 KiB
# -*- mode: shell-script -*-
|
|
|
|
export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled"
|
|
|
|
## XXXvlab: berk, sending conf via environment and args.
|
|
apache_ssl_proxy_config () {
|
|
local DOMAIN="$1" TARGET="$2" CUSTOM_RULES="$3" CREDS="$4"
|
|
## target is meant to be a charm name
|
|
|
|
PASSWORD_FILE=/etc/apache2/sites-enabled/${DOMAIN}.passwd
|
|
CRED_PART=
|
|
if [ "$CREDS" ]; then
|
|
CRED_PART="
|
|
AuthType basic
|
|
AuthName "private"
|
|
AuthUserFile ${PASSWORD_FILE}
|
|
Require valid-user
|
|
"
|
|
rm -f "$SERVICE_CONFIGSTORE$PASSWORD_FILE"
|
|
include parse
|
|
first=c
|
|
while read-0 login password; do
|
|
debug "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'"
|
|
echo "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'"
|
|
[ "$first" ] && first=
|
|
done < <(echo "$CREDS" | shyaml key-values-0 2>/dev/null) |
|
|
docker run -i --entrypoint "/bin/bash" \
|
|
-v "$APACHE_CONFIG_LOCATION:/etc/apache2/sites-enabled" \
|
|
"$DOCKER_BASE_IMAGE" || return 1
|
|
fi
|
|
|
|
if [ -z "$SSL_CERT" ]; then
|
|
SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
fi
|
|
|
|
if [ -z "$SSL_KEY" ]; then
|
|
SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key
|
|
fi
|
|
|
|
cat <<EOF
|
|
<IfModule mod_ssl.c>
|
|
|
|
<VirtualHost *:443>
|
|
ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN}
|
|
ServerName ${DOMAIN}
|
|
$(
|
|
while read-0 alias; do
|
|
echo " ServerAlias $alias"
|
|
done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null)
|
|
)
|
|
ServerSignature Off
|
|
CustomLog /var/log/apache2/s-${DOMAIN}_access.log combined
|
|
ErrorLog /var/log/apache2/s-${DOMAIN}_error.log
|
|
ErrorLog syslog:local2
|
|
|
|
<IfModule mod_proxy.c>
|
|
ProxyRequests Off
|
|
<Proxy *>
|
|
Order deny,allow
|
|
Allow from all
|
|
</Proxy>
|
|
ProxyVia On
|
|
ProxyPass / http://$TARGET/ retry=0
|
|
<Location / >
|
|
${CRED_PART}
|
|
ProxyPassReverse /
|
|
</Location>
|
|
</IfModule>
|
|
|
|
## Forbid any cache, this is only usefull on dev server.
|
|
#Header set Cache-Control "no-cache"
|
|
#Header set Access-Control-Allow-Origin "*"
|
|
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
|
|
#Header set Access-Control-Allow-Headers "origin, content-type, accept"
|
|
|
|
RequestHeader set "X-Forwarded-Proto" "https"
|
|
|
|
## Fix IE problem (httpapache proxy dav error 408/409)
|
|
SetEnv proxy-nokeepalive 1
|
|
#ServerSignature On
|
|
SSLProxyEngine On
|
|
SSLEngine On
|
|
|
|
## Full stance
|
|
SSLCertificateFile $SSL_CERT
|
|
SSLCertificateKeyFile $SSL_KEY
|
|
$([ "$SSL_CA_CERT" ] && echo "SSLCACertificateFile $SSL_CA_CERT")
|
|
SSLVerifyClient None
|
|
|
|
$CUSTOM_RULES
|
|
|
|
</VirtualHost>
|
|
|
|
</IfModule>
|
|
EOF
|
|
|
|
}
|
|
export -f apache_ssl_proxy_config
|
|
|
|
|
|
apache_ssl_config() {
|
|
local DOMAIN=$1
|
|
|
|
|
|
if [ -z "$SSL_CERT" ]; then
|
|
SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
fi
|
|
|
|
if [ -z "$SSL_KEY" ]; then
|
|
SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key
|
|
fi
|
|
|
|
PASSWORD_FILE=/etc/apache2/sites-enabled/${DOMAIN}.passwd
|
|
CRED_PART=
|
|
if [ "$CREDS" ]; then
|
|
CRED_PART="
|
|
AuthType basic
|
|
AuthName \"private\"
|
|
AuthUserFile ${PASSWORD_FILE}
|
|
Require valid-user
|
|
"
|
|
include parse || true
|
|
first=
|
|
if ! [ -e "$CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$PASSWORD_FILE" ]; then
|
|
debug "No file $CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$PASSWORD_FILE, creating password file." || true
|
|
first=c
|
|
fi
|
|
while read-0 login password; do
|
|
debug "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" || true
|
|
echo "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'"
|
|
if [ "$first" ]; then
|
|
first=
|
|
fi
|
|
done < <(echo "$CREDS" | shyaml key-values-0 2>/dev/null) |
|
|
docker run -i --entrypoint "/bin/bash" \
|
|
-v "$APACHE_CONFIG_LOCATION:/etc/apache2/sites-enabled" \
|
|
"$DOCKER_BASE_IMAGE" || return 1
|
|
else
|
|
CRED_PART="allow from all"
|
|
fi
|
|
|
|
cat <<EOF
|
|
<IfModule mod_ssl.c>
|
|
|
|
<VirtualHost *:443>
|
|
ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN}
|
|
ServerName ${DOMAIN}
|
|
$(
|
|
while read-0 alias; do
|
|
echo " ServerAlias $alias"
|
|
done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null)
|
|
)
|
|
|
|
ServerSignature Off
|
|
CustomLog /var/log/apache2/s-${DOMAIN}_access.log combined
|
|
ErrorLog /var/log/apache2/s-${DOMAIN}_error.log
|
|
ErrorLog syslog:local2
|
|
|
|
DocumentRoot /var/www/${DOMAIN}
|
|
|
|
<Directory />
|
|
Options FollowSymLinks
|
|
AllowOverride None
|
|
</Directory>
|
|
|
|
<Directory /var/www/${DOMAIN}>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverride all
|
|
${CRED_PART}
|
|
</Directory>
|
|
|
|
SSLEngine On
|
|
|
|
## Full stance
|
|
SSLCertificateFile $SSL_CERT
|
|
SSLCertificateKeyFile $SSL_KEY
|
|
$([ "$SSL_CA_CERT" ] && echo "SSLCACertificateFile $SSL_CA_CERT")
|
|
SSLVerifyClient None
|
|
|
|
</VirtualHost>
|
|
|
|
</IfModule>
|
|
EOF
|
|
|
|
}
|
|
export -f apache_ssl_config
|
|
|
|
|
|
apache_ssl_add () {
|
|
local DOMAIN="$1"
|
|
DOCKER_SITE_PATH=/var/www/$DOMAIN
|
|
BASE=$DATASTORE/$BASE_CHARM_NAME
|
|
DST=$BASE$DOCKER_SITE_PATH
|
|
# [ -e "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" ] && return 0
|
|
mkdir -p "$APACHE_CONFIG_LOCATION" || return 1
|
|
apache_ssl_config "$DOMAIN" > "$APACHE_CONFIG_LOCATION/$DOMAIN.conf"
|
|
www_data_gid=$(cached_cmd_on_base_image apache 'id -g www-data') || {
|
|
debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image."
|
|
return 1
|
|
}
|
|
mkdir -p "$DST"
|
|
setfacl -R -m g:"$www_data_gid":rx "$DST"
|
|
info "Added $DOMAIN apache config."
|
|
}
|
|
export -f apache_ssl_add
|
|
|
|
|
|
apache_ssl_proxy_add () {
|
|
local DOMAIN="$1" TARGET="$2" CUSTOM_RULES="$3" CREDS="$4"
|
|
|
|
mkdir -p "$APACHE_CONFIG_LOCATION" || return 1
|
|
apache_ssl_proxy_config "$DOMAIN" "$TARGET" "$CUSTOM_RULES" "$CREDS" > "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" || return 1
|
|
info "Added $DOMAIN as a proxy to $TARGET."
|
|
}
|
|
export -f apache_ssl_proxy_add
|
|
|
|
|
|
apache_code_dir() {
|
|
local domain="$1" location="$2"
|
|
config-add "
|
|
$MASTER_BASE_CHARM_NAME:
|
|
volumes:
|
|
- $location:/var/www/$domain
|
|
"
|
|
}
|
|
|
|
apache_data_dir() {
|
|
local DOMAIN=$1 DATA_COMMA_SEPARATED=$2
|
|
|
|
DOCKER_SITE_PATH=/var/www/$DOMAIN
|
|
BASE=$DATASTORE/$BASE_CHARM_NAME
|
|
DST=$BASE$DOCKER_SITE_PATH
|
|
DATA=()
|
|
while IFS="," read -ra ADDR; do
|
|
for dir in "${ADDR[@]}"; do
|
|
mkdir -p "$DST/$dir"
|
|
DATA+=($dir)
|
|
done
|
|
done <<< "$DATA_COMMA_SEPARATED"
|
|
|
|
www_data_gid=$(cached_cmd_on_base_image apache 'id -g www-data') || {
|
|
debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image."
|
|
return 1
|
|
}
|
|
info "www-data gid from ${DARKYELLOW}apache${NORMAL} is '$www_data_gid'"
|
|
|
|
dirs=()
|
|
for d in "${DATA[@]}"; do
|
|
dirs+=("$DST/$d")
|
|
done
|
|
|
|
chgrp "$www_data_gid" "${dirs[@]}" -R && chmod 775 "${dirs[@]}" -R
|
|
|
|
config-add "
|
|
$MASTER_BASE_CHARM_NAME:
|
|
volumes:
|
|
$(
|
|
for d in "${DATA[@]}"; do
|
|
echo " - $DST/$d:$DOCKER_SITE_PATH/$d"
|
|
done
|
|
)"
|
|
|
|
}
|
|
|
|
deploy_files() {
|
|
local src="$1" dst="$2"
|
|
|
|
if ! [ -d "$dst" ]; then
|
|
err "Destination '$dst' does not exist or is not a directory"
|
|
return 1
|
|
fi
|
|
(
|
|
cd "$dst" && info "In $dst:" &&
|
|
get_file "$src" | tar xv
|
|
)
|
|
}
|
|
export -f deploy_files
|