You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

509 lines
11 KiB

#!/bin/bash
exname=$(basename $0)
compose_core=$(which compose-core) || {
echo "Requires compose-core executable to be in \$PATH." >&2
exit 1
}
fetch-def() {
local path="$1" fname="$2"
( . "$path" 1>&2 || {
echo "Failed to load '$path'." >&2
exit 1
}
declare -f "$fname"
)
}
prefix_cmd="
. /etc/shlib
include common
include parse
. ../lib/common
$(fetch-def "$compose_core" yaml_get_values)
$(fetch-def "$compose_core" yaml_get_interpret)
" || {
echo "Couldn't build prefix cmd" >&2
exit 1
}
# mock
relation-get() {
local key="$1"
echo "$CFG" | shyaml get-value "$key" 2>/dev/null
}
export -f relation-get
cfg-get-value() {
local key="$1"
shyaml get-value "$key" 2>/dev/null
}
export -f cfg-get-value
get_service_relations() {
printf "%s\0" "${RELATIONS[@]}"
}
export -f get_service_relations
export state_tmpdir=$(mktemp -d -t tmp.XXXXXXXXXX)
trap "rm -rf \"$state_tmpdir\"" EXIT
##
## Tests
##
try "
apache_vhost_statement publish_dir ,http, '\
' www.example.com"
noerror
is out '<VirtualHost *:80>
ServerAdmin contact@www.example.com
ServerName www.example.com
ServerSignature Off
CustomLog /var/log/apache2/www.example.com_access.log combined
ErrorLog /var/log/apache2/www.example.com_error.log
ErrorLog syslog:local2
##
## Publish directory /var/www/www.example.com
##
DocumentRoot /var/www/www.example.com
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/www.example.com>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Allow from all
</Directory>
## Forbid any cache, this is only usefull on dev server.
#Header set Cache-Control "no-cache"
#Header set Access-Control-Allow-Origin "*"
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
#Header set Access-Control-Allow-Headers "origin, content-type, accept"
</VirtualHost>' RTRIM
##
## Aliases
##
try "
apache_vhost_statement publish_dir ,http, '' 'www.example.com toto'"
noerror
is out reg 'ServerAlias toto'
try "
apache_vhost_statement publish_dir ,http, '' 'www.example.com toto titi'"
noerror
is out reg 'ServerAlias toto'
is out reg 'ServerAlias titi'
##
## Creds
##
try "
apache_vhost_statement publish_dir ,http, '' www.example.com
" "credentials allow all"
noerror
is out reg 'Allow from all'
try "
apache_vhost_statement publish_dir ,http, '
creds:
toto: xxx
titi: yyy
' www.example.com
" "credentials with basic auth user/pass"
noerror
is out reg 'AuthType basic'
is out reg 'Require valid-user'
##
## proxy
##
try "
apache_vhost_statement web_proxy ,http, '
target: popo:3333
creds:
toto: titi
' www.example.com
" "proxy explicit target"
noerror
is out reg 'ProxyPass / http://popo:3333/'
is out part '
<Location / >
AuthType basic
AuthName "private"
AuthUserFile /etc/apache2/sites-enabled/www.example.com.passwd
Require valid-user
ProxyPassReverse http://popo:3333/
</Location>
'
try "
apache_vhost_statement web_proxy ,http, '
target: popo:3333
apache-proxy-pass-options: nocanon
' www.example.com
" "proxy proxy-pass options"
noerror
is out reg 'ProxyPass / http://popo:3333/ nocanon'
##
## ssl
##
try "
apache_vhost_statement web_proxy ,https, '
ssl: true
target: popo:3333
' www.example.com
" "ssl default generation (ssl-cert-snakeoil)"
noerror
is out reg 'VirtualHost \*:443'
is out reg '<IfModule mod_ssl.c>'
is out reg 'SSLEngine On'
is out reg 'SSLProxyEngine On'
is out reg 'ssl-cert-snakeoil'
is out reg 'CustomLog /var/log/apache2/s-www.example.com_access.log combined'
try "
RELATIONS=()
apache_vhost_statement web_proxy ,https, '
ssl:
ca-cert: a
key: b
cert: c
target: popo:3333
' www.example.com
" "ssl providing keys inline"
noerror
is out reg 'SSLCertificateFile /etc/ssl/certs/www.example.com.pem'
is out reg 'SSLCertificateKeyFile /etc/ssl/private/www.example.com.key'
is out reg 'SSLCACertificateFile /etc/ssl/certs/www.example.com-ca.pem'
##
## CustomRules
##
try "
apache_vhost_statement web_proxy ,https, '
ssl:
ca-cert: a
key: b
cert: c
apache-custom-rules: |
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302]
target: popo:3333
' www.example.com
" "custom rules"
noerror
is out reg 'RewriteEngine On'
##
## double def
##
try "
apache_vhost_statement web_proxy ,https,http, '
ssl:
ca-cert: a
key: b
cert: c
apache-custom-rules: |
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302]
target: popo:3333
' www.example.com
" "both http and https"
noerror
is out '<VirtualHost *:80>
ServerAdmin contact@www.example.com
ServerName www.example.com
ServerSignature Off
CustomLog /var/log/apache2/www.example.com_access.log combined
ErrorLog /var/log/apache2/www.example.com_error.log
ErrorLog syslog:local2
##
## Custom rules
##
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ ?skin=formanoo [L,QSA,R=302]
##
## Proxy declaration towards popo:3333
##
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyVia On
ProxyPass / http://popo:3333/ retry=0
<Location / >
Allow from all
ProxyPassReverse http://popo:3333/
</Location>
</IfModule>
SetEnvIf X-Forwarded-Proto "^$" forwarded_proto_not_set=true
RequestHeader set "X-Forwarded-Proto" "http" env=forwarded_proto_not_set
## Fix IE problem (httpapache proxy dav error 408/409)
SetEnv proxy-nokeepalive 1
## Forbid any cache, this is only usefull on dev server.
#Header set Cache-Control "no-cache"
#Header set Access-Control-Allow-Origin "*"
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
#Header set Access-Control-Allow-Headers "origin, content-type, accept"
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin contact@www.example.com
ServerName www.example.com
ServerSignature Off
CustomLog /var/log/apache2/s-www.example.com_access.log combined
ErrorLog /var/log/apache2/s-www.example.com_error.log
ErrorLog syslog:local2
##
## Custom rules
##
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ ?skin=formanoo [L,QSA,R=302]
##
## Proxy declaration towards popo:3333
##
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyVia On
ProxyPass / http://popo:3333/ retry=0
<Location / >
Allow from all
ProxyPassReverse http://popo:3333/
</Location>
SSLProxyEngine On
</IfModule>
SetEnvIf X-Forwarded-Proto "^$" forwarded_proto_not_set=true
RequestHeader set "X-Forwarded-Proto" "https" env=forwarded_proto_not_set
## Fix IE problem (httpapache proxy dav error 408/409)
SetEnv proxy-nokeepalive 1
## Forbid any cache, this is only usefull on dev server.
#Header set Cache-Control "no-cache"
#Header set Access-Control-Allow-Origin "*"
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
#Header set Access-Control-Allow-Headers "origin, content-type, accept"
##
## SSL Configuration
##
SSLEngine On
SSLCertificateFile /etc/ssl/certs/www.example.com.pem
SSLCertificateKeyFile /etc/ssl/private/www.example.com.key
SSLCACertificateFile /etc/ssl/certs/www.example.com-ca.pem
SSLVerifyClient None
</VirtualHost>
</IfModule>' RTRIM
##
## single def no domain
##
try "
apache_vhost_statement publish_dir ,http, '
apache-custom-rules: |
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302]
target: popo:3333
' ""
" "http without domain"
noerror
is out '<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerSignature Off
CustomLog /var/log/apache2/access.log combined
ErrorLog /var/log/apache2/error.log
ErrorLog syslog:local2
##
## Custom rules
##
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ ?skin=formanoo [L,QSA,R=302]
##
## Publish directory /var/www/html
##
DocumentRoot /var/www/html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Allow from all
</Directory>
## Forbid any cache, this is only usefull on dev server.
#Header set Cache-Control "no-cache"
#Header set Access-Control-Allow-Origin "*"
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
#Header set Access-Control-Allow-Headers "origin, content-type, accept"
</VirtualHost>' RTRIM
try "
apache_vhost_statement ssh_tunnel ,https, '
ssl: true
apache-custom-rules: |
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302]
target: popo:3333
' 'ssh.example.com'
" "ssh tunnel"
noerror
is out '
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin contact@ssh.example.com
ServerName ssh.example.com
ServerSignature Off
CustomLog /var/log/apache2/s-ssh.example.com_access.log combined
ErrorLog /var/log/apache2/s-ssh.example.com_error.log
ErrorLog syslog:local2
##
## Custom rules
##
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ ?skin=formanoo [L,QSA,R=302]
##
## SSH Tunnel
##
#HostnameLookups On
ProxyRequests On
AllowConnect 22
#ProxyVia on
### Deny everything by default
<Proxy *>
Order deny,allow
Deny from all
</proxy>
### Accept redirect only to same domain
<Proxy ssh.example.com>
Order deny,allow
Allow from all
</Proxy>
## Forbid any cache, this is only usefull on dev server.
#Header set Cache-Control "no-cache"
#Header set Access-Control-Allow-Origin "*"
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
#Header set Access-Control-Allow-Headers "origin, content-type, accept"
##
## SSL Configuration
##
SSLEngine On
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLVerifyClient None
</VirtualHost>
</IfModule>' RTRIM