0k-charms/apache/lib/common

# -*- mode: shell-script -*-

export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled"

## XXXvlab: berk, sending conf via environment and args.
apache_ssl_proxy_config () {
    local DOMAIN="$1" TARGET="$2" CUSTOM_RULES="$3" CREDS="$4"
    ## target is meant to be a charm name

    PASSWORD_FILE=/etc/apache2/sites-enabled/${DOMAIN}.passwd
    CRED_PART=
    if [ "$CREDS" ]; then
        CRED_PART="
                AuthType basic
                AuthName "private"
                AuthUserFile ${PASSWORD_FILE}
                Require valid-user
"
        rm -f "$SERVICE_CONFIGSTORE$PASSWORD_FILE"
        include parse
        first=c
        while read-0 login password; do
            debug "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'"
            echo "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'"
            [ "$first" ] && first=
        done < <(echo "$CREDS" | shyaml key-values-0 2>/dev/null) |
            docker run -i --entrypoint "/bin/bash" \
                   -v "$APACHE_CONFIG_LOCATION:/etc/apache2/sites-enabled" \
                   "$DOCKER_BASE_IMAGE" || return 1
    fi

    if [ -z "$SSL_CERT" ]; then
        SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
    fi

    if [ -z "$SSL_KEY" ]; then
        SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key
    fi

    cat <<EOF
<IfModule mod_ssl.c>

    <VirtualHost *:443>
        ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN}
        ServerName ${DOMAIN}
$(
        while read-0 alias; do
            echo "        ServerAlias $alias"
        done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null)
)
        ServerSignature Off
        CustomLog /var/log/apache2/s-${DOMAIN}_access.log combined
        ErrorLog /var/log/apache2/s-${DOMAIN}_error.log
        ErrorLog syslog:local2

        <IfModule mod_proxy.c>
            ProxyRequests Off
            <Proxy *>
                Order deny,allow
                Allow from all
            </Proxy>
            ProxyVia On
            ProxyPass / http://$TARGET/ retry=0
            <Location / >
                ${CRED_PART}
                ProxyPassReverse /
            </Location>
        </IfModule>

        ## Forbid any cache, this is only usefull on dev server.
        #Header set Cache-Control "no-cache"
        #Header set Access-Control-Allow-Origin "*"
        #Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
        #Header set Access-Control-Allow-Headers "origin, content-type, accept"

        RequestHeader set "X-Forwarded-Proto" "https"

        ## Fix IE problem (httpapache proxy dav error 408/409)
        SetEnv proxy-nokeepalive 1
        #ServerSignature On
        SSLProxyEngine On
        SSLEngine On

        ## Full stance
        SSLCertificateFile $SSL_CERT
        SSLCertificateKeyFile $SSL_KEY
        $([ "$SSL_CA_CERT" ] && echo "SSLCACertificateFile $SSL_CA_CERT")
        SSLVerifyClient None

        $CUSTOM_RULES

    </VirtualHost>

</IfModule>
EOF

}
export -f apache_ssl_proxy_config


apache_ssl_config() {
    local DOMAIN=$1


    if [ -z "$SSL_CERT" ]; then
        SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
    fi

    if [ -z "$SSL_KEY" ]; then
        SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key
    fi

    PASSWORD_FILE=/etc/apache2/sites-enabled/${DOMAIN}.passwd
    CRED_PART=
    if [ "$CREDS" ]; then
        CRED_PART="
                AuthType basic
                AuthName \"private\"
                AuthUserFile ${PASSWORD_FILE}
                Require valid-user
"
        include parse || true
        first=
        if ! [ -e "$CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$PASSWORD_FILE" ]; then
            debug "No file $CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$PASSWORD_FILE, creating password file." || true
            first=c
        fi
        while read-0 login password; do
            debug "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" || true
            echo "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'"
            if [ "$first" ]; then
                first=
            fi
        done < <(echo "$CREDS" | shyaml key-values-0 2>/dev/null) |
            docker run -i --entrypoint "/bin/bash" \
                   -v "$APACHE_CONFIG_LOCATION:/etc/apache2/sites-enabled" \
                   "$DOCKER_BASE_IMAGE" || return 1
    else
        CRED_PART="allow from all"
    fi

    cat <<EOF
<IfModule mod_ssl.c>

    <VirtualHost *:443>
        ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN}
        ServerName ${DOMAIN}
$(
        while read-0 alias; do
            echo "        ServerAlias $alias"
        done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null)
)

        ServerSignature Off
        CustomLog /var/log/apache2/s-${DOMAIN}_access.log combined
        ErrorLog /var/log/apache2/s-${DOMAIN}_error.log
        ErrorLog syslog:local2

        DocumentRoot /var/www/${DOMAIN}

        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>

        <Directory /var/www/${DOMAIN}>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                ${CRED_PART}
        </Directory>

        SSLEngine On

        ## Full stance
        SSLCertificateFile $SSL_CERT
        SSLCertificateKeyFile $SSL_KEY
        $([ "$SSL_CA_CERT" ] && echo "SSLCACertificateFile $SSL_CA_CERT")
        SSLVerifyClient None

    </VirtualHost>

</IfModule>
EOF

}
export -f apache_ssl_config


apache_ssl_add () {
    local DOMAIN="$1"
    DOCKER_SITE_PATH=/var/www/$DOMAIN
    BASE=$DATASTORE/$BASE_CHARM_NAME
    DST=$BASE$DOCKER_SITE_PATH
    # [ -e "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" ] && return 0
    mkdir -p "$APACHE_CONFIG_LOCATION" || return 1
    apache_ssl_config "$DOMAIN" > "$APACHE_CONFIG_LOCATION/$DOMAIN.conf"
    www_data_gid=$(cached_cmd_on_base_image apache 'id -g www-data') || {
        debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image."
        return 1
    }
    mkdir -p "$DST"
    setfacl -R -m g:"$www_data_gid":rx "$DST"
    info "Added $DOMAIN apache config."
}
export -f apache_ssl_add


apache_ssl_proxy_add () {
    local DOMAIN="$1" TARGET="$2" CUSTOM_RULES="$3" CREDS="$4"

    mkdir -p "$APACHE_CONFIG_LOCATION" || return 1
    apache_ssl_proxy_config "$DOMAIN" "$TARGET" "$CUSTOM_RULES" "$CREDS" > "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" || return 1
    info "Added $DOMAIN as a proxy to $TARGET."
}
export -f apache_ssl_proxy_add


apache_code_dir() {
    local domain="$1" location="$2"
    config-add "
$MASTER_BASE_CHARM_NAME:
  volumes:
    - $location:/var/www/$domain
"
}

apache_data_dir() {
    local DOMAIN=$1 DATA_COMMA_SEPARATED=$2

    DOCKER_SITE_PATH=/var/www/$DOMAIN
    BASE=$DATASTORE/$BASE_CHARM_NAME
    DST=$BASE$DOCKER_SITE_PATH
    DATA=()
    while IFS="," read -ra ADDR; do
        for dir in "${ADDR[@]}"; do
            mkdir -p "$DST/$dir"
            DATA+=($dir)
        done
    done <<< "$DATA_COMMA_SEPARATED"

    www_data_gid=$(cached_cmd_on_base_image apache 'id -g www-data') || {
        debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image."
        return 1
    }
    info "www-data gid from ${DARKYELLOW}apache${NORMAL} is '$www_data_gid'" 

    dirs=()
    for d in "${DATA[@]}"; do
        dirs+=("$DST/$d")
    done

    chgrp "$www_data_gid" "${dirs[@]}" -R && chmod 775 "${dirs[@]}" -R

    config-add "
$MASTER_BASE_CHARM_NAME:
  volumes:
$(
    for d in "${DATA[@]}"; do
        echo "    - $DST/$d:$DOCKER_SITE_PATH/$d"
    done
)"

}

deploy_files() {
    local src="$1" dst="$2"

    if ! [ -d "$dst" ]; then
        err "Destination '$dst' does not exist or is not a directory"
        return 1
    fi
    (
        cd "$dst" && info "In $dst:" &&
        get_file "$src" | tar xv
    )
}
export -f deploy_files