Browse Source

new: [apache] update to latests files from formanoo-charms.

postgres
Valentin Lab 9 years ago
parent
commit
d975017fbd
  1. 2
      apache/build/etc/php/php.ini
  2. 4
      apache/hooks/install.old
  3. 70
      apache/hooks/publish_dir-relation-joined
  4. 48
      apache/hooks/web_proxy-relation-joined
  5. 530
      apache/lib/common
  6. 20
      apache/metadata.yml
  7. 166
      apache/test/libtest
  8. 360
      apache/test/vhost
  9. 243
      apache/test/vhost_files

2
apache/build/etc/php/php.ini

@ -0,0 +1,2 @@
max_execution_time = 900

4
apache/hooks/install → apache/hooks/install.old

@ -2,6 +2,10 @@
set -eux
## Old lxc script, might be used as a base for new docker Dockerfile generator.
##
##
apt-get -y install apache2 libapache2-mod-php5 libtidy-0.99-0 build-essential </dev/null

70
apache/hooks/publish_dir-relation-joined

@ -6,71 +6,9 @@
set -e
DOMAIN=$(relation-get domain)
DATA_DIRS=$(relation-get data_dirs 2>/dev/null | shyaml get-values 2>/dev/null) || true
LOCATION=$(relation-get location 2>/dev/null) || true
CREDS=$(relation-get creds 2>/dev/null) || true
SERVER_ALIAS=$(relation-get server-alias 2>/dev/null) || true
apache_publish_dir
export SERVER_ALIAS
if SSL_CERT_LOCATION=$(relation-get ssl-cert-file 2>/dev/null); then
SSL_CERT=/etc/ssl/certs/${DOMAIN}.pem
config-add "\
$MASTER_BASE_CHARM_NAME:
volumes:
- ${SSL_CERT_LOCATION}:${SSL_CERT}
"
fi
if SSL_KEY_LOCATION=$(relation-get ssl-key-file 2>/dev/null); then
SSL_KEY=/etc/ssl/private/${DOMAIN}.key
config-add "\
$MASTER_BASE_CHARM_NAME:
volumes:
- ${SSL_KEY_LOCATION}:${SSL_KEY}
"
fi
if SSL_CA_CERT_LOCATION=$(relation-get ssl-ca-cert-file 2>/dev/null); then
SSL_CA_CERT=/etc/ssl/cert/${DOMAIN}-ca.pem
config-add "\
$MASTER_BASE_CHARM_NAME:
volumes:
- ${SSL_CA_CERT_LOCATION}:${SSL_CA_CERT}
"
fi
export CREDS
apache_ssl_add "$DOMAIN"
if [ "$LOCATION" ]; then
if [ -d "$LOCATION" -a ! -d "$LOCATION/.git" ]; then
err "Hum, location '$LOCATION' does not seem to be a git directory."
exit 1
fi
if ! [ -d "$LOCATION/.git" ]; then
BRANCH=$(relation-get branch)
BRANCH=${BRANCH:-master}
SOURCE=$(relation-get source)
parent="$(dirname "$LOCATION")"
(
mkdir -p "$parent" && cd "$parent"
git clone -b "$BRANCH" "$SOURCE" "$(basename "$LOCATION")"
)
fi
apache_code_dir "$DOMAIN" "$LOCATION"
else
mkdir -p "$SERVICE_DATASTORE/var/www/${DOMAIN}" || return 1
config-add "
$MASTER_BASE_CHARM_NAME:
volumes:
- $DATASTORE/$BASE_CHARM_NAME/var/www/${DOMAIN}:/var/www/${DOMAIN}
"
fi
if [ "$DATA_DIRS" ]; then
apache_data_dir "$DOMAIN" "$DATA_DIRS"
APACHE_CORE_RULES=$(relation-get apache-core-rules 2>/dev/null) || true
if [ "$APACHE_CORE_RULES" ]; then
apache_core_rules_add "$APACHE_CORE_RULES"
fi

48
apache/hooks/web_proxy-relation-joined

@ -6,50 +6,10 @@
set -e
DOMAIN=$(relation-get domain)
TARGET=$(relation-get target)
APACHE_CUSTOM_RULES=$(relation-get apache-custom-rules 2>/dev/null) || true
CREDS=$(relation-get creds 2>/dev/null) || true
SERVER_ALIAS=$(relation-get server-alias 2>/dev/null) || true
apache_proxy_dir
export SERVER_ALIAS
if SSL_CERT_LOCATION=$(relation-get ssl-cert-file 2>/dev/null); then
SSL_CERT=/etc/ssl/certs/${DOMAIN}.pem
config-add "\
$MASTER_TARGET_CHARM_NAME:
volumes:
- ${SSL_CERT_LOCATION}:${SSL_CERT}
"
fi
if SSL_KEY_LOCATION=$(relation-get ssl-key-file 2>/dev/null); then
SSL_KEY=/etc/ssl/private/${DOMAIN}.key
config-add "\
$MASTER_TARGET_CHARM_NAME:
volumes:
- ${SSL_KEY_LOCATION}:${SSL_KEY}
"
fi
if SSL_CA_CERT_LOCATION=$(relation-get ssl-ca-cert-file 2>/dev/null); then
SSL_CA_CERT=/etc/ssl/cert/${DOMAIN}-ca.pem
config-add "\
$MASTER_TARGET_CHARM_NAME:
volumes:
- ${SSL_CA_CERT_LOCATION}:${SSL_CA_CERT}
"
APACHE_CORE_RULES=$(relation-get apache-core-rules 2>/dev/null) || true
if [ "$APACHE_CORE_RULES" ]; then
apache_core_rules_add "$APACHE_CORE_RULES"
fi
control=$(echo "$DOMAIN%$TARGET%$APACHE_CUSTOM_RULES%$CREDS%$SSL_CERT%$SSL_CA_CERT%$SSL_KEY" | md5_compat)
[ "$control" == "$(relation-get control 2>/dev/null)" ] && exit 0
## XXXvlab: could probably figure target ourselves
apache_ssl_proxy_add "$DOMAIN" "$TARGET" "$APACHE_CUSTOM_RULES" "$CREDS"
relation-set control "$control"
info "Configured $DARKYELLOW$BASE_CHARM_NAME$NORMAL for proxy access."

530
apache/lib/common

@ -1,242 +1,196 @@
# -*- mode: shell-script -*-
export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled"
## XXXvlab: berk, sending conf via environment and args.
apache_ssl_proxy_config () {
local DOMAIN="$1" TARGET="$2" CUSTOM_RULES="$3" CREDS="$4"
## target is meant to be a charm name
PASSWORD_FILE=/etc/apache2/sites-enabled/${DOMAIN}.passwd
CRED_PART=
if [ "$CREDS" ]; then
CRED_PART="
AuthType basic
AuthName "private"
AuthUserFile ${PASSWORD_FILE}
Require valid-user
"
rm -f "$SERVICE_CONFIGSTORE$PASSWORD_FILE"
include parse
first=c
while read-0 login password; do
debug "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'"
echo "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'"
[ "$first" ] && first=
done < <(echo "$CREDS" | shyaml key-values-0 2>/dev/null) |
docker run -i --entrypoint "/bin/bash" \
-v "$APACHE_CONFIG_LOCATION:/etc/apache2/sites-enabled" \
"$DOCKER_BASE_IMAGE" || return 1
fi
if [ -z "$SSL_CERT" ]; then
SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
fi
apache_proxy_dir () {
DOMAIN=$(relation-get domain) || {
err "You must specify a ${WHITE}domain$NORMAL option in relation."
return 1
}
proxy=yes apache_vhost_create
info "Added $DOMAIN as a proxy to $TARGET."
}
export -f apache_proxy_dir
if [ -z "$SSL_KEY" ]; then
SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key
fi
cat <<EOF
<IfModule mod_ssl.c>
apache_publish_dir () {
DOMAIN=$(relation-get domain) || {
err "You must specify a ${WHITE}domain$NORMAL option in relation."
return 1
}
DOCKER_SITE_PATH="/var/www/${DOMAIN}"
LOCATION=$(relation-get location 2>/dev/null) ||
LOCATION="$DATASTORE/$BASE_CHARM_NAME$DOCKER_SITE_PATH"
<VirtualHost *:443>
ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN}
ServerName ${DOMAIN}
$(
while read-0 alias; do
echo " ServerAlias $alias"
done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null)
)
ServerSignature Off
CustomLog /var/log/apache2/s-${DOMAIN}_access.log combined
ErrorLog /var/log/apache2/s-${DOMAIN}_error.log
ErrorLog syslog:local2
apache_vhost_create || return 1
info "Added $DOMAIN apache config."
apache_code_dir || return 1
apache_data_dirs
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyVia On
ProxyPass / http://$TARGET/ retry=0
<Location / >
${CRED_PART}
ProxyPassReverse /
</Location>
</IfModule>
}
export -f apache_publish_dir
## Forbid any cache, this is only usefull on dev server.
#Header set Cache-Control "no-cache"
#Header set Access-Control-Allow-Origin "*"
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
#Header set Access-Control-Allow-Headers "origin, content-type, accept"
RequestHeader set "X-Forwarded-Proto" "https"
apache_vhost_create () {
export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled"
## Fix IE problem (httpapache proxy dav error 408/409)
SetEnv proxy-nokeepalive 1
#ServerSignature On
SSLProxyEngine On
SSLEngine On
export PROTOCOLS=$(__vhost_cfg_normalize_protocol) || return 1
## Full stance
SSLCertificateFile $SSL_CERT
SSLCertificateKeyFile $SSL_KEY
$([ "$SSL_CA_CERT" ] && echo "SSLCACertificateFile $SSL_CA_CERT")
SSLVerifyClient None
apache_vhost_statement "$PROTOCOLS" |
file_put "$APACHE_CONFIG_LOCATION/$prefix$DOMAIN.conf" || return 1
$CUSTOM_RULES
__vhost_cfg_creds_enabled=$(relation-get creds 2>/dev/null) || true
if [ "$__vhost_cfg_creds_enabled" ]; then
apache_passwd_file
fi
</VirtualHost>
if is_protocol_enabled https; then
apache_ssl_files
fi
}
</IfModule>
EOF
is_protocol_enabled() {
local protocol=$1
[[ "$PROTOCOLS" == *",$protocol,"* ]]
}
export -f apache_ssl_proxy_config
export -f is_protocol_enabled
apache_ssl_config() {
local DOMAIN=$1
__vhost_cfg_normalize_protocol() {
local protocol
if ! protocol=$(relation-get protocol 2>/dev/null); then
protocol=auto
else
protocol=${protocol:-auto}
fi
if [ -z "$SSL_CERT" ]; then
SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
case "$protocol" in
auto)
if __vhost_cfg_ssl="$(relation-get ssl 2>/dev/null)"; then
protocol="https"
export __vhost_cfg_ssl
else
protocol="http"
fi
;;
both)
protocol="https,http"
;;
ssl|https)
protocol="https"
;;
http)
protocol="http"
;;
*)
err "Invalid value '$protocol' for ${WHITE}protocol$NORMAL option (use one of: http, https, both, auto)."
return 1
esac
echo ",$protocol,"
}
if [ -z "$SSL_KEY" ]; then
SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key
apache_ssl_files() {
local content
## XXXvlab: called twice... no better way to do this ?
__vhost_ssl_statement > /dev/null
dst="$CONFIGSTORE/$BASE_CHARM_NAME"
volumes=""
for label in cert key ca_cert; do
content="$(eval echo "\"\$__vhost_cfg_ssl_$label\"")"
if [ "$content" ]; then
location="$(eval echo "\$__vhost_cfg_SSL_${label^^}_LOCATION")"
echo "$content" | file_put "$dst$location"
volumes="$volumes
- $dst$location:$location:ro"
fi
done
PASSWORD_FILE=/etc/apache2/sites-enabled/${DOMAIN}.passwd
CRED_PART=
if [ "$CREDS" ]; then
CRED_PART="
AuthType basic
AuthName \"private\"
AuthUserFile ${PASSWORD_FILE}
Require valid-user
if [ "$volumes" ]; then
config-add "\
$MASTER_TARGET_CHARM_NAME:
volumes:
$volumes
"
fi
}
apache_passwd_file() {
include parse || true
## XXXvlab: called twice... no better way to do this ?
__vhost_creds_statement >/dev/null
first=
if ! [ -e "$CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$PASSWORD_FILE" ]; then
debug "No file $CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$PASSWORD_FILE, creating password file." || true
if ! [ -e "$CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$password_file" ]; then
debug "No file $CONFIGSTORE/$MASTER_TARGET_CHARM_NAME$password_file, creating password file." || true
first=c
fi
while read-0 login password; do
debug "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'" || true
echo "htpasswd -b$first ${PASSWORD_FILE} '$login' '$password'"
debug "htpasswd -b$first '${password_file}' '$login' '$password'"
echo "htpasswd -b$first '${password_file}' '$login' '$password'"
if [ "$first" ]; then
first=
fi
done < <(echo "$CREDS" | shyaml key-values-0 2>/dev/null) |
done < <(echo "$__vhost_cfg_creds_enabled" | shyaml key-values-0 2>/dev/null) |
docker run -i --entrypoint "/bin/bash" \
-v "$APACHE_CONFIG_LOCATION:/etc/apache2/sites-enabled" \
"$DOCKER_BASE_IMAGE" || return 1
else
CRED_PART="allow from all"
fi
cat <<EOF
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN}
ServerName ${DOMAIN}
$(
while read-0 alias; do
echo " ServerAlias $alias"
done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null)
)
ServerSignature Off
CustomLog /var/log/apache2/s-${DOMAIN}_access.log combined
ErrorLog /var/log/apache2/s-${DOMAIN}_error.log
ErrorLog syslog:local2
DocumentRoot /var/www/${DOMAIN}
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/${DOMAIN}>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
${CRED_PART}
</Directory>
SSLEngine On
}
## Full stance
SSLCertificateFile $SSL_CERT
SSLCertificateKeyFile $SSL_KEY
$([ "$SSL_CA_CERT" ] && echo "SSLCACertificateFile $SSL_CA_CERT")
SSLVerifyClient None
## Produce the full statements depending on relation-get informations
apache_vhost_statement() {
local vhost_statement
export PROTOCOLS="$1"
</VirtualHost>
if is_protocol_enabled http; then
__vhost_full_vhost_statement http
fi
if is_protocol_enabled https; then
cat <<EOF
<IfModule mod_ssl.c>
$(__vhost_full_vhost_statement https | prefix " ")
</IfModule>
EOF
fi
}
export -f apache_ssl_config
export -f apache_vhost_statement
apache_ssl_add () {
local DOMAIN="$1"
DOCKER_SITE_PATH=/var/www/$DOMAIN
BASE=$DATASTORE/$BASE_CHARM_NAME
DST=$BASE$DOCKER_SITE_PATH
# [ -e "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" ] && return 0
mkdir -p "$APACHE_CONFIG_LOCATION" || return 1
apache_ssl_config "$DOMAIN" > "$APACHE_CONFIG_LOCATION/$DOMAIN.conf"
apache_code_dir() {
local www_data_gid
www_data_gid=$(cached_cmd_on_base_image apache 'id -g www-data') || {
debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image."
return 1
}
mkdir -p "$DST"
setfacl -R -m g:"$www_data_gid":rx "$DST"
info "Added $DOMAIN apache config."
}
export -f apache_ssl_add
apache_ssl_proxy_add () {
local DOMAIN="$1" TARGET="$2" CUSTOM_RULES="$3" CREDS="$4"
mkdir -p "$APACHE_CONFIG_LOCATION" || return 1
apache_ssl_proxy_config "$DOMAIN" "$TARGET" "$CUSTOM_RULES" "$CREDS" > "$APACHE_CONFIG_LOCATION/$DOMAIN.conf" || return 1
info "Added $DOMAIN as a proxy to $TARGET."
}
export -f apache_ssl_proxy_add
mkdir -p "$LOCATION" || return 1
setfacl -R -m g:"$www_data_gid":rx "$LOCATION"
info "Set permission for read and traversal on '$LOCATION'."
apache_code_dir() {
local domain="$1" location="$2"
config-add "
$MASTER_BASE_CHARM_NAME:
volumes:
- $location:/var/www/$domain
- $LOCATION:$DOCKER_SITE_PATH
"
}
apache_data_dir() {
local DOMAIN=$1 DATA_COMMA_SEPARATED=$2
apache_data_dirs() {
DATA_DIRS=$(relation-get data-dirs 2>/dev/null | shyaml get-values 2>/dev/null) || true
if [ -z "$DATA_DIRS" ]; then
return 0
fi
DOCKER_SITE_PATH=/var/www/$DOMAIN
BASE=$DATASTORE/$BASE_CHARM_NAME
DST=$BASE$DOCKER_SITE_PATH
DST=$DATASTORE/$BASE_CHARM_NAME$DOCKER_SITE_PATH
DATA=()
while IFS="," read -ra ADDR; do
for dir in "${ADDR[@]}"; do
mkdir -p "$DST/$dir"
DATA+=($dir)
done
done <<< "$DATA_COMMA_SEPARATED"
done <<< "$DATA_DIRS"
www_data_gid=$(cached_cmd_on_base_image apache 'id -g www-data') || {
debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image."
@ -249,7 +203,9 @@ apache_data_dir() {
dirs+=("$DST/$d")
done
chgrp "$www_data_gid" "${dirs[@]}" -R && chmod 775 "${dirs[@]}" -R
mkdir -p "${dirs[@]}"
setfacl -R -m g:"$www_data_gid":rwx "${dirs[@]}"
setfacl -R -d -m g:"$www_data_gid":rwx "${dirs[@]}"
config-add "
$MASTER_BASE_CHARM_NAME:
@ -275,3 +231,221 @@ deploy_files() {
)
}
export -f deploy_files
apache_core_rules_add() {
local conf="$1" dst="/etc/apache2/conf-enabled/$BASE_CHARM_NAME.conf"
debug "Adding core rule."
echo "$conf" | file_put "$CONFIGSTORE/$BASE_CHARM_NAME$dst"
config-add "
$MASTER_BASE_CHARM_NAME:
volumes:
- $CONFIGSTORE/$BASE_CHARM_NAME$dst:$dst:ro
"
}
__vhost_ssl_statement() {
local key cert ca_cert
__vhost_cfg_ssl="$(relation-get ssl 2>/dev/null)"
if __vhost_cfg_ssl_cert=$(echo "$__vhost_cfg_ssl" | shyaml get-value cert 2>/dev/null); then
__vhost_cfg_SSL_CERT_LOCATION=/etc/ssl/certs/${DOMAIN}.pem
fi
if __vhost_cfg_ssl_key=$(echo "$__vhost_cfg_ssl" | shyaml get-value key 2>/dev/null); then
__vhost_cfg_SSL_KEY_LOCATION=/etc/ssl/private/${DOMAIN}.key
fi
if __vhost_cfg_ssl_ca_cert=$(echo "$__vhost_cfg_ssl" | shyaml get-value ca-cert 2>/dev/null); then
__vhost_cfg_SSL_CA_CERT_LOCATION=/etc/ssl/certs/${DOMAIN}-ca.pem
fi
if [ -z "$__vhost_cfg_SSL_CERT_LOCATION" ]; then
__vhost_cfg_SSL_CERT_LOCATION=/etc/ssl/certs/ssl-cert-snakeoil.pem
fi
if [ -z "$__vhost_cfg_SSL_KEY_LOCATION" ]; then
__vhost_cfg_SSL_KEY_LOCATION=/etc/ssl/private/ssl-cert-snakeoil.key
fi
cat <<EOF
##
## SSL Configuration
##
SSLEngine On
SSLCertificateFile $__vhost_cfg_SSL_CERT_LOCATION
SSLCertificateKeyFile $__vhost_cfg_SSL_KEY_LOCATION
$([ -z "$__vhost_cfg_SSL_CA_CERT_LOCATION" ] || echo "SSLCACertificateFile $__vhost_cfg_SSL_CA_CERT_LOCATION")
SSLVerifyClient None
EOF
}
__vhost_creds_statement() {
if ! __vhost_cfg_creds_enabled=$(relation-get creds 2>/dev/null); then
echo "Allow from all"
return 0
fi
password_file=/etc/apache2/sites-enabled/${DOMAIN}.passwd
cat <<EOF
AuthType basic
AuthName "private"
AuthUserFile ${password_file}
Require valid-user
EOF
}
__vhost_head_statement() {
local protocol="$1"
SERVER_ALIAS=$(relation-get server-aliases 2>/dev/null) || true
if [ "$protocol" == "https" ]; then
prefix="s-"
else
prefix=
fi
cat <<EOF
ServerAdmin ${ADMIN_MAIL:-contact@$DOMAIN}
ServerName ${DOMAIN}
$(
while read-0 alias; do
echo "ServerAlias $alias"
done < <(echo "$SERVER_ALIAS" | shyaml get-values-0 2>/dev/null)
)
ServerSignature Off
CustomLog /var/log/apache2/${prefix}${DOMAIN}_access.log combined
ErrorLog /var/log/apache2/${prefix}${DOMAIN}_error.log
ErrorLog syslog:local2
EOF
}
__vhost_custom_rules() {
local custom_rules
if custom_rules=$(relation-get apache-custom-rules 2>/dev/null); then
cat <<EOF
##
## Custom rules
##
$custom_rules
EOF
fi
}
__vhost_content_statement() {
if [ "$proxy" ]; then
__vhost_proxy_statement "$@"
else
__vhost_publish_dir_statement "$@"
fi
}
__vhost_proxy_statement() {
local protocol="$1"
TARGET=$(relation-get target 2>/dev/null) || true
if [ -z "$TARGET" ]; then
## First exposed port:
base_image=$(service_base_docker_image "$BASE_CHARM_NAME") || return 1
first_exposed_port=$(image_exposed_ports_0 "$base_image" | tr '\0' '\n' | head -n 1 | cut -f 1 -d /) || return 1
TARGET=$MASTER_BASE_CHARM_NAME:$first_exposed_port
info "No target was specified, introspection found: $TARGET"
fi
cat <<EOF
##
## Proxy declaration towards $TARGET
##
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyVia On
ProxyPass / http://$TARGET/ retry=0
<Location / >
$(__vhost_creds_statement | prefix " ")
ProxyPassReverse /
</Location>
$([ "$protocol" == "https" ] && echo " SSLProxyEngine On")
</IfModule>
RequestHeader set "X-Forwarded-Proto" "https"
## Fix IE problem (httpapache proxy dav error 408/409)
SetEnv proxy-nokeepalive 1
EOF
}
__vhost_full_vhost_statement() {
local protocol="$1"
case "$protocol" in
https)
PORT=443
;;
http)
PORT=80
;;
esac
cat <<EOF
<VirtualHost *:$PORT>
$(__vhost_head_statement "$protocol" | prefix " ")
$(__vhost_content_statement "$protocol" | prefix " ")
## Forbid any cache, this is only usefull on dev server.
#Header set Cache-Control "no-cache"
#Header set Access-Control-Allow-Origin "*"
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
#Header set Access-Control-Allow-Headers "origin, content-type, accept"
$([ "$protocol" == "https" ] && __vhost_ssl_statement | prefix " ")
$(__vhost_custom_rules | prefix " ")
</VirtualHost>
EOF
}
__vhost_publish_dir_statement() {
cat <<EOF
##
## Publish directory $DOCKER_SITE_PATH
##
DocumentRoot $DOCKER_SITE_PATH
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory $DOCKER_SITE_PATH>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
$(__vhost_creds_statement | prefix " ")
</Directory>
EOF
}

20
apache/metadata.yml

@ -0,0 +1,20 @@
description: "Apache Web Server"
maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
## XXXvlab: currently only used when building LXC along with hooks/install
## XXXvlab: docker uses the 'build' directory or the 'image:' option here.
inherit: base-0k
compatiblity: ## 'hooks/install' script was run on a these images without issues
- ubuntu/15.10
docker-compose:
## XXXvlab: should move to global lxc/docker compatible option
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
data-resources:
- /var/www/html
- /var/log/apache2
config-resources:
- /etc/apache2/sites-enabled
provides:
web-proxy:
tech-dep: "reversed"

166
apache/test/libtest

@ -0,0 +1,166 @@
# -*- mode: shell-script -*-
exname="$(basename $0)"
if [ -t 1 ]; then
GRAY=$(echo -en "\e[1;30m")
RED=$(echo -en "\e[1;31m")
GREEN=$(echo -en "\e[1;32m")
YELLOW=$(echo -en "\e[1;33m")
BLUE=$(echo -en "\e[1;34m")
PINK=$(echo -en "\e[1;35m")
CYAN=$(echo -en "\e[1;36m")
WHITE=$(echo -en "\e[1;37m")
DARKGRAY=$(echo -en "\e[0;30m")
DARKRED=$(echo -en "\e[0;31m")
DARKGREEN=$(echo -en "\e[0;32m")
DARKYELLOW=$(echo -en "\e[0;33m")
DARKBLUE=$(echo -en "\e[0;34m")
DARKPINK=$(echo -en "\e[0;35m")
DARKCYAN=$(echo -en "\e[0;36m")
NORMAL=$(echo -en "\e[0m")
fi
function out() { cat "$tmp_out"; }
function err() { cat "$tmp_err"; }
function errlvl() { cat "$tmp_errlvl"; }
function var() { echo "${$1}"; }
function time_note() {
echo "scale=1 ; l($1 - $empty_try_time) / l(10)" | bc -l
}
function swallow_last_time() {
if test "$sum_time" == "0" -a -z "$cmd"; then ## catches first empty try ''
empty_try_time="$(echo "scale=0 ; $time_diff / 2" | bc -l )"
return 0
fi
test -z "$test_counter" && test_counter=0 || test_counter=$[$test_counter + 1]
test -z "$sum_time" && sum_time=0
test_name=${exname}_${test_counter}
if test "$time_diff"; then
test_time_note=$(time_note $time_diff)
profiler_info="$(echo -en "$profiler_info\n- $test_name\t$test_time_note")"
sum_time=$(echo "scale=3; $sum_time + $time_diff" | bc -l )
fi
}
function time_exec() {
beg_exec=$(date +%s.%N)
( echo "$*" | bash )
errorlevel=$?
end_exec=$(date +%s.%N)
time_diff="$(echo "scale=3; ($end_exec - $beg_exec)*1000000" | bc | cut -f 1 -d ".")"
return $errorlevel
}
function try() {
swallow_last_time
cmd="$*"
desc=$(echo ; echo "$ $cmd" )
time_exec "$prefix_cmd$cmd" 1> "$tmp_out" 2> "$tmp_err"
echo $? > "$tmp_errlvl"
}
function apply_opt() {
code=$(cat -)
for opt in $*; do
code=$(echo "$code" | $opt)
done
echo "$code"
}
function NOCOLOR() {
esc_char=$(echo -en "\e")
cat - | sed -r "s/$esc_char\[[0-9]+(;[0-9]+)*m//g"
}
function NOPOS() {
esc_char=$(echo -en "\e\\[[0-9]\\+[GA]")
cat - | sed "s/$esc_char//g"
}
function TRIM() {
cat - | sed -r "s/^ +//g" | sed -r "s/ +\$//g"
}
function RTRIM() {
cat - | sed -r "s/ +\$//g"
}
function SIZE() {
cat - | wc -c
}
## usage:
## is ACTION [reg] CODE [OPTION ...]
is() {
local act="$1" type code msg
test -z "$total" && total=0
shift
case "$1" in
reg|part)
type="$1"
shift
;;
*)
type=""
;;
esac
code="$1"
shift
#code=$(echo "$code" | apply_opt $*)
msg=$(echo "$type $code" | cut -c -30)
output=$($act | apply_opt $*)
case "$type" in
"")
test "$code" == "$output"
;;
"part")
[[ "$output" == *"$code"* ]]
;;
("reg")
echo -n "$output" | egrep -- "$code" >/dev/null 2>&1
;;
esac && total=$[$total + 1] &&
echo "[v] is $act $msg" >/dev/null && return 0
echo "$desc"
echo "[ ] is $act $msg"
echo "--- $*"
echo -n "$output"
echo
echo "--- DIFF"
diff -u <(echo "$code") <(echo "$output") | egrep -v '^(---|\+\+\+) /'
exit 1
}
function summary() {
swallow_last_time
echo "$profiler_info"
echo
echo "$total tests conducted in $(echo "scale=3;$sum_time/1000000" | bc) s ($(time_note $sum_time))"
}
function noerror() {
is err ''
is errlvl 0
}
pid=$$
tmp_dir="/tmp"
tmp_out="$tmp_dir/test.$pid.out.tmp"
tmp_err="$tmp_dir/test.$pid.err.tmp"
tmp_errlvl="$tmp_dir/test.$pid.errlvl.tmp"
try ''
try ''
try ''

360
apache/test/vhost

@ -0,0 +1,360 @@
#!/bin/bash
exname=$(basename $0)
prefix_cmd="
. /etc/shlib
include common
include parse
. ../lib/common
"
[ "$DEBUG" ] && echo "Loading testlib..."
if ! . ./libtest ; then
echo 'libtest failed to load.'
exit 1
fi
export COLUMNS=50
test_pid_file="$tmp_dir/test.$$pid.tmp"
rm -f "$test_pid_file"
##
## print_bytes
##
# mock
relation-get() {
local key="$1"
echo "$CFG" | shyaml get-value "$key" 2>/dev/null
}
export -f relation-get
try "
DOMAIN=www.example.com
DOCKER_SITE_PATH=/var/www/\$DOMAIN
apache_vhost_statement ,http,"
noerror
is out '<VirtualHost *:80>
ServerAdmin contact@www.example.com
ServerName www.example.com
ServerSignature Off
CustomLog /var/log/apache2/www.example.com_access.log combined
ErrorLog /var/log/apache2/www.example.com_error.log
ErrorLog syslog:local2
##
## Publish directory /var/www/www.example.com
##
DocumentRoot /var/www/www.example.com
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/www.example.com>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Allow from all
</Directory>
## Forbid any cache, this is only usefull on dev server.
#Header set Cache-Control "no-cache"
#Header set Access-Control-Allow-Origin "*"
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
#Header set Access-Control-Allow-Headers "origin, content-type, accept"
</VirtualHost>' RTRIM
##
## Aliases
##
try "
DOMAIN=www.example.com
DOCKER_SITE_PATH=/var/www/\$DOMAIN
CFG='
server-aliases:
- toto
'
apache_vhost_statement ,http,"
noerror
is out reg 'ServerAlias toto'
try "
DOMAIN=www.example.com
DOCKER_SITE_PATH=/var/www/\$DOMAIN
CFG='
server-aliases:
- toto
- titi
'
apache_vhost_statement ,http,"
noerror
is out reg 'ServerAlias toto'
is out reg 'ServerAlias titi'
##
## Creds
##
try "
DOMAIN=www.example.com
DOCKER_SITE_PATH=/var/www/\$DOMAIN
CFG=''
apache_vhost_statement ,http,"
noerror
is out reg 'Allow from all'
try "
DOMAIN=www.example.com
DOCKER_SITE_PATH=/var/www/\$DOMAIN
CFG='
creds:
toto: xxx
titi: yyy
'
apache_vhost_statement ,http,"
noerror
is out reg 'AuthType basic'
is out reg 'Require valid-user'
##
## proxy
##
try "
DOMAIN=www.example.com
DOCKER_SITE_PATH=/var/www/\$DOMAIN
CFG='
target: popo:3333
creds:
toto: titi
'
proxy=yes apache_vhost_statement ,http,"
noerror
is out reg 'ProxyPass / http://popo:3333/'
is out part '
<Location / >
AuthType basic
AuthName "private"
AuthUserFile /etc/apache2/sites-enabled/www.example.com.passwd
Require valid-user
ProxyPassReverse /
</Location>
'
##
## ssl
##
try "
DOMAIN=www.example.com
DOCKER_SITE_PATH=/var/www/\$DOMAIN
CFG='
ssl: true
target: popo:3333
'
proxy=yes apache_vhost_statement ,https,"
noerror
is out reg 'VirtualHost \*:443'
is out reg '<IfModule mod_ssl.c>'
is out reg 'SSLEngine On'
is out reg 'SSLProxyEngine On'
is out reg 'ssl-cert-snakeoil'
is out reg 'CustomLog /var/log/apache2/s-www.example.com_access.log combined'
try "
DOMAIN=www.example.com
DOCKER_SITE_PATH=/var/www/\$DOMAIN
CFG='
ssl:
ca-cert: a
key: b
cert: c
target: popo:3333
'
proxy=yes apache_vhost_statement ,https,"
noerror
is out reg 'SSLCertificateFile /etc/ssl/certs/www.example.com.pem'
is out reg 'SSLCertificateKeyFile /etc/ssl/private/www.example.com.key'
is out reg 'SSLCACertificateFile /etc/ssl/certs/www.example.com-ca.pem'
##
## CustomRules
##
try "
DOMAIN=www.example.com
DOCKER_SITE_PATH=/var/www/\$DOMAIN
CFG='
ssl:
ca-cert: a
key: b
cert: c
apache-custom-rules: |
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302]
target: popo:3333
'
proxy=yes apache_vhost_statement ,https,"
noerror
is out reg 'RewriteEngine On'
##
## double def
##
try "
DOMAIN=www.example.com
DOCKER_SITE_PATH=/var/www/\$DOMAIN
CFG='
ssl:
ca-cert: a
key: b
cert: c
apache-custom-rules: |
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302]
target: popo:3333
'
proxy=yes apache_vhost_statement ,https,http,"
noerror
is out '<VirtualHost *:80>
ServerAdmin contact@www.example.com
ServerName www.example.com
ServerSignature Off
CustomLog /var/log/apache2/www.example.com_access.log combined
ErrorLog /var/log/apache2/www.example.com_error.log
ErrorLog syslog:local2
##
## Proxy declaration towards popo:3333
##
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyVia On
ProxyPass / http://popo:3333/ retry=0
<Location / >
Allow from all
ProxyPassReverse /
</Location>
</IfModule>
RequestHeader set "X-Forwarded-Proto" "https"
## Fix IE problem (httpapache proxy dav error 408/409)
SetEnv proxy-nokeepalive 1
## Forbid any cache, this is only usefull on dev server.
#Header set Cache-Control "no-cache"
#Header set Access-Control-Allow-Origin "*"
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
#Header set Access-Control-Allow-Headers "origin, content-type, accept"
##
## Custom rules
##
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ ?skin=formanoo [L,QSA,R=302]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin contact@www.example.com
ServerName www.example.com
ServerSignature Off
CustomLog /var/log/apache2/s-www.example.com_access.log combined
ErrorLog /var/log/apache2/s-www.example.com_error.log
ErrorLog syslog:local2
##
## Proxy declaration towards popo:3333
##
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyVia On
ProxyPass / http://popo:3333/ retry=0
<Location / >
Allow from all
ProxyPassReverse /
</Location>
SSLProxyEngine On
</IfModule>
RequestHeader set "X-Forwarded-Proto" "https"
## Fix IE problem (httpapache proxy dav error 408/409)
SetEnv proxy-nokeepalive 1
## Forbid any cache, this is only usefull on dev server.
#Header set Cache-Control "no-cache"
#Header set Access-Control-Allow-Origin "*"
#Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
#Header set Access-Control-Allow-Headers "origin, content-type, accept"
##
## SSL Configuration
##
SSLEngine On
SSLCertificateFile /etc/ssl/certs/www.example.com.pem
SSLCertificateKeyFile /etc/ssl/private/www.example.com.key
SSLCACertificateFile /etc/ssl/certs/www.example.com-ca.pem
SSLVerifyClient None
##
## Custom rules
##
RewriteEngine On
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ ?skin=formanoo [L,QSA,R=302]
</VirtualHost>
</IfModule>' RTRIM
summary

243
apache/test/vhost_files

@ -0,0 +1,243 @@
#!/bin/bash
exname=$(basename $0)
prefix_cmd="
. /etc/shlib
include common
include parse
. ../lib/common
"
[ "$DEBUG" ] && echo "Loading testlib..."
if ! . ./libtest ; then
echo 'libtest failed to load.'
exit 1
fi
export COLUMNS=50
test_pid_file="$tmp_dir/test.$$pid.tmp"
rm -f "$test_pid_file"
##
## Mocks
##
relation-get() {
local key="$1"
echo "$CFG" | shyaml get-value "$key" 2>/dev/null
}
export -f relation-get
file_put() {
echo "file_put $1"
cat - | prefix " | "
}
export -f file_put
docker() {
echo "docker" "$@"
echo stdin:
cat - | prefix " | "
}
export -f docker
config-add() {
echo "config-add"
echo "$1" | prefix " | "
}
export -f config-add
mkdir() {
echo "called: $FUNCNAME $@" >&2
}
export -f mkdir
setfacl() {
echo "called: $FUNCNAME $@" >&2
}
export -f setfacl
chgrp() {
echo "called: $FUNCNAME $@" >&2
}
export -f chgrp
chmod() {
echo "called: $FUNCNAME $@" >&2
}
export -f chmod
cached_cmd_on_base_image() {
echo "called: $FUNCNAME $@" >&2
echo "stdout:" >&2
echo "<GID>" | prefix " | " >&2
echo "<GID>"
}
export -f cached_cmd_on_base_image
##
## apache_vhost_create
##
try "
export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
DOMAIN=www.example.com
DOCKER_SITE_PATH=/var/www/\$DOMAIN
apache_vhost_create"
noerror
is out reg '^file_put \$SERVICE_CONFIGSTORE/.*/www.example.com.conf'
try "
export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
DOMAIN=www.example.com
DOCKER_SITE_PATH=/var/www/\$DOMAIN
CFG='
ssl: true
'
apache_vhost_create"
noerror
is out reg '^file_put \$SERVICE_CONFIGSTORE/.*/www.example.com.conf'
is err ''
try "
export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
export CONFIGSTORE='\$CONFIGSTORE'
export BASE_CHARM_NAME='\$BASE_CHARM_NAME'
export MASTER_TARGET_CHARM_NAME='\$MASTER_TARGET_CHARM_NAME'
DOMAIN=www.example.com
DOCKER_SITE_PATH=/var/www/\$DOMAIN
CFG='
ssl:
key: |
a
b
cert: c
'
apache_vhost_create"
noerror
is out part 'file_put $CONFIGSTORE/$BASE_CHARM_NAME/etc/ssl/certs/www.example.com.pem
| c'
is out part 'file_put $CONFIGSTORE/$BASE_CHARM_NAME/etc/ssl/private/www.example.com.key
| a
| b'
is out reg 'config-add'
is out reg ' - \$CONFIGSTORE/\$BASE_CHARM_NAME/etc/ssl/certs/www.example.com.pem:/etc/ssl/certs/www.example.com.pem:ro'
is out reg ' - \$CONFIGSTORE/\$BASE_CHARM_NAME/etc/ssl/private/www.example.com.key:/etc/ssl/private/www.example.com.key:ro'
try "
export DOCKER_BASE_IMAGE=docker/apache
export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
export CONFIGSTORE='\$CONFIGSTORE'
export BASE_CHARM_NAME='\$BASE_CHARM_NAME'
export MASTER_TARGET_CHARM_NAME='\$MASTER_TARGET_CHARM_NAME'
DOMAIN=www.example.com
DOCKER_SITE_PATH=/var/www/\$DOMAIN
export CFG='
creds:
toto: xxx
'
apache_vhost_create"
noerror
is out reg "htpasswd -bc '/etc/apache2/sites-enabled/www.example.com.passwd' 'toto' 'xxx'"
is out reg 'docker run -i --entrypoint /bin/bash .* docker/apache'
##
## apache_proxy_dir
##
try "
export DOCKER_BASE_IMAGE=docker/apache
export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
export CONFIGSTORE='\$CONFIGSTORE'
export BASE_CHARM_NAME='\$BASE_CHARM_NAME'
export MASTER_TARGET_CHARM_NAME='\$MASTER_TARGET_CHARM_NAME'
export CFG='
creds:
toto: xxx
'
apache_publish_dir"
is errlvl 1 ## no domain
try "
export DATASTORE='\$DATASTORE'
export DOCKER_BASE_IMAGE=docker/apache
export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
export CONFIGSTORE='\$CONFIGSTORE'
export BASE_CHARM_NAME='\$BASE_CHARM_NAME'
export MASTER_TARGET_CHARM_NAME='\$MASTER_TARGET_CHARM_NAME'
export CFG='
domain: www.example.com
creds:
toto: xxx
'
apache_publish_dir"
is errlvl 0
is err reg 'setfacl -R -m g:<GID>:rx \$DATASTORE/\$BASE_CHARM_NAME/var/www/www.example.com'
is err reg 'cached_cmd_on_base_image apache id -g www-data'
try "
export DATASTORE='\$DATASTORE'
export DOCKER_BASE_IMAGE=docker/apache
export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
export CONFIGSTORE='\$CONFIGSTORE'
export BASE_CHARM_NAME='\$BASE_CHARM_NAME'
export MASTER_TARGET_CHARM_NAME='\$MASTER_TARGET_CHARM_NAME'
export CFG='
domain: www.example.com
creds:
toto: xxx
data-dirs:
- a
- b
- c
'
apache_publish_dir"
is errlvl 0
is err reg 'setfacl -R -m g:<GID>:rwx \$DATASTORE/\$BASE_CHARM_NAME/var/www/www.example.com/a \$DATASTORE/\$BASE_CHARM_NAME/var/www/www.example.com/b \$DATASTORE/\$BASE_CHARM_NAME/var/www/www.example.com/c'
is err reg 'setfacl -R -d -m g:<GID>:rwx \$DATASTORE/\$BASE_CHARM_NAME/var/www/www.example.com/a \$DATASTORE/\$BASE_CHARM_NAME/var/www/www.example.com/b \$DATASTORE/\$BASE_CHARM_NAME/var/www/www.example.com/c'
try "
export DATASTORE='\$DATASTORE'
export DOCKER_BASE_IMAGE=docker/apache
export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
export CONFIGSTORE='\$CONFIGSTORE'
export BASE_CHARM_NAME='\$BASE_CHARM_NAME'
export MASTER_BASE_CHARM_NAME='\$MASTER_BASE_CHARM_NAME'
export MASTER_TARGET_CHARM_NAME='\$MASTER_TARGET_CHARM_NAME'
export CFG='
domain: www.example.com
location: /opt/apps/newlocation
creds:
toto: xxx
data-dirs:
- a
- b
- c
'
apache_publish_dir"
is errlvl 0
is err reg 'mkdir -p /opt/apps/newlocation'
is err reg 'setfacl -R -m g:<GID>:rx /opt/apps/newlocation'
is out part ' | $MASTER_BASE_CHARM_NAME:
| volumes:
| - /opt/apps/newlocation:/var/www/www.example.com'
summary
Loading…
Cancel
Save