Browse Source

chg: dev: [apache] pass around as argument ``$domain``

This will make the code faster, and will allow to have no domain in the
near future.
framadate
Valentin Lab 6 years ago
parent
commit
feb6aa4486
  1. 72
      apache/lib/common
  2. 31
      apache/test/vhost

72
apache/lib/common

@ -48,15 +48,23 @@ export -f apache_publish_dir
apache_vhost_create() { apache_vhost_create() {
local type="$1" cfg="$2" custom_rules vhost_statement creds
local type="$1" cfg="$2" protocols="$3" dest="$4" custom_rules vhost_statement creds
export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled" export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled"
if [ -z "$protocols" ]; then
protocols=$(__vhost_cfg_normalize_protocol "$cfg") || return 1 protocols=$(__vhost_cfg_normalize_protocol "$cfg") || return 1
fi
domain=$(get_domain "$cfg") && relation-set domain "$domain"
if is_protocol_enabled https "$protocols"; then if is_protocol_enabled https "$protocols"; then
if [ -z "$domain" ]; then
err "You must specify a domain for ssl to work."
return 1
fi
read-0 ssl_plugin_fun ssl_cfg_value ssl_cfg_options < <(ssl_get_plugin_fun "$cfg") || return 1 read-0 ssl_plugin_fun ssl_cfg_value ssl_cfg_options < <(ssl_get_plugin_fun "$cfg") || return 1
"$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" || return 1
"$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" "$domain" || return 1
redirect=$(e "$cfg" | cfg-get-value 'redirect-to-ssl' 2>/dev/null) || true redirect=$(e "$cfg" | cfg-get-value 'redirect-to-ssl' 2>/dev/null) || true
if is_protocol_enabled http "$protocols"; then if is_protocol_enabled http "$protocols"; then
redirect=${redirect:-true} redirect=${redirect:-true}
@ -90,18 +98,21 @@ $(if [ "$custom_rules" ]; then
else else
relation-set protocol http relation-set protocol http
fi fi
vhost_statement=$(apache_vhost_statement "$type" "$protocols" "$cfg") || {
vhost_statement=$(apache_vhost_statement "$type" "$protocols" "$cfg" "$domain") || {
err "Failed to get vhost statement for type $type on ${protocols:1:-1}" err "Failed to get vhost statement for type $type on ${protocols:1:-1}"
return 1 return 1
} }
domain=$(get_domain "$cfg") || return 1
relation-set domain "$domain"
echo "$vhost_statement" | file_put "$APACHE_CONFIG_LOCATION/$domain.conf" || return 1
dest=${dest:-$domain}
if [ -z "$dest" ]; then
err "Please set either a domain or set a destination file."
return 1
fi
echo "$vhost_statement" | file_put "$APACHE_CONFIG_LOCATION/$dest.conf" || return 1
creds=$(e "$cfg" | cfg-get-value creds 2>/dev/null) || true creds=$(e "$cfg" | cfg-get-value creds 2>/dev/null) || true
if [ "$creds" ]; then if [ "$creds" ]; then
apache_passwd_file "$cfg" || return 1
apache_passwd_file "$cfg" "$dest"|| return 1
fi fi
if is_protocol_enabled https "$protocols"; then if is_protocol_enabled https "$protocols"; then
@ -262,8 +273,7 @@ ssl_get_plugin_fun() {
ssl_fallback_vars() { ssl_fallback_vars() {
local cfg="$1" ssl_cfg="$2" cert key ca_cert domain
domain=$(get_domain "$cfg") || return 1
local cfg="$1" ssl_cfg="$2" value="$3" domain="$4" cert key ca_cert domain
if __vhost_cfg_ssl_cert=$(echo "$ssl_cfg" | shyaml get-value cert 2>/dev/null); then if __vhost_cfg_ssl_cert=$(echo "$ssl_cfg" | shyaml get-value cert 2>/dev/null); then
__vhost_cfg_SSL_CERT_LOCATION=/etc/ssl/certs/${domain}.pem __vhost_cfg_SSL_CERT_LOCATION=/etc/ssl/certs/${domain}.pem
@ -306,8 +316,7 @@ $volumes
} }
ssl_plugin_cert-provider_vars() { ssl_plugin_cert-provider_vars() {
local cfg="$1" ssl_cfg="$2"
domain=$(get_domain "$cfg") || return 1
local cfg="$1" ssl_cfg="$2" value="$3" domain="$4"
__vhost_cfg_SSL_CERT_LOCATION=/etc/letsencrypt/live/${domain}/cert.pem __vhost_cfg_SSL_CERT_LOCATION=/etc/letsencrypt/live/${domain}/cert.pem
__vhost_cfg_SSL_KEY_LOCATION=/etc/letsencrypt/live/${domain}/privkey.pem __vhost_cfg_SSL_KEY_LOCATION=/etc/letsencrypt/live/${domain}/privkey.pem
@ -344,12 +353,12 @@ services:
apache_passwd_file() { apache_passwd_file() {
local cfg="$1" creds
local cfg="$1" dest="$2" creds
include parse || true include parse || true
## XXXvlab: called twice... no better way to do this ? ## XXXvlab: called twice... no better way to do this ?
creds=$(e "$cfg" | cfg-get-value creds 2>/dev/null) || true creds=$(e "$cfg" | cfg-get-value creds 2>/dev/null) || true
password_path=$(password-path-get "$cfg")
password_path=$(password-path-get "$dest")
first= first=
if ! [ -e "$CONFIGSTORE/$MASTER_TARGET_SERVICE_NAME$password_path" ]; then if ! [ -e "$CONFIGSTORE/$MASTER_TARGET_SERVICE_NAME$password_path" ]; then
debug "No file $CONFIGSTORE/$MASTER_TARGET_SERVICE_NAME$password_path, creating password file." || true debug "No file $CONFIGSTORE/$MASTER_TARGET_SERVICE_NAME$password_path, creating password file." || true
@ -369,16 +378,16 @@ apache_passwd_file() {
## Produce the full statements depending on relation-get informations ## Produce the full statements depending on relation-get informations
apache_vhost_statement() { apache_vhost_statement() {
local type="$1" protocols="$2" cfg="$3" \
local type="$1" protocols="$2" cfg="$3" domain="$4" \
vhost_statement vhost_statement
if is_protocol_enabled http "$protocols"; then if is_protocol_enabled http "$protocols"; then
__vhost_full_vhost_statement "$type" http "$cfg" || return 1
__vhost_full_vhost_statement "$type" http "$cfg" "$domain" || return 1
fi fi
if is_protocol_enabled https "$protocols"; then if is_protocol_enabled https "$protocols"; then
read-0 ssl_plugin_fun ssl_cfg_value ssl_cfg_options < <(ssl_get_plugin_fun "$cfg") || return 1 read-0 ssl_plugin_fun ssl_cfg_value ssl_cfg_options < <(ssl_get_plugin_fun "$cfg") || return 1
"$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" || return 1
vhost_statement=$(__vhost_full_vhost_statement "$type" https "$cfg") || return 1
"$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" "$domain" || return 1
vhost_statement=$(__vhost_full_vhost_statement "$type" https "$cfg" "$domain") || return 1
cat <<EOF cat <<EOF
<IfModule mod_ssl.c> <IfModule mod_ssl.c>
@ -509,14 +518,13 @@ EOF
password-path-get() { password-path-get() {
local cfg="$1" domain
domain=$(get_domain "$cfg") || return 1
echo /etc/apache2/sites-enabled/${domain}.passwd
local dest="$1"
echo "/etc/apache2/sites-enabled/${dest}.passwd"
} }
__vhost_creds_statement() { __vhost_creds_statement() {
local cfg="$1" password_path
password_path=$(password-path-get "$cfg") || return 1
local cfg="$1" dest="$2" password_path
password_path=$(password-path-get "$dest") || return 1
if ! e "$cfg" | cfg-get-value creds >/dev/null 2>&1; then if ! e "$cfg" | cfg-get-value creds >/dev/null 2>&1; then
echo "Allow from all" echo "Allow from all"
return 0 return 0
@ -533,8 +541,7 @@ EOF
__vhost_head_statement() { __vhost_head_statement() {
local cfg="$1" protocol="$2" server_aliases admin_mail
domain=$(get_domain "$cfg") || return 1
local cfg="$1" protocol="$2" domain="$3" server_aliases admin_mail prefix
admin_mail=$(e "$1" | cfg-get-value "admin-mail" 2>/dev/null) || true admin_mail=$(e "$1" | cfg-get-value "admin-mail" 2>/dev/null) || true
server_aliases=$(e "$cfg" | cfg-get-value server-aliases 2>/dev/null) || true server_aliases=$(e "$cfg" | cfg-get-value server-aliases 2>/dev/null) || true
[ "$server_aliases" == None ] && server_aliases="" [ "$server_aliases" == None ] && server_aliases=""
@ -664,7 +671,7 @@ target-get() {
} }
__vhost_proxy_statement() { __vhost_proxy_statement() {
local protocol="$1" cfg="$2"
local protocol="$1" cfg="$2" dest="$3"
target=$(target-get "$cfg") || return 1 target=$(target-get "$cfg") || return 1
@ -684,7 +691,7 @@ __vhost_proxy_statement() {
ProxyVia On ProxyVia On
ProxyPass / http://$target/ retry=0 ProxyPass / http://$target/ retry=0
<Location / > <Location / >
$(__vhost_creds_statement "$cfg" | prefix " ")
$(__vhost_creds_statement "$cfg" "$dest" | prefix " ")
ProxyPassReverse / ProxyPassReverse /
</Location> </Location>
$([ "$protocol" == "https" ] && echo " SSLProxyEngine On") $([ "$protocol" == "https" ] && echo " SSLProxyEngine On")
@ -699,11 +706,11 @@ EOF
} }
__vhost_full_vhost_statement() { __vhost_full_vhost_statement() {
local type="$1" protocol="$2" cfg="$3" head_statement custom_rules content_statement
local type="$1" protocol="$2" cfg="$3" domain="$4" head_statement custom_rules content_statement
head_statement=$(__vhost_head_statement "$cfg" "$protocol") || return 1
head_statement=$(__vhost_head_statement "$cfg" "$protocol" "$domain") || return 1
custom_rules=$(__vhost_custom_rules "$cfg") || return 1 custom_rules=$(__vhost_custom_rules "$cfg") || return 1
content_statement=$(__vhost_content_statement "$type" "$protocol" "$cfg") || return 1
content_statement=$(__vhost_content_statement "$type" "$protocol" "$cfg" "${domain:-html}") || return 1
case "$protocol" in case "$protocol" in
https) https)
@ -733,9 +740,8 @@ EOF
} }
__vhost_publish_dir_statement() { __vhost_publish_dir_statement() {
local protocol="$1" cfg="$2"
domain=$(get_domain "$cfg") || return 1
local_path="/var/www/${domain}"
local protocol="$1" cfg="$2" dest="$3" dest
local_path="/var/www/${dest}"
cat <<EOF cat <<EOF
## ##
@ -752,7 +758,7 @@ DocumentRoot $local_path
<Directory $local_path> <Directory $local_path>
Options Indexes FollowSymLinks MultiViews Options Indexes FollowSymLinks MultiViews
AllowOverride all AllowOverride all
$(__vhost_creds_statement "$cfg" | prefix " ")
$(__vhost_creds_statement "$cfg" "$dest" | prefix " ")
</Directory> </Directory>
EOF EOF

31
apache/test/vhost

@ -39,8 +39,7 @@ trap "rm -rf \"$state_tmpdir\"" EXIT
try " try "
apache_vhost_statement publish_dir ,http, '\ apache_vhost_statement publish_dir ,http, '\
domain: www.example.com
'"
' www.example.com"
noerror noerror
is out '<VirtualHost *:80> is out '<VirtualHost *:80>
@ -83,21 +82,19 @@ is out '<VirtualHost *:80>
try " try "
apache_vhost_statement publish_dir ,http, ' apache_vhost_statement publish_dir ,http, '
domain: www.example.com
server-aliases: server-aliases:
- toto - toto
'"
' www.example.com"
noerror noerror
is out reg 'ServerAlias toto' is out reg 'ServerAlias toto'
try " try "
apache_vhost_statement publish_dir ,http, ' apache_vhost_statement publish_dir ,http, '
domain: www.example.com
server-aliases: server-aliases:
- toto - toto
- titi - titi
'"
' www.example.com"
noerror noerror
is out reg 'ServerAlias toto' is out reg 'ServerAlias toto'
is out reg 'ServerAlias titi' is out reg 'ServerAlias titi'
@ -108,9 +105,7 @@ is out reg 'ServerAlias titi'
## ##
try " try "
apache_vhost_statement publish_dir ,http, '
domain: www.example.com
'
apache_vhost_statement publish_dir ,http, '' www.example.com
" "credentials allow all" " "credentials allow all"
noerror noerror
is out reg 'Allow from all' is out reg 'Allow from all'
@ -118,11 +113,10 @@ is out reg 'Allow from all'
try " try "
apache_vhost_statement publish_dir ,http, ' apache_vhost_statement publish_dir ,http, '
domain: www.example.com
creds: creds:
toto: xxx toto: xxx
titi: yyy titi: yyy
'
' www.example.com
" "credentials with basic auth user/pass" " "credentials with basic auth user/pass"
noerror noerror
is out reg 'AuthType basic' is out reg 'AuthType basic'
@ -135,11 +129,10 @@ is out reg 'Require valid-user'
try " try "
apache_vhost_statement web_proxy ,http, ' apache_vhost_statement web_proxy ,http, '
domain: www.example.com
target: popo:3333 target: popo:3333
creds: creds:
toto: titi toto: titi
'
' www.example.com
" "proxy explicit target" " "proxy explicit target"
noerror noerror
is out reg 'ProxyPass / http://popo:3333/' is out reg 'ProxyPass / http://popo:3333/'
@ -159,10 +152,9 @@ is out part '
try " try "
apache_vhost_statement web_proxy ,https, ' apache_vhost_statement web_proxy ,https, '
domain: www.example.com
ssl: true ssl: true
target: popo:3333 target: popo:3333
'
' www.example.com
" "ssl default generation (ssl-cert-snakeoil)" " "ssl default generation (ssl-cert-snakeoil)"
noerror noerror
is out reg 'VirtualHost \*:443' is out reg 'VirtualHost \*:443'
@ -176,13 +168,12 @@ is out reg 'CustomLog /var/log/apache2/s-www.example.com_access.log combined'
try " try "
RELATIONS=() RELATIONS=()
apache_vhost_statement web_proxy ,https, ' apache_vhost_statement web_proxy ,https, '
domain: www.example.com
ssl: ssl:
ca-cert: a ca-cert: a
key: b key: b
cert: c cert: c
target: popo:3333 target: popo:3333
'
' www.example.com
" "ssl providing keys inline" " "ssl providing keys inline"
noerror noerror
is out reg 'SSLCertificateFile /etc/ssl/certs/www.example.com.pem' is out reg 'SSLCertificateFile /etc/ssl/certs/www.example.com.pem'
@ -196,7 +187,6 @@ is out reg 'SSLCACertificateFile /etc/ssl/certs/www.example.com-ca.pem'
try " try "
apache_vhost_statement web_proxy ,https, ' apache_vhost_statement web_proxy ,https, '
domain: www.example.com
ssl: ssl:
ca-cert: a ca-cert: a
key: b key: b
@ -206,7 +196,7 @@ apache-custom-rules: |
RewriteCond %{QUERY_STRING} !skin=formanoo RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302] RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302]
target: popo:3333 target: popo:3333
'
' www.example.com
" "custom rules" " "custom rules"
noerror noerror
is out reg 'RewriteEngine On' is out reg 'RewriteEngine On'
@ -218,7 +208,6 @@ is out reg 'RewriteEngine On'
try " try "
apache_vhost_statement web_proxy ,https,http, ' apache_vhost_statement web_proxy ,https,http, '
domain: www.example.com
ssl: ssl:
ca-cert: a ca-cert: a
key: b key: b
@ -228,7 +217,7 @@ apache-custom-rules: |
RewriteCond %{QUERY_STRING} !skin=formanoo RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302] RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302]
target: popo:3333 target: popo:3333
'
' www.example.com
" "both http and https" " "both http and https"
noerror noerror
is out '<VirtualHost *:80> is out '<VirtualHost *:80>

Loading…
Cancel
Save