fork 0k-charms
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

207 lines
4.9 KiB

  1. * Usage
  2. Other services will often require a service managed with this charm to
  3. act as a HTTP/HTTPS front-end. It can provide certificates with HTTPS.
  4. ** Domain assignment
  5. Services using relation =web-proxy= or =publish-dir= will be required
  6. to be assigned a domain name for the virtual host that will be
  7. created.
  8. *** Domain sources
  9. This domain name can be set (in order of priority), the first source
  10. giving a name will be taken.
  11. - *Relation's options* (=web-proxy= or =publish-dir=)
  12. Using =domain= option, and optionally the deprecated
  13. =server-aliases= for additional names.
  14. #+begin_src yaml
  15. myservice:
  16. # ...
  17. relations:
  18. web-proxy:
  19. apache:
  20. domain: mydomain.org
  21. #server-aliases:
  22. # - www.mydomain.org
  23. # - pro.mydomain.org
  24. #+end_src
  25. - *Apache service's options*, using a =service-domain-name= mapping:
  26. #+begin_src yaml
  27. myservice:
  28. # ...
  29. apache:
  30. options:
  31. service-domain-map:
  32. # ...
  33. myservice:
  34. - mydomain.org
  35. - www.mydomain.org
  36. - pro.mydomain.org
  37. # ...
  38. #+end_src
  39. - *the service name* itself if is a domain name:
  40. #+begin_src yaml
  41. www.mydomain.org:
  42. # ...
  43. #+end_src
  44. Please note that this is not recommended, and will be deprecated.
  45. *** Domain and alternate domains
  46. Every source (except the one coming out from the domain name), can use
  47. several ways to provide *more than one domain name*.
  48. Please remember:
  49. - At least one domain name needs to be provided
  50. - and the first domain can't use wildcards and will be considered the main domain name.
  51. If other domains are specified, they will be used as aliases, and
  52. wildcard (using ~*~) is supported.
  53. Additionally, bash braces expansion and regex matching are
  54. available. Space separated YAML string or YAML sequences are
  55. supported, also as mix of both.
  56. As examples, notice the following are equivalent and will serve
  57. =myservice= on the exact same set of domain names:
  58. #+begin_src yaml
  59. myservice:
  60. relations:
  61. web-proxy:
  62. domain:
  63. ## A yaml list
  64. - myservice.home.org
  65. - mydomain.org
  66. - www.mydomain.org
  67. - pro.mydomain.org
  68. - *.myservice.hop.org
  69. #+end_src
  70. #+begin_src yaml
  71. myservice:
  72. # ... no domain set in relation
  73. apache:
  74. options:
  75. service-domain-map:
  76. ## A yaml list as a mapping value
  77. myservice:
  78. - myservice.home.org
  79. - {,www.,pro.}mydomain.org ## bash braces expansion used
  80. - *.myservice.hop.org
  81. #+end_src
  82. #+begin_src yaml
  83. myservice:
  84. # ...
  85. apache:
  86. options:
  87. service-domain-map:
  88. ## space separated YAML string and bash braces expansion
  89. myservice: myservice.home.org {,www.,pro.}mydomain.org *.myservice.hop.org
  90. #+end_src
  91. #+begin_src yaml
  92. myservice:
  93. # ...
  94. apache:
  95. options:
  96. service-domain-map:
  97. ## Leveraging bash braces expansion and regex replacement
  98. .*: {$0.home,{,www.,pro.}mydomain,*.$0.hop}.org
  99. #+end_src
  100. *** Domain mapping
  101. You can automatically assign a domain to services in relation
  102. =web-proxy= or =publish-dir= with services managed by this charm using
  103. the =service-domain-name= option. For instance:
  104. #+begin_src yaml
  105. apache:
  106. options:
  107. service-domain-map:
  108. .*: $0.mydomain.org
  109. #+end_src
  110. Where ~mydomain.org~ stands for the domain where most of your services
  111. will be served. You can override this behavior for some services:
  112. - by adding a matching rule *before* the given rule.
  113. - by specifying a =domain= in the relation's options.
  114. first rule matching will end the mapping:
  115. #+begin_src yaml
  116. apache:
  117. options:
  118. service-domain-map:
  119. foo: www.mydomain.org
  120. bar: beta.myotherdomain.com
  121. #+end_src
  122. Allows to distribute services to domains quite freely.
  123. ** Adding basic authentication for password protected access
  124. Any service using relation =web-proxy= or =publish-dir= can assign a
  125. simple =Basic Auth= protection (which is safe and secure only on =https=):
  126. #+begin_src yaml
  127. myservice:
  128. # ...
  129. relations:
  130. web-proxy:
  131. apache:
  132. domain: mydomain.org
  133. creds:
  134. # USER: PASSWORD
  135. foo: fooP4s5w0rd
  136. bar: barP4s5w0rd
  137. #+end_src
  138. * SSH Tunnel
  139. On the server side, you can configure your compose file::
  140. #+begin_src yaml
  141. apache:
  142. options:
  143. ssh-tunnel:
  144. domain: ssh.domain.com ## required
  145. #ssl: ... ## required, but automatically setup if you
  146. ## provide a ``cert-provider`` to ``apache``.
  147. #+end_src
  148. On the client side you should add this to your ``~/.ssh/config``::
  149. #+begin_src conf-space
  150. Host ssh.domain.com
  151. Port 443
  152. ProxyCommand proxytunnel -q -E -p ssh.domain.com:443 -d ssh.domain.com:22
  153. DynamicForward 1080
  154. ServerAliveInterval 60
  155. #+end_src
  156. If it doesn't work, you can do some checks thanks to this command::
  157. #+begin_example
  158. $ proxytunnel -E -p ssh.domain.com:443 -d ssh.domain.com:22 -v \
  159. -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n"
  160. #+end_example