forked from 0k/0k-charms
Browse Source
new: [apache] improve domain specification and provide service to domain mapping facility
upd
new: [apache] improve domain specification and provide service to domain mapping facility
upd
Valentin Lab
11 months ago
8 changed files with 733 additions and 129 deletions
-
188apache/README.org
-
29apache/README.rst
-
4apache/hooks/publish_dir-relation-joined
-
4apache/hooks/web_proxy-relation-joined
-
308apache/lib/common
-
316apache/test/get_domains
-
11apache/test/vhost
-
2apache/test/vhost_cert_provider
@ -0,0 +1,188 @@ |
|||
|
|||
|
|||
* Usage |
|||
|
|||
Other services will often require a service managed with this charm to |
|||
act as a HTTP/HTTPS front-end. It can provide certificates with HTTPS. |
|||
|
|||
|
|||
** Domain assignment |
|||
|
|||
Services using relation =web-proxy= or =publish-dir= will be required |
|||
to be assigned a domain name for the virtual host that will be |
|||
created. |
|||
|
|||
*** Domain sources |
|||
|
|||
This domain name can be set (in order of priority), the first source |
|||
giving a name will be taken. |
|||
|
|||
- *Relation's options* (=web-proxy= or =publish-dir=) |
|||
Using =domain= option, and optionally the deprecated |
|||
=server-aliases= for additional names. |
|||
|
|||
#+begin_src yaml |
|||
myservice: |
|||
# ... |
|||
relations: |
|||
web-proxy: |
|||
apache: |
|||
domain: mydomain.org |
|||
#server-aliases: |
|||
# - www.mydomain.org |
|||
# - pro.mydomain.org |
|||
#+end_src |
|||
- *Apache service's options*, using a =service-domain-name= mapping: |
|||
|
|||
#+begin_src yaml |
|||
myservice: |
|||
# ... |
|||
apache: |
|||
options: |
|||
service-domain-map: |
|||
# ... |
|||
myservice: |
|||
- mydomain.org |
|||
- www.mydomain.org |
|||
- pro.mydomain.org |
|||
# ... |
|||
#+end_src |
|||
|
|||
- *the service name* itself if is a domain name: |
|||
|
|||
#+begin_src yaml |
|||
www.mydomain.org: |
|||
# ... |
|||
#+end_src |
|||
|
|||
Please note that this is not recommended, and will be deprecated. |
|||
|
|||
*** Domain and alternate domains |
|||
|
|||
Every source (except the one coming out from the domain name), can use |
|||
several ways to provide *more than one domain name*. |
|||
|
|||
Please remember: |
|||
- At least one domain name needs to be provided |
|||
- and the first domain can't use wildcards and will be considered the main domain name. |
|||
|
|||
If other domains are specified, they will be used as aliases, and |
|||
wildcard (using ~*~) is supported. |
|||
|
|||
Additionally, bash braces expansion and regex matching are |
|||
available. Space separated YAML string or YAML sequences are |
|||
supported, also as mix of both. |
|||
|
|||
As examples, notice the following are equivalent and will serve |
|||
=myservice= on the exact same set of domain names: |
|||
|
|||
#+begin_src yaml |
|||
myservice: |
|||
relations: |
|||
web-proxy: |
|||
domain: |
|||
## A yaml list |
|||
- myservice.home.org |
|||
- mydomain.org |
|||
- www.mydomain.org |
|||
- pro.mydomain.org |
|||
- *.myservice.hop.org |
|||
#+end_src |
|||
|
|||
|
|||
#+begin_src yaml |
|||
myservice: |
|||
# ... no domain set in relation |
|||
apache: |
|||
options: |
|||
service-domain-map: |
|||
## A yaml list as a mapping value |
|||
myservice: |
|||
- myservice.home.org |
|||
- {,www.,pro.}mydomain.org ## bash braces expansion used |
|||
- *.myservice.hop.org |
|||
#+end_src |
|||
|
|||
#+begin_src yaml |
|||
myservice: |
|||
# ... |
|||
apache: |
|||
options: |
|||
service-domain-map: |
|||
## space separated YAML string and bash braces expansion |
|||
myservice: myservice.home.org {,www.,pro.}mydomain.org *.myservice.hop.org |
|||
#+end_src |
|||
|
|||
#+begin_src yaml |
|||
myservice: |
|||
# ... |
|||
apache: |
|||
options: |
|||
service-domain-map: |
|||
## Leveraging bash braces expansion and regex replacement |
|||
.*: {$0.home,{,www.,pro.}mydomain,*.$0.hop}.org |
|||
#+end_src |
|||
|
|||
** Domain mapping |
|||
|
|||
You can automatically assign a domain to services in relation |
|||
=web-proxy= or =publish-dir= with services managed by this charm using |
|||
the =service-domain-name= option. For instance: |
|||
|
|||
#+begin_src yaml |
|||
apache: |
|||
options: |
|||
service-domain-map: |
|||
.*: $0.mydomain.org |
|||
#+end_src |
|||
|
|||
Where ~mydomain.org~ stands for the domain where most of your services |
|||
will be served. You can override this behavior for some services: |
|||
- by adding a matching rule *before* the given rule. |
|||
- by specifying a =domain= in the relation's options. |
|||
|
|||
first rule matching will end the mapping: |
|||
|
|||
#+begin_src yaml |
|||
apache: |
|||
options: |
|||
service-domain-map: |
|||
foo: www.mydomain.org |
|||
bar: beta.myotherdomain.com |
|||
#+end_src |
|||
|
|||
Allows to distribute services to domains quite freely. |
|||
|
|||
|
|||
* SSH Tunnel |
|||
|
|||
On the server side, you can configure your compose file:: |
|||
|
|||
#+begin_src yaml |
|||
apache: |
|||
options: |
|||
ssh-tunnel: |
|||
domain: ssh.domain.com ## required |
|||
#ssh: ... ## required, but automatically setup if you |
|||
## provide a ``cert-provider`` to ``apache``. |
|||
#+end_src |
|||
|
|||
|
|||
On the client side you should add this to your ``~/.ssh/config``:: |
|||
|
|||
#+begin_src conf-space |
|||
Host ssh.domain.com |
|||
Port 443 |
|||
ProxyCommand proxytunnel -q -E -p ssh.domain.com:443 -d ssh.domain.com:22 |
|||
DynamicForward 1080 |
|||
ServerAliveInterval 60 |
|||
#+end_src |
|||
|
|||
If it doesn't work, you can do some checks thanks to this command:: |
|||
|
|||
#+begin_example |
|||
$ proxytunnel -E -p ssh.domain.com:443 -d ssh.domain.com:22 -v \ |
|||
-H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n" |
|||
#+end_example |
|||
|
|||
|
@ -1,29 +0,0 @@ |
|||
|
|||
|
|||
SSH Tunnel |
|||
---------- |
|||
|
|||
On the server side, you can configure your compose file:: |
|||
|
|||
apache: |
|||
options: |
|||
ssh-tunnel: |
|||
domain: ssh.domain.com ## required |
|||
#ssh: ... ## required, but automatically setup if you |
|||
## provide a ``cert-provider`` to ``apache``. |
|||
|
|||
|
|||
On the client side you should add this to your ``~/.ssh/config``:: |
|||
|
|||
Host ssh.domain.com |
|||
Port 443 |
|||
ProxyCommand proxytunnel -q -E -p ssh.domain.com:443 -d ssh.domain.com:22 |
|||
DynamicForward 1080 |
|||
ServerAliveInterval 60 |
|||
|
|||
If it doesn't work, you can do some checks thanks to this command:: |
|||
|
|||
$ proxytunnel -E -p ssh.domain.com:443 -d ssh.domain.com:22 -v \ |
|||
-H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n" |
|||
|
|||
|
@ -0,0 +1,316 @@ |
|||
#!/bin/bash |
|||
|
|||
exname=$(basename $0) |
|||
|
|||
compose_core=$(which compose-core) || { |
|||
echo "Requires compose-core executable to be in \$PATH." >&2 |
|||
exit 1 |
|||
} |
|||
|
|||
fetch-def() { |
|||
local path="$1" fname="$2" |
|||
( . "$path" 1>&2 || { |
|||
echo "Failed to load '$path'." >&2 |
|||
exit 1 |
|||
} |
|||
declare -f "$fname" |
|||
) |
|||
} |
|||
|
|||
prefix_cmd=" |
|||
. /etc/shlib |
|||
|
|||
include common |
|||
include parse |
|||
|
|||
. ../lib/common |
|||
|
|||
$(fetch-def "$compose_core" yaml_get_values) |
|||
$(fetch-def "$compose_core" yaml_get_interpret) |
|||
|
|||
" || { |
|||
echo "Couldn't build prefix cmd" >&2 |
|||
exit 1 |
|||
} |
|||
|
|||
# mock |
|||
cfg-get-value() { |
|||
local key="$1" |
|||
shyaml get-value "$key" 2>/dev/null |
|||
} |
|||
export -f cfg-get-value |
|||
|
|||
yaml_get_interpret() { |
|||
shyaml get-value |
|||
} |
|||
export -f yaml_get_interpret |
|||
|
|||
|
|||
export state_tmpdir=$(mktemp -d -t tmp.XXXXXXXXXX) |
|||
trap "rm -rf \"$state_tmpdir\"" EXIT |
|||
|
|||
## |
|||
## Tests |
|||
## |
|||
|
|||
try " |
|||
get_domains ' |
|||
'" |
|||
is errlvl 1 |
|||
is err reg 'Error: .*domain option.*' |
|||
is out '' |
|||
|
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: toto |
|||
'" |
|||
noerror |
|||
is out 'toto |
|||
' |
|||
|
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: toto titi |
|||
'" |
|||
noerror |
|||
is out 'toto titi |
|||
' |
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
- toto |
|||
'" |
|||
noerror |
|||
is out 'toto |
|||
' |
|||
|
|||
|
|||
try " |
|||
get_domains ' |
|||
server-aliases: |
|||
'" |
|||
is errlvl 1 |
|||
is err part 'Error: ' |
|||
is err part 'No domain name set' |
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
server-aliases: |
|||
'" |
|||
is errlvl 1 |
|||
is err part 'Error: ' |
|||
is err part 'No domain name set' |
|||
|
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
server-aliases: |
|||
- toto |
|||
'" |
|||
is errlvl 1 |
|||
is err part 'Error: ' |
|||
is err part "You can't specify server aliases if you don't have a domain" |
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: foo |
|||
server-aliases: |
|||
- bar |
|||
'" |
|||
noerror |
|||
is out 'foo bar |
|||
' |
|||
|
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: foo |
|||
server-aliases: bar |
|||
'" |
|||
noerror |
|||
is out 'foo bar |
|||
' |
|||
|
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
- foo |
|||
server-aliases: bar |
|||
'" |
|||
noerror |
|||
is out 'foo bar |
|||
' |
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
- foo{1,2} bar |
|||
server-aliases: wiz |
|||
'" |
|||
noerror |
|||
is out 'foo1 foo2 bar wiz |
|||
' |
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
- foo{1,2} bar |
|||
server-aliases: foo1 |
|||
'" |
|||
noerror |
|||
is out 'foo1 foo2 bar |
|||
' |
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
- foo{1,2} bar |
|||
- \"*.zoo\" |
|||
server-aliases: foo1 |
|||
'" |
|||
noerror |
|||
is out 'foo1 foo2 bar *.zoo |
|||
' |
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: foo+ bar |
|||
'" |
|||
is errlvl 1 |
|||
is err part 'Error: ' |
|||
is err part 'Invalid domain value' |
|||
|
|||
|
|||
try " |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options.service-domain-map: |
|||
'" "empty service-domain-map" |
|||
is errlvl 1 |
|||
is err part 'Error: ' |
|||
is err part 'No domain name set' |
|||
is err part 'service-domain-map' |
|||
|
|||
|
|||
try " |
|||
BASE_SERVICE_NAME=foo |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
wiz: bar |
|||
'" "no map matching in service-domain-map" |
|||
is errlvl 1 |
|||
is err part 'Error: ' |
|||
is err part 'No domain name set' |
|||
is err part 'service-domain-map' |
|||
|
|||
|
|||
try " |
|||
export BASE_SERVICE_NAME=wiz |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
wiz: bar |
|||
'" "matching map in service-domain-map" |
|||
noerror |
|||
is out 'bar |
|||
' |
|||
|
|||
|
|||
try " |
|||
export BASE_SERVICE_NAME=wiz |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
wiz?: bar |
|||
wiz: bar2 |
|||
'" "only first matching map in service-domain-map" |
|||
noerror |
|||
is out 'bar |
|||
' |
|||
|
|||
|
|||
try " |
|||
export BASE_SERVICE_NAME=wiz |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
\"[w]i?zz?\": bar |
|||
'" "map are regex in service-domain-map" |
|||
noerror |
|||
is out 'bar |
|||
' |
|||
|
|||
|
|||
try " |
|||
export BASE_SERVICE_NAME=wiz |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
(w)i(z): bar\$1\$2 |
|||
'" "regex capture in service-domain-map" |
|||
noerror |
|||
is out 'barwz |
|||
' |
|||
|
|||
|
|||
try " |
|||
export BASE_SERVICE_NAME=wiz |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
.*: \$0.shrubbery |
|||
'" "regex capture 2 in service-domain-map" |
|||
noerror |
|||
is out 'wiz.shrubbery |
|||
' |
|||
|
|||
|
|||
try " |
|||
export BASE_SERVICE_NAME=wiz |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
.*: \$x |
|||
'" "refuse other variables in service-domain-map" |
|||
is errlvl 1 |
|||
is err part 'Error: ' |
|||
is err part 'Invalid mapping value' |
|||
|
|||
|
|||
try " |
|||
export BASE_SERVICE_NAME=wiz |
|||
get_domains ' |
|||
domain: |
|||
' ' |
|||
options: |
|||
service-domain-map: |
|||
.*: |
|||
- \$0.example.com |
|||
- my-\$0.domain.org |
|||
|
|||
'" "list is possible as value of service-domain-map" |
|||
noerror |
|||
is out 'wiz.example.com my-wiz.domain.org |
|||
' |
Write
Preview
Loading…
Cancel
Save
Reference in new issue