forked from 0k/0k-charms
Browse Source
new: [apache] improve domain specification and provide service to domain mapping facility
rallly
new: [apache] improve domain specification and provide service to domain mapping facility
rallly
Valentin Lab
10 months ago
8 changed files with 733 additions and 129 deletions
-
188apache/README.org
-
29apache/README.rst
-
4apache/hooks/publish_dir-relation-joined
-
4apache/hooks/web_proxy-relation-joined
-
308apache/lib/common
-
316apache/test/get_domains
-
11apache/test/vhost
-
2apache/test/vhost_cert_provider
@ -0,0 +1,188 @@ |
|||||
|
|
||||
|
|
||||
|
* Usage |
||||
|
|
||||
|
Other services will often require a service managed with this charm to |
||||
|
act as a HTTP/HTTPS front-end. It can provide certificates with HTTPS. |
||||
|
|
||||
|
|
||||
|
** Domain assignment |
||||
|
|
||||
|
Services using relation =web-proxy= or =publish-dir= will be required |
||||
|
to be assigned a domain name for the virtual host that will be |
||||
|
created. |
||||
|
|
||||
|
*** Domain sources |
||||
|
|
||||
|
This domain name can be set (in order of priority), the first source |
||||
|
giving a name will be taken. |
||||
|
|
||||
|
- *Relation's options* (=web-proxy= or =publish-dir=) |
||||
|
Using =domain= option, and optionally the deprecated |
||||
|
=server-aliases= for additional names. |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
myservice: |
||||
|
# ... |
||||
|
relations: |
||||
|
web-proxy: |
||||
|
apache: |
||||
|
domain: mydomain.org |
||||
|
#server-aliases: |
||||
|
# - www.mydomain.org |
||||
|
# - pro.mydomain.org |
||||
|
#+end_src |
||||
|
- *Apache service's options*, using a =service-domain-name= mapping: |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
myservice: |
||||
|
# ... |
||||
|
apache: |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
# ... |
||||
|
myservice: |
||||
|
- mydomain.org |
||||
|
- www.mydomain.org |
||||
|
- pro.mydomain.org |
||||
|
# ... |
||||
|
#+end_src |
||||
|
|
||||
|
- *the service name* itself if is a domain name: |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
www.mydomain.org: |
||||
|
# ... |
||||
|
#+end_src |
||||
|
|
||||
|
Please note that this is not recommended, and will be deprecated. |
||||
|
|
||||
|
*** Domain and alternate domains |
||||
|
|
||||
|
Every source (except the one coming out from the domain name), can use |
||||
|
several ways to provide *more than one domain name*. |
||||
|
|
||||
|
Please remember: |
||||
|
- At least one domain name needs to be provided |
||||
|
- and the first domain can't use wildcards and will be considered the main domain name. |
||||
|
|
||||
|
If other domains are specified, they will be used as aliases, and |
||||
|
wildcard (using ~*~) is supported. |
||||
|
|
||||
|
Additionally, bash braces expansion and regex matching are |
||||
|
available. Space separated YAML string or YAML sequences are |
||||
|
supported, also as mix of both. |
||||
|
|
||||
|
As examples, notice the following are equivalent and will serve |
||||
|
=myservice= on the exact same set of domain names: |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
myservice: |
||||
|
relations: |
||||
|
web-proxy: |
||||
|
domain: |
||||
|
## A yaml list |
||||
|
- myservice.home.org |
||||
|
- mydomain.org |
||||
|
- www.mydomain.org |
||||
|
- pro.mydomain.org |
||||
|
- *.myservice.hop.org |
||||
|
#+end_src |
||||
|
|
||||
|
|
||||
|
#+begin_src yaml |
||||
|
myservice: |
||||
|
# ... no domain set in relation |
||||
|
apache: |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
## A yaml list as a mapping value |
||||
|
myservice: |
||||
|
- myservice.home.org |
||||
|
- {,www.,pro.}mydomain.org ## bash braces expansion used |
||||
|
- *.myservice.hop.org |
||||
|
#+end_src |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
myservice: |
||||
|
# ... |
||||
|
apache: |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
## space separated YAML string and bash braces expansion |
||||
|
myservice: myservice.home.org {,www.,pro.}mydomain.org *.myservice.hop.org |
||||
|
#+end_src |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
myservice: |
||||
|
# ... |
||||
|
apache: |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
## Leveraging bash braces expansion and regex replacement |
||||
|
.*: {$0.home,{,www.,pro.}mydomain,*.$0.hop}.org |
||||
|
#+end_src |
||||
|
|
||||
|
** Domain mapping |
||||
|
|
||||
|
You can automatically assign a domain to services in relation |
||||
|
=web-proxy= or =publish-dir= with services managed by this charm using |
||||
|
the =service-domain-name= option. For instance: |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
apache: |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
.*: $0.mydomain.org |
||||
|
#+end_src |
||||
|
|
||||
|
Where ~mydomain.org~ stands for the domain where most of your services |
||||
|
will be served. You can override this behavior for some services: |
||||
|
- by adding a matching rule *before* the given rule. |
||||
|
- by specifying a =domain= in the relation's options. |
||||
|
|
||||
|
first rule matching will end the mapping: |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
apache: |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
foo: www.mydomain.org |
||||
|
bar: beta.myotherdomain.com |
||||
|
#+end_src |
||||
|
|
||||
|
Allows to distribute services to domains quite freely. |
||||
|
|
||||
|
|
||||
|
* SSH Tunnel |
||||
|
|
||||
|
On the server side, you can configure your compose file:: |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
apache: |
||||
|
options: |
||||
|
ssh-tunnel: |
||||
|
domain: ssh.domain.com ## required |
||||
|
#ssh: ... ## required, but automatically setup if you |
||||
|
## provide a ``cert-provider`` to ``apache``. |
||||
|
#+end_src |
||||
|
|
||||
|
|
||||
|
On the client side you should add this to your ``~/.ssh/config``:: |
||||
|
|
||||
|
#+begin_src conf-space |
||||
|
Host ssh.domain.com |
||||
|
Port 443 |
||||
|
ProxyCommand proxytunnel -q -E -p ssh.domain.com:443 -d ssh.domain.com:22 |
||||
|
DynamicForward 1080 |
||||
|
ServerAliveInterval 60 |
||||
|
#+end_src |
||||
|
|
||||
|
If it doesn't work, you can do some checks thanks to this command:: |
||||
|
|
||||
|
#+begin_example |
||||
|
$ proxytunnel -E -p ssh.domain.com:443 -d ssh.domain.com:22 -v \ |
||||
|
-H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n" |
||||
|
#+end_example |
||||
|
|
||||
|
|
@ -1,29 +0,0 @@ |
|||||
|
|
||||
|
|
||||
SSH Tunnel |
|
||||
---------- |
|
||||
|
|
||||
On the server side, you can configure your compose file:: |
|
||||
|
|
||||
apache: |
|
||||
options: |
|
||||
ssh-tunnel: |
|
||||
domain: ssh.domain.com ## required |
|
||||
#ssh: ... ## required, but automatically setup if you |
|
||||
## provide a ``cert-provider`` to ``apache``. |
|
||||
|
|
||||
|
|
||||
On the client side you should add this to your ``~/.ssh/config``:: |
|
||||
|
|
||||
Host ssh.domain.com |
|
||||
Port 443 |
|
||||
ProxyCommand proxytunnel -q -E -p ssh.domain.com:443 -d ssh.domain.com:22 |
|
||||
DynamicForward 1080 |
|
||||
ServerAliveInterval 60 |
|
||||
|
|
||||
If it doesn't work, you can do some checks thanks to this command:: |
|
||||
|
|
||||
$ proxytunnel -E -p ssh.domain.com:443 -d ssh.domain.com:22 -v \ |
|
||||
-H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n" |
|
||||
|
|
||||
|
|
@ -0,0 +1,316 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
exname=$(basename $0) |
||||
|
|
||||
|
compose_core=$(which compose-core) || { |
||||
|
echo "Requires compose-core executable to be in \$PATH." >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
|
fetch-def() { |
||||
|
local path="$1" fname="$2" |
||||
|
( . "$path" 1>&2 || { |
||||
|
echo "Failed to load '$path'." >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
declare -f "$fname" |
||||
|
) |
||||
|
} |
||||
|
|
||||
|
prefix_cmd=" |
||||
|
. /etc/shlib |
||||
|
|
||||
|
include common |
||||
|
include parse |
||||
|
|
||||
|
. ../lib/common |
||||
|
|
||||
|
$(fetch-def "$compose_core" yaml_get_values) |
||||
|
$(fetch-def "$compose_core" yaml_get_interpret) |
||||
|
|
||||
|
" || { |
||||
|
echo "Couldn't build prefix cmd" >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
|
# mock |
||||
|
cfg-get-value() { |
||||
|
local key="$1" |
||||
|
shyaml get-value "$key" 2>/dev/null |
||||
|
} |
||||
|
export -f cfg-get-value |
||||
|
|
||||
|
yaml_get_interpret() { |
||||
|
shyaml get-value |
||||
|
} |
||||
|
export -f yaml_get_interpret |
||||
|
|
||||
|
|
||||
|
export state_tmpdir=$(mktemp -d -t tmp.XXXXXXXXXX) |
||||
|
trap "rm -rf \"$state_tmpdir\"" EXIT |
||||
|
|
||||
|
## |
||||
|
## Tests |
||||
|
## |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
'" |
||||
|
is errlvl 1 |
||||
|
is err reg 'Error: .*domain option.*' |
||||
|
is out '' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: toto |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'toto |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: toto titi |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'toto titi |
||||
|
' |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
- toto |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'toto |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
server-aliases: |
||||
|
'" |
||||
|
is errlvl 1 |
||||
|
is err part 'Error: ' |
||||
|
is err part 'No domain name set' |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
server-aliases: |
||||
|
'" |
||||
|
is errlvl 1 |
||||
|
is err part 'Error: ' |
||||
|
is err part 'No domain name set' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
server-aliases: |
||||
|
- toto |
||||
|
'" |
||||
|
is errlvl 1 |
||||
|
is err part 'Error: ' |
||||
|
is err part "You can't specify server aliases if you don't have a domain" |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: foo |
||||
|
server-aliases: |
||||
|
- bar |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'foo bar |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: foo |
||||
|
server-aliases: bar |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'foo bar |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
- foo |
||||
|
server-aliases: bar |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'foo bar |
||||
|
' |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
- foo{1,2} bar |
||||
|
server-aliases: wiz |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'foo1 foo2 bar wiz |
||||
|
' |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
- foo{1,2} bar |
||||
|
server-aliases: foo1 |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'foo1 foo2 bar |
||||
|
' |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
- foo{1,2} bar |
||||
|
- \"*.zoo\" |
||||
|
server-aliases: foo1 |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'foo1 foo2 bar *.zoo |
||||
|
' |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: foo+ bar |
||||
|
'" |
||||
|
is errlvl 1 |
||||
|
is err part 'Error: ' |
||||
|
is err part 'Invalid domain value' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options.service-domain-map: |
||||
|
'" "empty service-domain-map" |
||||
|
is errlvl 1 |
||||
|
is err part 'Error: ' |
||||
|
is err part 'No domain name set' |
||||
|
is err part 'service-domain-map' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
BASE_SERVICE_NAME=foo |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
wiz: bar |
||||
|
'" "no map matching in service-domain-map" |
||||
|
is errlvl 1 |
||||
|
is err part 'Error: ' |
||||
|
is err part 'No domain name set' |
||||
|
is err part 'service-domain-map' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
export BASE_SERVICE_NAME=wiz |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
wiz: bar |
||||
|
'" "matching map in service-domain-map" |
||||
|
noerror |
||||
|
is out 'bar |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
export BASE_SERVICE_NAME=wiz |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
wiz?: bar |
||||
|
wiz: bar2 |
||||
|
'" "only first matching map in service-domain-map" |
||||
|
noerror |
||||
|
is out 'bar |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
export BASE_SERVICE_NAME=wiz |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
\"[w]i?zz?\": bar |
||||
|
'" "map are regex in service-domain-map" |
||||
|
noerror |
||||
|
is out 'bar |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
export BASE_SERVICE_NAME=wiz |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
(w)i(z): bar\$1\$2 |
||||
|
'" "regex capture in service-domain-map" |
||||
|
noerror |
||||
|
is out 'barwz |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
export BASE_SERVICE_NAME=wiz |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
.*: \$0.shrubbery |
||||
|
'" "regex capture 2 in service-domain-map" |
||||
|
noerror |
||||
|
is out 'wiz.shrubbery |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
export BASE_SERVICE_NAME=wiz |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
.*: \$x |
||||
|
'" "refuse other variables in service-domain-map" |
||||
|
is errlvl 1 |
||||
|
is err part 'Error: ' |
||||
|
is err part 'Invalid mapping value' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
export BASE_SERVICE_NAME=wiz |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
.*: |
||||
|
- \$0.example.com |
||||
|
- my-\$0.domain.org |
||||
|
|
||||
|
'" "list is possible as value of service-domain-map" |
||||
|
noerror |
||||
|
is out 'wiz.example.com my-wiz.domain.org |
||||
|
' |
Write
Preview
Loading…
Cancel
Save
Reference in new issue