bgallet
/
0k-charms
forked from 0k/0k-charms
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

chg: dev: [apache] pass around as argument ``$domain`` 

This will make the code faster, and will allow to have no domain in the
near future.
framadate
Valentin Lab 6 years ago
parent
e697458f98
commit
feb6aa4486
2 changed files with 50 additions and 55 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 72
      apache/lib/common
  2. 31
      apache/test/vhost

72
apache/lib/common
View File

@ -48,15 +48,23 @@ export -f apache_publish_dir
apache_vhost_create() {
local type="$1" cfg="$2" custom_rules vhost_statement creds
local type="$1" cfg="$2" protocols="$3" dest="$4" custom_rules vhost_statement creds
export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled"
if [ -z "$protocols" ]; then
protocols=$(__vhost_cfg_normalize_protocol "$cfg") || return 1
fi
domain=$(get_domain "$cfg") && relation-set domain "$domain"
if is_protocol_enabled https "$protocols"; then
if [ -z "$domain" ]; then
err "You must specify a domain for ssl to work."
return 1
fi
read-0 ssl_plugin_fun ssl_cfg_value ssl_cfg_options < <(ssl_get_plugin_fun "$cfg") || return 1
"$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" || return 1
"$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" "$domain" || return 1
redirect=$(e "$cfg" | cfg-get-value 'redirect-to-ssl' 2>/dev/null) || true
if is_protocol_enabled http "$protocols"; then
redirect=${redirect:-true}
@ -90,18 +98,21 @@ $(if [ "$custom_rules" ]; then
else
relation-set protocol http
fi
vhost_statement=$(apache_vhost_statement "$type" "$protocols" "$cfg") || {
vhost_statement=$(apache_vhost_statement "$type" "$protocols" "$cfg" "$domain") || {
err "Failed to get vhost statement for type $type on ${protocols:1:-1}"
return 1
}
domain=$(get_domain "$cfg") || return 1
relation-set domain "$domain"
echo "$vhost_statement" | file_put "$APACHE_CONFIG_LOCATION/$domain.conf" || return 1
dest=${dest:-$domain}
if [ -z "$dest" ]; then
err "Please set either a domain or set a destination file."
return 1
fi
echo "$vhost_statement" | file_put "$APACHE_CONFIG_LOCATION/$dest.conf" || return 1
creds=$(e "$cfg" | cfg-get-value creds 2>/dev/null) || true
if [ "$creds" ]; then
apache_passwd_file "$cfg" || return 1
apache_passwd_file "$cfg" "$dest"|| return 1
fi
if is_protocol_enabled https "$protocols"; then
@ -262,8 +273,7 @@ ssl_get_plugin_fun() {
ssl_fallback_vars() {
local cfg="$1" ssl_cfg="$2" cert key ca_cert domain
domain=$(get_domain "$cfg") || return 1
local cfg="$1" ssl_cfg="$2" value="$3" domain="$4" cert key ca_cert domain
if __vhost_cfg_ssl_cert=$(echo "$ssl_cfg" | shyaml get-value cert 2>/dev/null); then
__vhost_cfg_SSL_CERT_LOCATION=/etc/ssl/certs/${domain}.pem
@ -306,8 +316,7 @@ $volumes
}
ssl_plugin_cert-provider_vars() {
local cfg="$1" ssl_cfg="$2"
domain=$(get_domain "$cfg") || return 1
local cfg="$1" ssl_cfg="$2" value="$3" domain="$4"
__vhost_cfg_SSL_CERT_LOCATION=/etc/letsencrypt/live/${domain}/cert.pem
__vhost_cfg_SSL_KEY_LOCATION=/etc/letsencrypt/live/${domain}/privkey.pem
@ -344,12 +353,12 @@ services:
apache_passwd_file() {
local cfg="$1" creds
local cfg="$1" dest="$2" creds
include parse || true
## XXXvlab: called twice... no better way to do this ?
creds=$(e "$cfg" | cfg-get-value creds 2>/dev/null) || true
password_path=$(password-path-get "$cfg")
password_path=$(password-path-get "$dest")
first=
if ! [ -e "$CONFIGSTORE/$MASTER_TARGET_SERVICE_NAME$password_path" ]; then
debug "No file $CONFIGSTORE/$MASTER_TARGET_SERVICE_NAME$password_path, creating password file." || true
@ -369,16 +378,16 @@ apache_passwd_file() {
## Produce the full statements depending on relation-get informations
apache_vhost_statement() {
local type="$1" protocols="$2" cfg="$3" \
local type="$1" protocols="$2" cfg="$3" domain="$4" \
vhost_statement
if is_protocol_enabled http "$protocols"; then
__vhost_full_vhost_statement "$type" http "$cfg" || return 1
__vhost_full_vhost_statement "$type" http "$cfg" "$domain" || return 1
fi
if is_protocol_enabled https "$protocols"; then
read-0 ssl_plugin_fun ssl_cfg_value ssl_cfg_options < <(ssl_get_plugin_fun "$cfg") || return 1
"$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" || return 1
vhost_statement=$(__vhost_full_vhost_statement "$type" https "$cfg") || return 1
"$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" "$domain" || return 1
vhost_statement=$(__vhost_full_vhost_statement "$type" https "$cfg" "$domain") || return 1
cat <<EOF
<IfModule mod_ssl.c>
@ -509,14 +518,13 @@ EOF
password-path-get() {
local cfg="$1" domain
domain=$(get_domain "$cfg") || return 1
echo /etc/apache2/sites-enabled/${domain}.passwd
local dest="$1"
echo "/etc/apache2/sites-enabled/${dest}.passwd"
}
__vhost_creds_statement() {
local cfg="$1" password_path
password_path=$(password-path-get "$cfg") || return 1
local cfg="$1" dest="$2" password_path
password_path=$(password-path-get "$dest") || return 1
if ! e "$cfg" | cfg-get-value creds >/dev/null 2>&1; then
echo "Allow from all"
return 0
@ -533,8 +541,7 @@ EOF
__vhost_head_statement() {
local cfg="$1" protocol="$2" server_aliases admin_mail
domain=$(get_domain "$cfg") || return 1
local cfg="$1" protocol="$2" domain="$3" server_aliases admin_mail prefix
admin_mail=$(e "$1" | cfg-get-value "admin-mail" 2>/dev/null) || true
server_aliases=$(e "$cfg" | cfg-get-value server-aliases 2>/dev/null) || true
[ "$server_aliases" == None ] && server_aliases=""
@ -664,7 +671,7 @@ target-get() {
}
__vhost_proxy_statement() {
local protocol="$1" cfg="$2"
local protocol="$1" cfg="$2" dest="$3"
target=$(target-get "$cfg") || return 1
@ -684,7 +691,7 @@ __vhost_proxy_statement() {
ProxyVia On
ProxyPass / http://$target/ retry=0
<Location / >
$(__vhost_creds_statement "$cfg" | prefix " ")
$(__vhost_creds_statement "$cfg" "$dest" | prefix " ")
ProxyPassReverse /
</Location>
$([ "$protocol" == "https" ] && echo " SSLProxyEngine On")
@ -699,11 +706,11 @@ EOF
}
__vhost_full_vhost_statement() {
local type="$1" protocol="$2" cfg="$3" head_statement custom_rules content_statement
local type="$1" protocol="$2" cfg="$3" domain="$4" head_statement custom_rules content_statement
head_statement=$(__vhost_head_statement "$cfg" "$protocol") || return 1
head_statement=$(__vhost_head_statement "$cfg" "$protocol" "$domain") || return 1
custom_rules=$(__vhost_custom_rules "$cfg") || return 1
content_statement=$(__vhost_content_statement "$type" "$protocol" "$cfg") || return 1
content_statement=$(__vhost_content_statement "$type" "$protocol" "$cfg" "${domain:-html}") || return 1
case "$protocol" in
https)
@ -733,9 +740,8 @@ EOF
}
__vhost_publish_dir_statement() {
local protocol="$1" cfg="$2"
domain=$(get_domain "$cfg") || return 1
local_path="/var/www/${domain}"
local protocol="$1" cfg="$2" dest="$3" dest
local_path="/var/www/${dest}"
cat <<EOF
##
@ -752,7 +758,7 @@ DocumentRoot $local_path
<Directory $local_path>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
$(__vhost_creds_statement "$cfg" | prefix " ")
$(__vhost_creds_statement "$cfg" "$dest" | prefix " ")
</Directory>
EOF

31
apache/test/vhost
View File

@ -39,8 +39,7 @@ trap "rm -rf \"$state_tmpdir\"" EXIT
try "
apache_vhost_statement publish_dir ,http, '\
domain: www.example.com
'"
' www.example.com"
noerror
is out '<VirtualHost *:80>
@ -83,21 +82,19 @@ is out '<VirtualHost *:80>
try "
apache_vhost_statement publish_dir ,http, '
domain: www.example.com
server-aliases:
- toto
'"
' www.example.com"
noerror
is out reg 'ServerAlias toto'
try "
apache_vhost_statement publish_dir ,http, '
domain: www.example.com
server-aliases:
- toto
- titi
'"
' www.example.com"
noerror
is out reg 'ServerAlias toto'
is out reg 'ServerAlias titi'
@ -108,9 +105,7 @@ is out reg 'ServerAlias titi'
##
try "
apache_vhost_statement publish_dir ,http, '
domain: www.example.com
'
apache_vhost_statement publish_dir ,http, '' www.example.com
" "credentials allow all"
noerror
is out reg 'Allow from all'
@ -118,11 +113,10 @@ is out reg 'Allow from all'
try "
apache_vhost_statement publish_dir ,http, '
domain: www.example.com
creds:
toto: xxx
titi: yyy
'
' www.example.com
" "credentials with basic auth user/pass"
noerror
is out reg 'AuthType basic'
@ -135,11 +129,10 @@ is out reg 'Require valid-user'
try "
apache_vhost_statement web_proxy ,http, '
domain: www.example.com
target: popo:3333
creds:
toto: titi
'
' www.example.com
" "proxy explicit target"
noerror
is out reg 'ProxyPass / http://popo:3333/'
@ -159,10 +152,9 @@ is out part '
try "
apache_vhost_statement web_proxy ,https, '
domain: www.example.com
ssl: true
target: popo:3333
'
' www.example.com
" "ssl default generation (ssl-cert-snakeoil)"
noerror
is out reg 'VirtualHost \*:443'
@ -176,13 +168,12 @@ is out reg 'CustomLog /var/log/apache2/s-www.example.com_access.log combined'
try "
RELATIONS=()
apache_vhost_statement web_proxy ,https, '
domain: www.example.com
ssl:
ca-cert: a
key: b
cert: c
target: popo:3333
'
' www.example.com
" "ssl providing keys inline"
noerror
is out reg 'SSLCertificateFile /etc/ssl/certs/www.example.com.pem'
@ -196,7 +187,6 @@ is out reg 'SSLCACertificateFile /etc/ssl/certs/www.example.com-ca.pem'
try "
apache_vhost_statement web_proxy ,https, '
domain: www.example.com
ssl:
ca-cert: a
key: b
@ -206,7 +196,7 @@ apache-custom-rules: |
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302]
target: popo:3333
'
' www.example.com
" "custom rules"
noerror
is out reg 'RewriteEngine On'
@ -218,7 +208,6 @@ is out reg 'RewriteEngine On'
try "
apache_vhost_statement web_proxy ,https,http, '
domain: www.example.com
ssl:
ca-cert: a
key: b
@ -228,7 +217,7 @@ apache-custom-rules: |
RewriteCond %{QUERY_STRING} !skin=formanoo
RewriteRule ^(/web/webclient/home.*)$ $1?skin=formanoo [L,QSA,R=302]
target: popo:3333
'
' www.example.com
" "both http and https"
noerror
is out '<VirtualHost *:80>

Write Preview
Loading…
Cancel
Save