fork 0k-charms
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Valentin Lab 39a7562ded chg: [nextcloud] avoid send password environment information when it is not used 3 months ago
..
actions chg: dev: whitespaces !minor 6 years ago
build fix: dev: removed ``--force-yes`` everywhere as it is deprecated 4 years ago
hooks new: [apache] improve domain specification and provide service to domain mapping facility 8 months ago
lib new: [apache,cyclos,mongo,piwigo] replace ``service_base_docker_image`` with ``service_ensure_image_ready`` for compatibility with compose ``1.7.1`` 8 months ago
test new: [apache] improve domain specification and provide service to domain mapping facility 8 months ago
README.org new: doc: [apache] add ``creds`` documentation 3 months ago
metadata.yml new: [apache,peertube,redis] added new backup relation 5 years ago
shorewall new: [www] renamed ``www`` to ``apache``. 9 years ago

README.org

Usage

Other services will often require a service managed with this charm to act as a HTTP/HTTPS front-end. It can provide certificates with HTTPS.

Domain assignment

Services using relation web-proxy or publish-dir will be required to be assigned a domain name for the virtual host that will be created.

Domain sources

This domain name can be set (in order of priority), the first source giving a name will be taken.

  • Relation's options (web-proxy or publish-dir) Using domain option, and optionally the deprecated server-aliases for additional names.

    myservice:
      # ...
      relations:
        web-proxy:
          apache:
            domain: mydomain.org
            #server-aliases:
            #  - www.mydomain.org
            #  - pro.mydomain.org
    
  • Apache service's options, using a service-domain-name mapping:

    myservice:
      # ...
    apache:
      options:
        service-domain-map:
          # ...
          myservice:
            - mydomain.org
            - www.mydomain.org
            - pro.mydomain.org
          # ...
    
  • the service name itself if is a domain name:

    www.mydomain.org:
      # ...
    

    Please note that this is not recommended, and will be deprecated.

Domain and alternate domains

Every source (except the one coming out from the domain name), can use several ways to provide more than one domain name.

Please remember:

  • At least one domain name needs to be provided

  • and the first domain can't use wildcards and will be considered the main domain name.

If other domains are specified, they will be used as aliases, and wildcard (using *) is supported.

Additionally, bash braces expansion and regex matching are available. Space separated YAML string or YAML sequences are supported, also as mix of both.

As examples, notice the following are equivalent and will serve myservice on the exact same set of domain names:

myservice:
  relations:
    web-proxy:
      domain:
        ## A yaml list
        - myservice.home.org
        - mydomain.org
        - www.mydomain.org
        - pro.mydomain.org
        - *.myservice.hop.org
myservice:
  # ... no domain set in relation
apache:
  options:
    service-domain-map:
      ## A yaml list as a mapping value
      myservice:
        - myservice.home.org
        - {,www.,pro.}mydomain.org  ## bash braces expansion used
        - *.myservice.hop.org
myservice:
  # ...
apache:
  options:
    service-domain-map:
      ## space separated YAML string and bash braces expansion
      myservice: myservice.home.org {,www.,pro.}mydomain.org *.myservice.hop.org
myservice:
  # ...
apache:
  options:
    service-domain-map:
      ## Leveraging bash braces expansion and regex replacement
      .*: {$0.home,{,www.,pro.}mydomain,*.$0.hop}.org

Domain mapping

You can automatically assign a domain to services in relation web-proxy or publish-dir with services managed by this charm using the service-domain-name option. For instance:

apache:
  options:
    service-domain-map:
      .*: $0.mydomain.org

Where mydomain.org stands for the domain where most of your services will be served. You can override this behavior for some services:

  • by adding a matching rule before the given rule.

  • by specifying a domain in the relation's options.

first rule matching will end the mapping:

apache:
  options:
    service-domain-map:
      foo: www.mydomain.org
      bar: beta.myotherdomain.com

Allows to distribute services to domains quite freely.

Adding basic authentication for password protected access

Any service using relation web-proxy or publish-dir can assign a simple Basic Auth protection (which is safe and secure only on https):

myservice:
  # ...
  relations:
    web-proxy:
      apache:
        domain: mydomain.org
        creds:
          # USER: PASSWORD 
          foo: fooP4s5w0rd
          bar: barP4s5w0rd

SSH Tunnel

On the server side, you can configure your compose file::

apache:
  options:
    ssh-tunnel:
      domain: ssh.domain.com     ## required
      #ssl: ...                  ## required, but automatically setup if you
                                 ## provide a ``cert-provider`` to ``apache``.

On the client side you should add this to your ``~/.ssh/config``::

Host ssh.domain.com
    Port 443
    ProxyCommand proxytunnel -q -E -p ssh.domain.com:443 -d ssh.domain.com:22
    DynamicForward 1080
    ServerAliveInterval 60

If it doesn't work, you can do some checks thanks to this command::

$ proxytunnel -E -p ssh.domain.com:443 -d ssh.domain.com:22 -v \
    -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n"