Boris Gallet
b4d9777ea7
|
2 months ago | |
---|---|---|
.. | ||
actions | 6 years ago | |
build | 4 years ago | |
hooks | 7 months ago | |
lib | 7 months ago | |
test | 7 months ago | |
README.org | 2 months ago | |
metadata.yml | 5 years ago | |
shorewall | 9 years ago |
README.org
Usage
Other services will often require a service managed with this charm to act as a HTTP/HTTPS front-end. It can provide certificates with HTTPS.
Domain assignment
Services using relation web-proxy
or publish-dir
will be required
to be assigned a domain name for the virtual host that will be
created.
Domain sources
This domain name can be set (in order of priority), the first source giving a name will be taken.
-
Relation's options (
web-proxy
orpublish-dir
) Usingdomain
option, and optionally the deprecatedserver-aliases
for additional names.myservice: # ... relations: web-proxy: apache: domain: mydomain.org #server-aliases: # - www.mydomain.org # - pro.mydomain.org
-
Apache service's options, using a
service-domain-name
mapping:myservice: # ... apache: options: service-domain-map: # ... myservice: - mydomain.org - www.mydomain.org - pro.mydomain.org # ...
-
the service name itself if is a domain name:
www.mydomain.org: # ...
Please note that this is not recommended, and will be deprecated.
Domain and alternate domains
Every source (except the one coming out from the domain name), can use several ways to provide more than one domain name.
Please remember:
-
At least one domain name needs to be provided
-
and the first domain can't use wildcards and will be considered the main domain name.
If other domains are specified, they will be used as aliases, and
wildcard (using *
) is supported.
Additionally, bash braces expansion and regex matching are available. Space separated YAML string or YAML sequences are supported, also as mix of both.
As examples, notice the following are equivalent and will serve
myservice
on the exact same set of domain names:
myservice: relations: web-proxy: domain: ## A yaml list - myservice.home.org - mydomain.org - www.mydomain.org - pro.mydomain.org - *.myservice.hop.org
myservice: # ... no domain set in relation apache: options: service-domain-map: ## A yaml list as a mapping value myservice: - myservice.home.org - {,www.,pro.}mydomain.org ## bash braces expansion used - *.myservice.hop.org
myservice: # ... apache: options: service-domain-map: ## space separated YAML string and bash braces expansion myservice: myservice.home.org {,www.,pro.}mydomain.org *.myservice.hop.org
myservice: # ... apache: options: service-domain-map: ## Leveraging bash braces expansion and regex replacement .*: {$0.home,{,www.,pro.}mydomain,*.$0.hop}.org
Domain mapping
You can automatically assign a domain to services in relation
web-proxy
or publish-dir
with services managed by this charm using
the service-domain-name
option. For instance:
apache: options: service-domain-map: .*: $0.mydomain.org
Where mydomain.org
stands for the domain where most of your services
will be served. You can override this behavior for some services:
-
by adding a matching rule before the given rule.
-
by specifying a
domain
in the relation's options.
first rule matching will end the mapping:
apache: options: service-domain-map: foo: www.mydomain.org bar: beta.myotherdomain.com
Allows to distribute services to domains quite freely.
Adding basic authentication for password protected access
Any service using relation web-proxy
or publish-dir
can assign a
simple Basic Auth
protection (which is safe and secure only on https
):
myservice: # ... relations: web-proxy: apache: domain: mydomain.org creds: # USER: PASSWORD foo: fooP4s5w0rd bar: barP4s5w0rd
SSH Tunnel
On the server side, you can configure your compose file::
apache: options: ssh-tunnel: domain: ssh.domain.com ## required #ssl: ... ## required, but automatically setup if you ## provide a ``cert-provider`` to ``apache``.
On the client side you should add this to your ``~/.ssh/config``::
Host ssh.domain.com Port 443 ProxyCommand proxytunnel -q -E -p ssh.domain.com:443 -d ssh.domain.com:22 DynamicForward 1080 ServerAliveInterval 60
If it doesn't work, you can do some checks thanks to this command::
$ proxytunnel -E -p ssh.domain.com:443 -d ssh.domain.com:22 -v \ -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n"