From c37f5c111d22e9e89cd5de6f8d6b4a5d213c5811 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Nowak?= <luke@nexedi.com> Date: Tue, 6 Sep 2011 12:04:03 +0200 Subject: [PATCH] Public backend apache. --- slapos/recipe/bef_erp5/__init__.py | 53 +++++++++++++++++ .../template/apache.public.zope.conf.in | 58 +++++++++++++++++++ 2 files changed, 111 insertions(+) create mode 100644 slapos/recipe/bef_erp5/template/apache.public.zope.conf.in diff --git a/slapos/recipe/bef_erp5/__init__.py b/slapos/recipe/bef_erp5/__init__.py index b8b5cb7a7..1608436c4 100644 --- a/slapos/recipe/bef_erp5/__init__.py +++ b/slapos/recipe/bef_erp5/__init__.py @@ -187,6 +187,10 @@ class Recipe(slapos.recipe.erp5.Recipe): apache_web = self.installBackendApache(self.getGlobalIPv6Address(), 15001, web_haproxy, backend_key, backend_certificate, suffix='_web', access_control_string=access_control_string) + apache_public_web = self.installPublicBackendApache( + self.getGlobalIPv6Address(), 15080, + web_haproxy, suffix='_public_web', + access_control_string=access_control_string) # One Admin Node zope_port += 1 @@ -212,6 +216,7 @@ class Recipe(slapos.recipe.erp5.Recipe): kumo_conf = self.installKumo(self.getLocalIPv4Address()) self.setConnectionDict(dict( site_web_url=apache_web, + public_site_web_url=apache_public_web, site_admin_url=apache_admin, site_user_url=apache_login, site_user=user, @@ -342,6 +347,54 @@ class Recipe(slapos.recipe.erp5.Recipe): self.logger.debug('Created link %r -> %r' % (link, target)) self.path_list.append(repo_path) + def installPublicBackendApache(self, ip, port, backend, + suffix='', access_control_string=None): + apache_conf = self._getApacheConfigurationDict( + 'public_backend_apache'+suffix, ip, port) + apache_conf['server_name'] = '%s' % apache_conf['ip'] + # no ssl needed + prefix = 'public_backend_apache'+suffix + rewrite_rule_template = \ + "RewriteRule (.*) http://%(backend)s$1 [L,P]" + if access_control_string is None: + path_template = pkg_resources.resource_string('slapos.recipe.erp5', + 'template/apache.zope.conf.path.in') + path = path_template % dict(path='/') + else: + path_template = pkg_resources.resource_string('slapos.recipe.erp5', + 'template/apache.zope.conf.path-protected.in') + path = path_template % dict(path='/', + access_control_string=access_control_string) + d = dict( + path=path, + backend=backend, + backend_path='/', + port=apache_conf['port'], + vhname=path.replace('/', ''), + ) + rewrite_rule = rewrite_rule_template % d + apache_conf.update(**dict( + path_enable=path, + rewrite_rule=rewrite_rule + )) + apache_conf_string = pkg_resources.resource_string('slapos.recipe.bef_erp5', + 'template/apache.public.zope.conf.in') % apache_conf + apache_config_file = self.createConfigurationFile(prefix + '.conf', + apache_conf_string) + self.path_list.append(apache_config_file) + self.path_list.extend(zc.buildout.easy_install.scripts([( + 'public_backend_apache'+suffix, + 'slapos.recipe.erp5' + '.apache', 'runApache')], self.ws, + sys.executable, self.wrapper_directory, arguments=[ + dict( + required_path_list=[], + binary=self.options['httpd_binary'], + config=apache_config_file + ) + ])) + # Note: IPv6 is assumed always + return 'https://[%(ip)s]:%(port)s' % apache_conf + def _install(self): self.path_list = [] self.requirements, self.ws = self.egg.working_set() diff --git a/slapos/recipe/bef_erp5/template/apache.public.zope.conf.in b/slapos/recipe/bef_erp5/template/apache.public.zope.conf.in new file mode 100644 index 000000000..59fa9dec6 --- /dev/null +++ b/slapos/recipe/bef_erp5/template/apache.public.zope.conf.in @@ -0,0 +1,58 @@ +# Apache configuration file for Zope +# Automatically generated + +# List of modules +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule version_module modules/mod_version.so +LoadModule proxy_module modules/mod_proxy.so +LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule ssl_module modules/mod_ssl.so +LoadModule mime_module modules/mod_mime.so +LoadModule dav_module modules/mod_dav.so +LoadModule dav_fs_module modules/mod_dav_fs.so +LoadModule negotiation_module modules/mod_negotiation.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule headers_module modules/mod_headers.so +LoadModule antiloris_module modules/mod_antiloris.so + +# Basic server configuration +PidFile "%(pid_file)s" +LockFile "%(lock_file)s" +Listen %(ip)s:%(port)s +ServerAdmin %(server_admin)s +TypesConfig conf/mime.types +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz + +ServerTokens Prod +ServerSignature Off +TraceEnable Off + +# As backend is trusting REMOTE_USER header unset it always +RequestHeader unset REMOTE_USER + +# Log configuration +ErrorLog "%(error_log)s" +LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined +LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common +CustomLog "%(access_log)s" common + +# Directory protection +<Directory /> + Options FollowSymLinks + AllowOverride None + Order deny,allow + Deny from all +</Directory> + +# in order to follow default configuration +CacheDisable / + +%(path_enable)s + +# Magic of Zope related rewrite +RewriteEngine On +RewriteOptions inherit +%(rewrite_rule)s -- 2.30.9