From c37f5c111d22e9e89cd5de6f8d6b4a5d213c5811 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Nowak?= <luke@nexedi.com>
Date: Tue, 6 Sep 2011 12:04:03 +0200
Subject: [PATCH] Public backend apache.

---
 slapos/recipe/bef_erp5/__init__.py            | 53 +++++++++++++++++
 .../template/apache.public.zope.conf.in       | 58 +++++++++++++++++++
 2 files changed, 111 insertions(+)
 create mode 100644 slapos/recipe/bef_erp5/template/apache.public.zope.conf.in

diff --git a/slapos/recipe/bef_erp5/__init__.py b/slapos/recipe/bef_erp5/__init__.py
index b8b5cb7a7..1608436c4 100644
--- a/slapos/recipe/bef_erp5/__init__.py
+++ b/slapos/recipe/bef_erp5/__init__.py
@@ -187,6 +187,10 @@ class Recipe(slapos.recipe.erp5.Recipe):
     apache_web = self.installBackendApache(self.getGlobalIPv6Address(), 15001,
         web_haproxy, backend_key, backend_certificate, suffix='_web',
         access_control_string=access_control_string)
+    apache_public_web = self.installPublicBackendApache(
+        self.getGlobalIPv6Address(), 15080,
+        web_haproxy, suffix='_public_web',
+        access_control_string=access_control_string)
 
     # One Admin Node
     zope_port += 1
@@ -212,6 +216,7 @@ class Recipe(slapos.recipe.erp5.Recipe):
     kumo_conf = self.installKumo(self.getLocalIPv4Address())
     self.setConnectionDict(dict(
       site_web_url=apache_web,
+      public_site_web_url=apache_public_web,
       site_admin_url=apache_admin,
       site_user_url=apache_login,
       site_user=user,
@@ -342,6 +347,54 @@ class Recipe(slapos.recipe.erp5.Recipe):
       self.logger.debug('Created link %r -> %r' % (link, target))
     self.path_list.append(repo_path)
 
+  def installPublicBackendApache(self, ip, port, backend,
+      suffix='', access_control_string=None):
+    apache_conf = self._getApacheConfigurationDict(
+        'public_backend_apache'+suffix, ip, port)
+    apache_conf['server_name'] = '%s' % apache_conf['ip']
+    # no ssl needed
+    prefix = 'public_backend_apache'+suffix
+    rewrite_rule_template = \
+        "RewriteRule (.*) http://%(backend)s$1 [L,P]"
+    if access_control_string is None:
+      path_template = pkg_resources.resource_string('slapos.recipe.erp5',
+        'template/apache.zope.conf.path.in')
+      path = path_template % dict(path='/')
+    else:
+      path_template = pkg_resources.resource_string('slapos.recipe.erp5',
+        'template/apache.zope.conf.path-protected.in')
+      path = path_template % dict(path='/',
+          access_control_string=access_control_string)
+    d = dict(
+          path=path,
+          backend=backend,
+          backend_path='/',
+          port=apache_conf['port'],
+          vhname=path.replace('/', ''),
+    )
+    rewrite_rule = rewrite_rule_template % d
+    apache_conf.update(**dict(
+      path_enable=path,
+      rewrite_rule=rewrite_rule
+    ))
+    apache_conf_string = pkg_resources.resource_string('slapos.recipe.bef_erp5',
+          'template/apache.public.zope.conf.in') % apache_conf
+    apache_config_file = self.createConfigurationFile(prefix + '.conf',
+      apache_conf_string)
+    self.path_list.append(apache_config_file)
+    self.path_list.extend(zc.buildout.easy_install.scripts([(
+      'public_backend_apache'+suffix,
+        'slapos.recipe.erp5' + '.apache', 'runApache')], self.ws,
+          sys.executable, self.wrapper_directory, arguments=[
+            dict(
+              required_path_list=[],
+              binary=self.options['httpd_binary'],
+              config=apache_config_file
+            )
+          ]))
+    # Note: IPv6 is assumed always
+    return 'https://[%(ip)s]:%(port)s' % apache_conf
+
   def _install(self):
     self.path_list = []
     self.requirements, self.ws = self.egg.working_set()
diff --git a/slapos/recipe/bef_erp5/template/apache.public.zope.conf.in b/slapos/recipe/bef_erp5/template/apache.public.zope.conf.in
new file mode 100644
index 000000000..59fa9dec6
--- /dev/null
+++ b/slapos/recipe/bef_erp5/template/apache.public.zope.conf.in
@@ -0,0 +1,58 @@
+# Apache configuration file for Zope
+# Automatically generated
+
+# List of modules
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule antiloris_module modules/mod_antiloris.so
+
+# Basic server configuration
+PidFile "%(pid_file)s"
+LockFile "%(lock_file)s"
+Listen %(ip)s:%(port)s
+ServerAdmin %(server_admin)s
+TypesConfig conf/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+ServerTokens Prod
+ServerSignature Off
+TraceEnable Off
+
+# As backend is trusting REMOTE_USER header unset it always
+RequestHeader unset REMOTE_USER
+
+# Log configuration
+ErrorLog "%(error_log)s"
+LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
+LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
+CustomLog "%(access_log)s" common
+
+# Directory protection
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+    Order deny,allow
+    Deny from all
+</Directory>
+
+# in order to follow default configuration
+CacheDisable /
+
+%(path_enable)s
+
+# Magic of Zope related rewrite
+RewriteEngine On
+RewriteOptions inherit
+%(rewrite_rule)s
-- 
2.30.9