caddy-frontend: Server on IPv6

By using 6tunnel workaround Caddy limitation of binding to only one
interface and in the result listen on IPv6.

Also drop needless "ipv6" keys across configuration.

software/caddy-frontend/buildout.hash.cfg

@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
 
 [template-apache-frontend]
 filename = instance-apache-frontend.cfg
-md5sum = 6416ce7ffa3e856f8ba06722ab9232fe
+md5sum = 0f9d764e1c4c5e345cdb90390c9d90b6
 
 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913
 
 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 8333871e68e76c7792b4624a2a90b707
+md5sum = 3e7350f9f27cddc63ee9711b548790fa
 
 [template-slave-configuration]
 filename = templates/custom-virtualhost.conf.in
@@ -39,11 +39,11 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e
 
 [template-caddy-frontend-configuration]
 filename = templates/Caddyfile.in
-md5sum = d1a7a759aa2801c96ecf4445a33203f2
+md5sum = edfdd21d712f4ba4c2e1fcb9ea096554
 
 [template-custom-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 8333871e68e76c7792b4624a2a90b707
+md5sum = 3e7350f9f27cddc63ee9711b548790fa
 
 [template-not-found-html]
 filename = templates/notfound.html
@@ -51,19 +51,19 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
 
 [template-default-virtualhost]
 filename = templates/000.conf.in
-md5sum = 4dbb8560e4de1af2a0706b020e713fe7
+md5sum = 88a31d5a26c26408443fa5c2550ff8ac
 
 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = 4e06ce63dfbd38dd855f04aa7d01951f
+md5sum = 831d2eb5a0489b340dcf244025e579b0
 
 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
-md5sum = b66ebb546e1762419a22ac853437a9c2
+md5sum = be76c0e96df722dee278077988d869a6
 
 [template-log-access]
 filename = templates/template-log-access.conf.in
-md5sum = cd3043964ae7fd8489e545ba0d4fc603
+md5sum = b816d5f5954c0b2bf7945bb0770e7a01
 
 [template-empty]
 filename = templates/empty.in
@@ -83,15 +83,15 @@ md5sum = 117238225b3fc3c5b5be381815f44c67
 
 [template-nginx-configuration]
 filename = templates/nginx.cfg.in
-md5sum = e85e5ebc2cea6f48af90601ed9bd2d84
+md5sum = b627db17b337947294e587a1e3bc3597
 
 [template-nginx-eventsource-slave-virtualhost]
 filename = templates/nginx-eventsource-slave.conf.in
-md5sum = 7fb09bb130dc463a6736c1f319e798d6
+md5sum = a0c5c376753da042c5f8444a33066acf
 
 [template-nginx-notebook-slave-virtualhost]
 filename = templates/nginx-notebook-slave.conf.in
-md5sum = afa11dda952b2317227e5c72508aeda2
+md5sum = 193184d052d8ef8b09fa980cbca90798
 
 [template-apache-lazy-script-call]
 filename = templates/apache-lazy-script-call.sh.in

software/caddy-frontend/common.cfg

@@ -9,6 +9,7 @@ extends =
   ../../component/logrotate/buildout.cfg
   ../../component/rdiff-backup/buildout.cfg
   ../../component/trafficserver/buildout.cfg
+  ../../component/6tunnel/buildout.cfg
 
   ../../stack/nodejs.cfg
 # Monitoring stack (keep on bottom)

software/caddy-frontend/instance-apache-frontend.cfg

@@ -158,7 +158,6 @@ extra-context =
     key login_key ca-frontend:key-file
     key login_ca_crt ca-custom-frontend:rendered
     key ipv4_addr instance-parameter:ipv4-random
-    key ipv6_addr instance-parameter:ipv6-random
 
 [software-release-path]
 template-empty = ${template-empty:target}
@@ -211,7 +210,8 @@ extra-context =
     key login_certificate ca-frontend:cert-file
     key login_key ca-frontend:key-file
     key login_ca_crt ca-custom-frontend:rendered
-
+    raw sixtunnel_executable ${6tunnel:location}/bin/6tunnel
+    raw service_directory $${directory:service}
 [dynamic-virtualhost-template-slave]
 <= jinja2-template-base
 template = ${template-slave-configuration:target}
@@ -234,7 +234,6 @@ extra-context =
     key document_root caddy-directory:document-root
     key instance_home buildout:directory
     key ipv4_addr instance-parameter:ipv4-random
-    key ipv6_addr instance-parameter:ipv6-random
     key server_admin instance-parameter:configuration.server-admin
     key protected_path apache-configuration:protected-path
     key access_control_string apache-configuration:access-control-string

software/caddy-frontend/templates/000.conf.in

 https://www.example.org:{{ https_port }} {
   tls {{ login_certificate }} {{ login_key }}
   bind {{ ipv4_addr }}
-# TODO-Caddy  bind {{ ipv6_addr }}
 status 404 /
 # TODO-Caddy   SSLEngine on
 # TODO-Caddy   SSLProxyEngine on
@@ -20,6 +19,5 @@ status 404 /
 
 http://www.example.org:{{ http_port }} {
   bind {{ ipv4_addr }}
-# TODO-Caddy  bind {{ ipv6_addr }}
 status 404 /
-}
\ No newline at end of file
+}

software/caddy-frontend/templates/Caddyfile.in

@@ -9,7 +9,6 @@
 # TODO-Caddy {{ "Listen %s:%s" % (ipv4_addr, cached_port)  }}
 # TODO-Caddy {{ "Listen %s:%s" % (ipv4_addr, ssl_cached_port)  }}
 # TODO-Caddy per site bind {{ ipv4_addr }}
-# TODO-Caddy per site bind {{ ipv6_addr }}
 
 # TODO-Caddy ServerAdmin {{ server_admin }}
 # TODO-Caddy TypesConfig {{ httpd_home }}/conf/mime.types

software/caddy-frontend/templates/apache-custom-slave-list.cfg.in

@@ -225,9 +225,7 @@ filename = {{ '%s.conf' % slave_reference }}
 extra-context =
     raw https_port {{ https_port }}
     raw http_port {{ http_port }}
-    raw global_ipv6 {{ global_ipv6 }}
     raw local_ipv4 {{ local_ipv4 }}
-    raw local_ipv6 {{ local_ipv6 }}
     raw nginx_http_port {{ nginx_http_port }} 
     raw nginx_https_port {{ nginx_https_port }}
     section slave_parameter {{ slave_configuration_section_name }}
@@ -319,7 +317,6 @@ extra-context =
     raw cached_port {{ cached_port }}
     raw ssl_cached_port {{ ssl_cached_port }}
     raw local_ipv4 {{ local_ipv4 }}
-    raw local_ipv6 {{ local_ipv6 }}
 {{ '\n' }}
 {% endfor %}
 
@@ -327,6 +324,44 @@ extra-context =
 <= slave-log-directory-dict
 recipe = slapos.cookbook:mkdirectory
 
+{#- Define IPv6 to IPV4 tunneling #}
+[tunnel-6to4-base]
+recipe = slapos.cookbook:wrapper
+ipv4 = ${slap-network-information:local-ipv4}
+ipv6 = ${slap-network-information:global-ipv6}
+wrapper-path = {{ service_directory}}/6tunnel-${:ipv6-port}
+command-line = {{ sixtunnel_executable }} -6 -4 -d -l ${:ipv6} ${:ipv6-port} ${:ipv4} ${:ipv4-port}
+
+[tunnel-6to4-base-http_port]
+<= tunnel-6to4-base
+ipv4-port = {{ http_port }}
+ipv6-port = {{ http_port }}
+
+[tunnel-6to4-base-https_port]
+<= tunnel-6to4-base
+ipv4-port = {{ https_port }}
+ipv6-port = {{ https_port }}
+
+[tunnel-6to4-base-cached_port]
+<= tunnel-6to4-base
+ipv4-port = {{ cached_port }}
+ipv6-port = {{ cached_port }}
+
+[tunnel-6to4-base-ssl_cached_port]
+<= tunnel-6to4-base
+ipv4-port = {{ ssl_cached_port }}
+ipv6-port = {{ ssl_cached_port }}
+
+[tunnel-6to4-base-nginx_http_port]
+<= tunnel-6to4-base
+ipv4-port = {{ nginx_http_port }}
+ipv6-port = {{ nginx_http_port }}
+
+[tunnel-6to4-base-nginx_https_port]
+<= tunnel-6to4-base
+ipv4-port = {{ nginx_https_port }}
+ipv6-port = {{ nginx_https_port }}
+
 {# Define log access #}
 [apache-log-access]
 < = jinja2-template-base
@@ -338,10 +373,9 @@ extra-context =
     raw apache_log_directory {{apache_log_directory}}
     raw apache_configuration_directory {{apache_configuration_directory}}
     raw local_ipv4 {{ local_ipv4 }}
-    raw local_ipv6 {{ local_ipv6 }}
+    raw global_ipv6 {{ global_ipv6 }}
     raw https_port {{ https_port }}
     raw http_port {{ http_port }}
-    raw global_ipv6 {{ global_ipv6 }}
     raw login_certificate {{ login_certificate }}
     raw login_key {{ login_key }}
 
@@ -363,6 +397,12 @@ parts +=
 {% endfor %}
     publish-apache-information
     apache-log-access
+    tunnel-6to4-base-http_port
+    tunnel-6to4-base-https_port
+    tunnel-6to4-base-cached_port
+    tunnel-6to4-base-ssl_cached_port
+    tunnel-6to4-base-nginx_http_port
+    tunnel-6to4-base-nginx_https_port
 
 eggs-directory = {{ eggs_directory }}
 develop-eggs-directory = {{ develop_eggs_directory }}

software/caddy-frontend/templates/cached-virtualhost.conf.in

@@ -12,7 +12,6 @@
 # Only accept generic (i.e not Zope) backends on http
 {{ http_host_list|join(', ') }} {
   bind {{ local_ipv4 }}
-# TODO-Caddy  bind {{ local_ipv6 }}
 # Rewrite part
   proxy / {{ slave_parameter.get('backend_url', '') }} {
     transparent
@@ -30,7 +29,6 @@
 
 {{ https_host_list|join(', ') }} {
   bind {{ local_ipv4 }}
-# TODO-Caddy  bind {{ local_ipv6 }}
 ##  tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }}
   proxy / {{ slave_parameter.get('https_backend_url', '') }} {
     transparent

software/caddy-frontend/templates/default-virtualhost.conf.in

@@ -18,7 +18,6 @@
 {%- endfor %}
 {{ https_host_list|join(', ') }} {
   bind {{ local_ipv4 }}
-# TODO-Caddy  bind {{ local_ipv6 }}
   tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} {
 {%- if slave_parameter.get('path_to_ssl_ca_crt') %}
     clients {{ slave_parameter.get('path_to_ssl_ca_crt') }}
@@ -116,7 +115,6 @@
 
 {{ http_host_list|join(', ') }} {
   bind {{ local_ipv4 }}
-# TODO-Caddy  bind {{ local_ipv6 }}
 
   log / {{ slave_parameter.get('access_log') }} {combined}
   errors {{ slave_parameter.get('error_log') }}

software/caddy-frontend/templates/nginx-eventsource-slave.conf.in

@@ -21,7 +21,6 @@
 
 
 # TODO-Caddy server {
-# TODO-Caddy  listen [{{ global_ipv6 }}]:{{ nginx_http_port }};
 # TODO-Caddy  listen {{ local_ipv4 }}:{{ nginx_http_port }};
 # TODO-Caddy 
 # TODO-Caddy  server_name {{ slave_parameter.get('custom_domain') }};
@@ -61,7 +60,6 @@
 # TODO-Caddy 
 
 # TODO-Caddy server {
-# TODO-Caddy  listen [{{ global_ipv6 }}]:{{ nginx_https_port }} ssl;
 # TODO-Caddy  listen {{ local_ipv4 }}:{{ nginx_https_port }} ssl;
 # TODO-Caddy 
 # TODO-Caddy  server_name {{ slave_parameter.get('custom_domain') }};

software/caddy-frontend/templates/nginx-notebook-slave.conf.in

@@ -21,7 +21,6 @@
 
 
 # TODO-Caddy server {
-# TODO-Caddy   listen [{{ global_ipv6 }}]:{{ nginx_http_port }};
 # TODO-Caddy   listen {{ local_ipv4 }}:{{ nginx_http_port }};
 # TODO-Caddy 
 # TODO-Caddy   server_name {{ slave_parameter.get('custom_domain') }};
@@ -56,7 +55,6 @@
 # TODO-Caddy }
 
 # TODO-Caddy server {
-# TODO-Caddy   listen [{{ global_ipv6 }}]:{{ nginx_https_port }} ssl;
 # TODO-Caddy   listen {{ local_ipv4 }}:{{ nginx_https_port }} ssl;
 # TODO-Caddy 
 # TODO-Caddy   server_name {{ slave_parameter.get('custom_domain') }};

software/caddy-frontend/templates/nginx.cfg.in

@@ -2,7 +2,6 @@
 https://www.example.org:$${nginx-configuration:port} {
   tls $${nginx-configuration:ssl_certificate} $${nginx-configuration:ssl_key}
   bind $${nginx-configuration:local_ip}
-# TODO-Caddy  bind {{ ipv6_addr }}
 # Serve an error 204 (No Content) for favicon.ico
 status 204 /favicon.ico
 status 404 /
@@ -10,7 +9,6 @@ status 404 /
 
 http://www.example.org:$${nginx-configuration:plain_port} {
   bind $${nginx-configuration:local_ip}
-# TODO-Caddy  bind {{ ipv6_addr }}
 # Serve an error 204 (No Content) for favicon.ico
 status 204 /favicon.ico
 status 404 /

software/caddy-frontend/templates/template-log-access.conf.in

 {% for slave, directory in slave_log_directory.iteritems() %}
 https://[{{ global_ipv6 }}]:{{ https_port }}/{{ slave }}, https://{{ local_ipv4 }}:{{ https_port }}/{{ slave }} {
   bind {{ local_ipv4 }}
-  #bind {{ global_ipv6 }}
   root {{directory}}/
   browse
   tls {{ login_certificate }} {{ login_key }}