Commit 678a7e47 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Server on IPv6

By using 6tunnel workaround Caddy limitation of binding to only one
interface and in the result listen on IPv6.

Also drop needless "ipv6" keys across configuration.
parent c1485d65
...@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e ...@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg filename = instance-apache-frontend.cfg
md5sum = 6416ce7ffa3e856f8ba06722ab9232fe md5sum = 0f9d764e1c4c5e345cdb90390c9d90b6
[template-apache-replicate] [template-apache-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
...@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913 ...@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913
[template-slave-list] [template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = 8333871e68e76c7792b4624a2a90b707 md5sum = 3e7350f9f27cddc63ee9711b548790fa
[template-slave-configuration] [template-slave-configuration]
filename = templates/custom-virtualhost.conf.in filename = templates/custom-virtualhost.conf.in
...@@ -39,11 +39,11 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e ...@@ -39,11 +39,11 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e
[template-caddy-frontend-configuration] [template-caddy-frontend-configuration]
filename = templates/Caddyfile.in filename = templates/Caddyfile.in
md5sum = d1a7a759aa2801c96ecf4445a33203f2 md5sum = edfdd21d712f4ba4c2e1fcb9ea096554
[template-custom-slave-list] [template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = 8333871e68e76c7792b4624a2a90b707 md5sum = 3e7350f9f27cddc63ee9711b548790fa
[template-not-found-html] [template-not-found-html]
filename = templates/notfound.html filename = templates/notfound.html
...@@ -51,19 +51,19 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b ...@@ -51,19 +51,19 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-virtualhost] [template-default-virtualhost]
filename = templates/000.conf.in filename = templates/000.conf.in
md5sum = 4dbb8560e4de1af2a0706b020e713fe7 md5sum = 88a31d5a26c26408443fa5c2550ff8ac
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = 4e06ce63dfbd38dd855f04aa7d01951f md5sum = 831d2eb5a0489b340dcf244025e579b0
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
md5sum = b66ebb546e1762419a22ac853437a9c2 md5sum = be76c0e96df722dee278077988d869a6
[template-log-access] [template-log-access]
filename = templates/template-log-access.conf.in filename = templates/template-log-access.conf.in
md5sum = cd3043964ae7fd8489e545ba0d4fc603 md5sum = b816d5f5954c0b2bf7945bb0770e7a01
[template-empty] [template-empty]
filename = templates/empty.in filename = templates/empty.in
...@@ -83,15 +83,15 @@ md5sum = 117238225b3fc3c5b5be381815f44c67 ...@@ -83,15 +83,15 @@ md5sum = 117238225b3fc3c5b5be381815f44c67
[template-nginx-configuration] [template-nginx-configuration]
filename = templates/nginx.cfg.in filename = templates/nginx.cfg.in
md5sum = e85e5ebc2cea6f48af90601ed9bd2d84 md5sum = b627db17b337947294e587a1e3bc3597
[template-nginx-eventsource-slave-virtualhost] [template-nginx-eventsource-slave-virtualhost]
filename = templates/nginx-eventsource-slave.conf.in filename = templates/nginx-eventsource-slave.conf.in
md5sum = 7fb09bb130dc463a6736c1f319e798d6 md5sum = a0c5c376753da042c5f8444a33066acf
[template-nginx-notebook-slave-virtualhost] [template-nginx-notebook-slave-virtualhost]
filename = templates/nginx-notebook-slave.conf.in filename = templates/nginx-notebook-slave.conf.in
md5sum = afa11dda952b2317227e5c72508aeda2 md5sum = 193184d052d8ef8b09fa980cbca90798
[template-apache-lazy-script-call] [template-apache-lazy-script-call]
filename = templates/apache-lazy-script-call.sh.in filename = templates/apache-lazy-script-call.sh.in
......
...@@ -9,6 +9,7 @@ extends = ...@@ -9,6 +9,7 @@ extends =
../../component/logrotate/buildout.cfg ../../component/logrotate/buildout.cfg
../../component/rdiff-backup/buildout.cfg ../../component/rdiff-backup/buildout.cfg
../../component/trafficserver/buildout.cfg ../../component/trafficserver/buildout.cfg
../../component/6tunnel/buildout.cfg
../../stack/nodejs.cfg ../../stack/nodejs.cfg
# Monitoring stack (keep on bottom) # Monitoring stack (keep on bottom)
......
...@@ -158,7 +158,6 @@ extra-context = ...@@ -158,7 +158,6 @@ extra-context =
key login_key ca-frontend:key-file key login_key ca-frontend:key-file
key login_ca_crt ca-custom-frontend:rendered key login_ca_crt ca-custom-frontend:rendered
key ipv4_addr instance-parameter:ipv4-random key ipv4_addr instance-parameter:ipv4-random
key ipv6_addr instance-parameter:ipv6-random
[software-release-path] [software-release-path]
template-empty = ${template-empty:target} template-empty = ${template-empty:target}
...@@ -211,7 +210,8 @@ extra-context = ...@@ -211,7 +210,8 @@ extra-context =
key login_certificate ca-frontend:cert-file key login_certificate ca-frontend:cert-file
key login_key ca-frontend:key-file key login_key ca-frontend:key-file
key login_ca_crt ca-custom-frontend:rendered key login_ca_crt ca-custom-frontend:rendered
raw sixtunnel_executable ${6tunnel:location}/bin/6tunnel
raw service_directory $${directory:service}
[dynamic-virtualhost-template-slave] [dynamic-virtualhost-template-slave]
<= jinja2-template-base <= jinja2-template-base
template = ${template-slave-configuration:target} template = ${template-slave-configuration:target}
...@@ -234,7 +234,6 @@ extra-context = ...@@ -234,7 +234,6 @@ extra-context =
key document_root caddy-directory:document-root key document_root caddy-directory:document-root
key instance_home buildout:directory key instance_home buildout:directory
key ipv4_addr instance-parameter:ipv4-random key ipv4_addr instance-parameter:ipv4-random
key ipv6_addr instance-parameter:ipv6-random
key server_admin instance-parameter:configuration.server-admin key server_admin instance-parameter:configuration.server-admin
key protected_path apache-configuration:protected-path key protected_path apache-configuration:protected-path
key access_control_string apache-configuration:access-control-string key access_control_string apache-configuration:access-control-string
......
https://www.example.org:{{ https_port }} { https://www.example.org:{{ https_port }} {
tls {{ login_certificate }} {{ login_key }} tls {{ login_certificate }} {{ login_key }}
bind {{ ipv4_addr }} bind {{ ipv4_addr }}
# TODO-Caddy bind {{ ipv6_addr }}
status 404 / status 404 /
# TODO-Caddy SSLEngine on # TODO-Caddy SSLEngine on
# TODO-Caddy SSLProxyEngine on # TODO-Caddy SSLProxyEngine on
...@@ -20,6 +19,5 @@ status 404 / ...@@ -20,6 +19,5 @@ status 404 /
http://www.example.org:{{ http_port }} { http://www.example.org:{{ http_port }} {
bind {{ ipv4_addr }} bind {{ ipv4_addr }}
# TODO-Caddy bind {{ ipv6_addr }}
status 404 / status 404 /
} }
...@@ -9,7 +9,6 @@ ...@@ -9,7 +9,6 @@
# TODO-Caddy {{ "Listen %s:%s" % (ipv4_addr, cached_port) }} # TODO-Caddy {{ "Listen %s:%s" % (ipv4_addr, cached_port) }}
# TODO-Caddy {{ "Listen %s:%s" % (ipv4_addr, ssl_cached_port) }} # TODO-Caddy {{ "Listen %s:%s" % (ipv4_addr, ssl_cached_port) }}
# TODO-Caddy per site bind {{ ipv4_addr }} # TODO-Caddy per site bind {{ ipv4_addr }}
# TODO-Caddy per site bind {{ ipv6_addr }}
# TODO-Caddy ServerAdmin {{ server_admin }} # TODO-Caddy ServerAdmin {{ server_admin }}
# TODO-Caddy TypesConfig {{ httpd_home }}/conf/mime.types # TODO-Caddy TypesConfig {{ httpd_home }}/conf/mime.types
......
...@@ -225,9 +225,7 @@ filename = {{ '%s.conf' % slave_reference }} ...@@ -225,9 +225,7 @@ filename = {{ '%s.conf' % slave_reference }}
extra-context = extra-context =
raw https_port {{ https_port }} raw https_port {{ https_port }}
raw http_port {{ http_port }} raw http_port {{ http_port }}
raw global_ipv6 {{ global_ipv6 }}
raw local_ipv4 {{ local_ipv4 }} raw local_ipv4 {{ local_ipv4 }}
raw local_ipv6 {{ local_ipv6 }}
raw nginx_http_port {{ nginx_http_port }} raw nginx_http_port {{ nginx_http_port }}
raw nginx_https_port {{ nginx_https_port }} raw nginx_https_port {{ nginx_https_port }}
section slave_parameter {{ slave_configuration_section_name }} section slave_parameter {{ slave_configuration_section_name }}
...@@ -319,7 +317,6 @@ extra-context = ...@@ -319,7 +317,6 @@ extra-context =
raw cached_port {{ cached_port }} raw cached_port {{ cached_port }}
raw ssl_cached_port {{ ssl_cached_port }} raw ssl_cached_port {{ ssl_cached_port }}
raw local_ipv4 {{ local_ipv4 }} raw local_ipv4 {{ local_ipv4 }}
raw local_ipv6 {{ local_ipv6 }}
{{ '\n' }} {{ '\n' }}
{% endfor %} {% endfor %}
...@@ -327,6 +324,44 @@ extra-context = ...@@ -327,6 +324,44 @@ extra-context =
<= slave-log-directory-dict <= slave-log-directory-dict
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
{#- Define IPv6 to IPV4 tunneling #}
[tunnel-6to4-base]
recipe = slapos.cookbook:wrapper
ipv4 = ${slap-network-information:local-ipv4}
ipv6 = ${slap-network-information:global-ipv6}
wrapper-path = {{ service_directory}}/6tunnel-${:ipv6-port}
command-line = {{ sixtunnel_executable }} -6 -4 -d -l ${:ipv6} ${:ipv6-port} ${:ipv4} ${:ipv4-port}
[tunnel-6to4-base-http_port]
<= tunnel-6to4-base
ipv4-port = {{ http_port }}
ipv6-port = {{ http_port }}
[tunnel-6to4-base-https_port]
<= tunnel-6to4-base
ipv4-port = {{ https_port }}
ipv6-port = {{ https_port }}
[tunnel-6to4-base-cached_port]
<= tunnel-6to4-base
ipv4-port = {{ cached_port }}
ipv6-port = {{ cached_port }}
[tunnel-6to4-base-ssl_cached_port]
<= tunnel-6to4-base
ipv4-port = {{ ssl_cached_port }}
ipv6-port = {{ ssl_cached_port }}
[tunnel-6to4-base-nginx_http_port]
<= tunnel-6to4-base
ipv4-port = {{ nginx_http_port }}
ipv6-port = {{ nginx_http_port }}
[tunnel-6to4-base-nginx_https_port]
<= tunnel-6to4-base
ipv4-port = {{ nginx_https_port }}
ipv6-port = {{ nginx_https_port }}
{# Define log access #} {# Define log access #}
[apache-log-access] [apache-log-access]
< = jinja2-template-base < = jinja2-template-base
...@@ -338,10 +373,9 @@ extra-context = ...@@ -338,10 +373,9 @@ extra-context =
raw apache_log_directory {{apache_log_directory}} raw apache_log_directory {{apache_log_directory}}
raw apache_configuration_directory {{apache_configuration_directory}} raw apache_configuration_directory {{apache_configuration_directory}}
raw local_ipv4 {{ local_ipv4 }} raw local_ipv4 {{ local_ipv4 }}
raw local_ipv6 {{ local_ipv6 }} raw global_ipv6 {{ global_ipv6 }}
raw https_port {{ https_port }} raw https_port {{ https_port }}
raw http_port {{ http_port }} raw http_port {{ http_port }}
raw global_ipv6 {{ global_ipv6 }}
raw login_certificate {{ login_certificate }} raw login_certificate {{ login_certificate }}
raw login_key {{ login_key }} raw login_key {{ login_key }}
...@@ -363,6 +397,12 @@ parts += ...@@ -363,6 +397,12 @@ parts +=
{% endfor %} {% endfor %}
publish-apache-information publish-apache-information
apache-log-access apache-log-access
tunnel-6to4-base-http_port
tunnel-6to4-base-https_port
tunnel-6to4-base-cached_port
tunnel-6to4-base-ssl_cached_port
tunnel-6to4-base-nginx_http_port
tunnel-6to4-base-nginx_https_port
eggs-directory = {{ eggs_directory }} eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }} develop-eggs-directory = {{ develop_eggs_directory }}
......
...@@ -12,7 +12,6 @@ ...@@ -12,7 +12,6 @@
# Only accept generic (i.e not Zope) backends on http # Only accept generic (i.e not Zope) backends on http
{{ http_host_list|join(', ') }} { {{ http_host_list|join(', ') }} {
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
# TODO-Caddy bind {{ local_ipv6 }}
# Rewrite part # Rewrite part
proxy / {{ slave_parameter.get('backend_url', '') }} { proxy / {{ slave_parameter.get('backend_url', '') }} {
transparent transparent
...@@ -30,7 +29,6 @@ ...@@ -30,7 +29,6 @@
{{ https_host_list|join(', ') }} { {{ https_host_list|join(', ') }} {
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
# TODO-Caddy bind {{ local_ipv6 }}
## tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} ## tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }}
proxy / {{ slave_parameter.get('https_backend_url', '') }} { proxy / {{ slave_parameter.get('https_backend_url', '') }} {
transparent transparent
......
...@@ -18,7 +18,6 @@ ...@@ -18,7 +18,6 @@
{%- endfor %} {%- endfor %}
{{ https_host_list|join(', ') }} { {{ https_host_list|join(', ') }} {
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
# TODO-Caddy bind {{ local_ipv6 }}
tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} { tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} {
{%- if slave_parameter.get('path_to_ssl_ca_crt') %} {%- if slave_parameter.get('path_to_ssl_ca_crt') %}
clients {{ slave_parameter.get('path_to_ssl_ca_crt') }} clients {{ slave_parameter.get('path_to_ssl_ca_crt') }}
...@@ -116,7 +115,6 @@ ...@@ -116,7 +115,6 @@
{{ http_host_list|join(', ') }} { {{ http_host_list|join(', ') }} {
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
# TODO-Caddy bind {{ local_ipv6 }}
log / {{ slave_parameter.get('access_log') }} {combined} log / {{ slave_parameter.get('access_log') }} {combined}
errors {{ slave_parameter.get('error_log') }} errors {{ slave_parameter.get('error_log') }}
......
...@@ -21,7 +21,6 @@ ...@@ -21,7 +21,6 @@
# TODO-Caddy server { # TODO-Caddy server {
# TODO-Caddy listen [{{ global_ipv6 }}]:{{ nginx_http_port }};
# TODO-Caddy listen {{ local_ipv4 }}:{{ nginx_http_port }}; # TODO-Caddy listen {{ local_ipv4 }}:{{ nginx_http_port }};
# TODO-Caddy # TODO-Caddy
# TODO-Caddy server_name {{ slave_parameter.get('custom_domain') }}; # TODO-Caddy server_name {{ slave_parameter.get('custom_domain') }};
...@@ -61,7 +60,6 @@ ...@@ -61,7 +60,6 @@
# TODO-Caddy # TODO-Caddy
# TODO-Caddy server { # TODO-Caddy server {
# TODO-Caddy listen [{{ global_ipv6 }}]:{{ nginx_https_port }} ssl;
# TODO-Caddy listen {{ local_ipv4 }}:{{ nginx_https_port }} ssl; # TODO-Caddy listen {{ local_ipv4 }}:{{ nginx_https_port }} ssl;
# TODO-Caddy # TODO-Caddy
# TODO-Caddy server_name {{ slave_parameter.get('custom_domain') }}; # TODO-Caddy server_name {{ slave_parameter.get('custom_domain') }};
......
...@@ -21,7 +21,6 @@ ...@@ -21,7 +21,6 @@
# TODO-Caddy server { # TODO-Caddy server {
# TODO-Caddy listen [{{ global_ipv6 }}]:{{ nginx_http_port }};
# TODO-Caddy listen {{ local_ipv4 }}:{{ nginx_http_port }}; # TODO-Caddy listen {{ local_ipv4 }}:{{ nginx_http_port }};
# TODO-Caddy # TODO-Caddy
# TODO-Caddy server_name {{ slave_parameter.get('custom_domain') }}; # TODO-Caddy server_name {{ slave_parameter.get('custom_domain') }};
...@@ -56,7 +55,6 @@ ...@@ -56,7 +55,6 @@
# TODO-Caddy } # TODO-Caddy }
# TODO-Caddy server { # TODO-Caddy server {
# TODO-Caddy listen [{{ global_ipv6 }}]:{{ nginx_https_port }} ssl;
# TODO-Caddy listen {{ local_ipv4 }}:{{ nginx_https_port }} ssl; # TODO-Caddy listen {{ local_ipv4 }}:{{ nginx_https_port }} ssl;
# TODO-Caddy # TODO-Caddy
# TODO-Caddy server_name {{ slave_parameter.get('custom_domain') }}; # TODO-Caddy server_name {{ slave_parameter.get('custom_domain') }};
......
...@@ -2,7 +2,6 @@ ...@@ -2,7 +2,6 @@
https://www.example.org:$${nginx-configuration:port} { https://www.example.org:$${nginx-configuration:port} {
tls $${nginx-configuration:ssl_certificate} $${nginx-configuration:ssl_key} tls $${nginx-configuration:ssl_certificate} $${nginx-configuration:ssl_key}
bind $${nginx-configuration:local_ip} bind $${nginx-configuration:local_ip}
# TODO-Caddy bind {{ ipv6_addr }}
# Serve an error 204 (No Content) for favicon.ico # Serve an error 204 (No Content) for favicon.ico
status 204 /favicon.ico status 204 /favicon.ico
status 404 / status 404 /
...@@ -10,7 +9,6 @@ status 404 / ...@@ -10,7 +9,6 @@ status 404 /
http://www.example.org:$${nginx-configuration:plain_port} { http://www.example.org:$${nginx-configuration:plain_port} {
bind $${nginx-configuration:local_ip} bind $${nginx-configuration:local_ip}
# TODO-Caddy bind {{ ipv6_addr }}
# Serve an error 204 (No Content) for favicon.ico # Serve an error 204 (No Content) for favicon.ico
status 204 /favicon.ico status 204 /favicon.ico
status 404 / status 404 /
......
{% for slave, directory in slave_log_directory.iteritems() %} {% for slave, directory in slave_log_directory.iteritems() %}
https://[{{ global_ipv6 }}]:{{ https_port }}/{{ slave }}, https://{{ local_ipv4 }}:{{ https_port }}/{{ slave }} { https://[{{ global_ipv6 }}]:{{ https_port }}/{{ slave }}, https://{{ local_ipv4 }}:{{ https_port }}/{{ slave }} {
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
#bind {{ global_ipv6 }}
root {{directory}}/ root {{directory}}/
browse browse
tls {{ login_certificate }} {{ login_key }} tls {{ login_certificate }} {{ login_key }}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment