Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kirill Smelkov
slapos
Commits
9db2141d
Commit
9db2141d
authored
Oct 23, 2017
by
eteri
Committed by
Rafael Monnerat
Nov 03, 2017
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Caddy with HTTPS
Support for HTTPS added.
@rafael
@kirr
@gabriel
/reviewed-on
nexedi/slapos!249
parent
1c9e6856
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
124 additions
and
24 deletions
+124
-24
stack/caddy/Caddyfile.in
stack/caddy/Caddyfile.in
+37
-3
stack/caddy/buildout.cfg
stack/caddy/buildout.cfg
+8
-7
stack/caddy/instance-caddy.cfg.in
stack/caddy/instance-caddy.cfg.in
+75
-11
stack/caddy/instance.cfg.in
stack/caddy/instance.cfg.in
+3
-3
stack/caddy/templates/empty.in
stack/caddy/templates/empty.in
+1
-0
stack/caddy/templates/index.html
stack/caddy/templates/index.html
+0
-0
No files found.
stack/caddy/Caddyfile.in
View file @
9db2141d
[$${caddy-configuration:ipv6}]:$${caddy-configuration:port
}
{%- if parameter_dict['domain'] -%
}
log $${caddy-configuration:access_log}
{{ parameter_dict['domain'] }} {
root $${directory:public_html}
\ No newline at end of file
{% if parameter_dict['cert-content'] and parameter_dict['key-content'] -%}
tls {{ custom_cert_dict['cert-file'] }} {{ custom_cert_dict['key-file'] }} {
ca {{ca_custom_frontend_dict['rendered']}}
}
{%- endif %}
log {{caddy_configuration_dict['access_log']}}
root {{ directory_dict['public_html'] }}
basicauth / admin {{htpasswd_dict}}
}
{%- endif %}
[{{caddy_configuration_dict['ipv6']}}]:{{parameter_dict['port']}} {
tls {{ custom_cert_dict['cert-file'] }} {{ custom_cert_dict['key-file'] }} {
ca {{ certificate_authority_dict['ca-cert-file'] }}
}
log {{caddy_configuration_dict['access_log']}}
root {{ directory_dict['public_html'] }}
basicauth / admin {{htpasswd_dict}}
}
\ No newline at end of file
stack/caddy/buildout.cfg
View file @
9db2141d
...
...
@@ -18,28 +18,29 @@ install =
[instance-profile]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
md5sum =
ae83c35995ce14432ded78ca30cab61
b
md5sum =
403f86b667f7a5d397993735bcd162a
b
output =${buildout:directory}/instance.cfg
filename = instance.cfg
mode = 0644
[template-caddyfile]
recipe = slapos.recipe.
template
recipe = slapos.recipe.
build:download
url = ${:_profile_base_location_}/Caddyfile.in
md5sum = 616f9c7cb788e1f1d7cee2093a7dc6ef
output = ${buildout:directory}/Caddyfile.in
md5sum = 2580eeb504d93627d1990f42663f80c7
filename = Caddyfile.in
location = ${buildout:parts-directory}/${:_buildout_section_name_}
mode = 0644
[template-caddy]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-caddy.cfg.in
md5sum =
045022e5698badca5dbdd6b95518f8e1
md5sum =
f87880908a33c03ba68f233cda6c6265
output = ${buildout:directory}/instance-caddy.cfg.in
mode = 0644
[template-public-html]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/index.html
url = ${:_profile_base_location_}/
templates/
index.html
md5sum = b5794ac8b10ed90173ad566e6e324b35
output = ${buildout:directory}/index.html
mode = 0644
...
...
stack/caddy/instance-caddy.cfg.in
View file @
9db2141d
...
...
@@ -2,10 +2,12 @@
parts =
caddy-service
caddy-configuration
certificate-authority
custom-cert
htpasswd
public-html
publish-connection-information
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
...
...
@@ -20,29 +22,82 @@ service = $${:etc}/service
public_html = $${buildout:directory}/public_html
run = $${:var}/run
log = $${:var}/log
#www = $${:srv}/www
#ssl = $${:etc}/ssl
ca-dir = $${:srv}/ssl
#################################
# caddy service
#################################
[caddy-service]
recipe = slapos.cookbook:wrapper
command-line = ${caddy:output} -conf $${caddy-configuration:
output
}
command-line = ${caddy:output} -conf $${caddy-configuration:
rendered
}
wrapper-path = $${directory:service}/caddy
output = $${:wrapper-path}
[caddy-configuration]
recipe = slapos.recipe.template
url = ${template-caddyfile:output
}
output
= $${directory:etc}/Caddyfile
recipe = slapos.recipe.template
:jinja2
template = ${template-caddyfile:location}/${template-caddyfile:filename
}
rendered
= $${directory:etc}/Caddyfile
mode = 0600
access_log = $${directory:log}/caddy-access.log
error_log = $${directory:log}/caddy-error.log
ipv6 = $${slap-network-information:global-ipv6}
local_ip = $${slap-network-information:local-ipv4}
port = 9443
context =
section parameter_dict slap-parameter
section directory_dict directory
section caddy_configuration_dict caddy-configuration
section certificate_authority_dict certificate-authority
key htpasswd_dict htpasswd:passwd
section custom_cert_dict custom-cert
section ca_custom_frontend_dict ca-custom-frontend
[ca-directory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${ca-directory:requests}
wrapper = $${directory:service}/certificate_authority
ca-private = $${ca-directory:private}
ca-certs = $${ca-directory:certs}
ca-newcerts = $${ca-directory:newcerts}
ca-crl = $${ca-directory:crl}
ca-cert-file = $${:ca-dir}/cacert.pem
ca-key-file = $${:ca-private}/cakey.pem
[custom-cert]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${directory:service}/caddy
wrapper = $${directory:service}/caddy
key-file = $${ca-directory:private}/custom.key
cert-file = $${ca-directory:certs}/custom.crt
key-content = $${slap-parameter:key-content}
cert-content = $${slap-parameter:cert-content}
[ca-custom-frontend]
recipe = slapos.recipe.template:jinja2
template = $${template-empty:target}
rendered = $${ca-directory:certs}/caddy_frontend.ca.crt
context =
key content slap-parameter:caddy-ca-certificate
[template-empty]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/$${:filename}
filename = empty.in
[htpasswd]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.pwd
bytes = 8
[public-html]
recipe = slapos.recipe.template
...
...
@@ -52,4 +107,13 @@ mode = 0600
[publish-connection-information]
recipe = slapos.cookbook:publish
url = http://[$${caddy-configuration:ipv6}]:$${caddy-configuration:port}
\ No newline at end of file
init-password = $${htpasswd:passwd}
init-user = admin
url = https://[$${caddy-configuration:ipv6}]:$${slap-parameter:port}
[slap-parameter]
domain =
key-content =
cert-content =
caddy-ca-certificate =
port = 9443
\ No newline at end of file
stack/caddy/instance.cfg.in
View file @
9db2141d
...
...
@@ -28,7 +28,7 @@ rendered = $${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
filename = instance-caddy.cfg
[slap-connection]
computer-id = {slap_connection:computer_id}
computer-id =
$$
{slap_connection:computer_id}
partition-id = $${slap_connection:partition_id}
server-url = $${slap_connection:server_url}
software-release-url = $${slap_connection:software_release_url}
...
...
stack/caddy/templates/empty.in
0 → 100644
View file @
9db2141d
{{ content }}
\ No newline at end of file
stack/caddy/index.html
→
stack/caddy/
templates/
index.html
View file @
9db2141d
File moved
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment