Commit 1edd89be authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Switch expose-csr_id publication to nginx

parent 948f8c9a
...@@ -114,7 +114,7 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8 ...@@ -114,7 +114,7 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8
[profile-kedifa] [profile-kedifa]
filename = instance-kedifa.cfg.in filename = instance-kedifa.cfg.in
md5sum = 5a3986fedd4a44de833c89203c6aab21 md5sum = afac9171681f5b6f1da1a367219348cf
[template-backend-haproxy-rsyslogd-conf] [template-backend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
......
...@@ -75,7 +75,8 @@ reservation = ${:srv}/reservation ...@@ -75,7 +75,8 @@ reservation = ${:srv}/reservation
# csr_id publication # csr_id publication
csr_id = ${:srv}/csr_id csr_id = ${:srv}/csr_id
caddy-csr_id = ${:etc}/caddy-csr_id certificate-csr_id = ${:var}/certificate-csr_id
expose-csr_id-var = ${:var}/expose-csr_id
[kedifa-csr] [kedifa-csr]
recipe = plone.recipe.command recipe = plone.recipe.command
...@@ -131,8 +132,8 @@ command = ...@@ -131,8 +132,8 @@ command =
[certificate-csr_id] [certificate-csr_id]
recipe = plone.recipe.command recipe = plone.recipe.command
certificate = ${directory:caddy-csr_id}/certificate.pem certificate = ${directory:certificate-csr_id}/certificate.pem
key = ${directory:caddy-csr_id}/key.pem key = ${directory:certificate-csr_id}/key.pem
stop-on-error = True stop-on-error = True
update-command = ${:command} update-command = ${:command}
...@@ -152,14 +153,40 @@ error-log = ${directory:log}/expose-csr_id.log ...@@ -152,14 +153,40 @@ error-log = ${directory:log}/expose-csr_id.log
[expose-csr_id-template] [expose-csr_id-template]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
var = ${directory:expose-csr_id-var}
pid = ${directory:var}/nginx-expose-csr_id.pid
rendered = ${directory:etc}/nginx-expose-csr_id.conf
template = inline: template = inline:
https://:${expose-csr_id-configuration:port}/ { daemon off;
bind ${expose-csr_id-configuration:ip} pid ${:pid};
tls ${expose-csr_id-configuration:certificate} ${expose-csr_id-configuration:key} error_log ${expose-csr_id-configuration:error-log};
log ${expose-csr_id-configuration:error-log} events {
}
http {
include {{ software_parameter_dict['nginx_mime'] }};
server {
server_name_in_redirect off;
port_in_redirect off;
error_log ${expose-csr_id-configuration:error-log};
access_log /dev/null;
listen [${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port} ssl;
ssl_certificate ${expose-csr_id-configuration:certificate};
ssl_certificate_key ${expose-csr_id-configuration:key};
default_type application/octet-stream;
client_body_temp_path ${:var} 1 2;
proxy_temp_path ${:var} 1 2;
fastcgi_temp_path ${:var} 1 2;
uwsgi_temp_path ${:var} 1 2;
scgi_temp_path ${:var} 1 2;
location / {
alias ${directory:csr_id}/;
autoindex off;
sendfile on;
sendfile_max_chunk 1m;
}
}
} }
rendered = ${directory:caddy-csr_id}/Caddyfile
[promise-expose-csr_id-ip-port] [promise-expose-csr_id-ip-port]
<= monitor-promise-base <= monitor-promise-base
...@@ -171,13 +198,8 @@ config-port = ${expose-csr_id-configuration:port} ...@@ -171,13 +198,8 @@ config-port = ${expose-csr_id-configuration:port}
[expose-csr_id] [expose-csr_id]
depends = ${store-csr_id:command} depends = ${store-csr_id:command}
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ software_parameter_dict['caddy'] }} command-line = {{ software_parameter_dict['nginx'] }}
-conf ${expose-csr_id-template:rendered} -c ${expose-csr_id-template:rendered}
-log ${expose-csr_id-configuration:error-log}
-http2=true
-disable-http-challenge
-disable-tls-alpn-challenge
-root ${directory:csr_id}
wrapper-path = ${directory:service}/expose-csr_id wrapper-path = ${directory:service}/expose-csr_id
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment