Commit 0ee8f7be authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: setup alpn also on special endpoints

parent 7d16ea31
Pipeline #22360 failed with stage
in 0 seconds
...@@ -22,7 +22,7 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,7 +22,7 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-caddy-frontend] [profile-caddy-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = 02ce5d44d49982fda598e3086cfbca99 md5sum = 1e912fb970401a4b7670b25ba8284a5b
[profile-caddy-replicate] [profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
...@@ -38,7 +38,7 @@ md5sum = be54431846fe7f3cee65260eefc83d62 ...@@ -38,7 +38,7 @@ md5sum = be54431846fe7f3cee65260eefc83d62
[profile-caddy-frontend-configuration] [profile-caddy-frontend-configuration]
_update_hash_filename_ = templates/Caddyfile.in _update_hash_filename_ = templates/Caddyfile.in
md5sum = fdf46b1dee6ea6b91b9aa9e322a0530d md5sum = cb627dfce9ab7bc23fd98818d55876b7
[template-not-found-html] [template-not-found-html]
_update_hash_filename_ = templates/notfound.html _update_hash_filename_ = templates/notfound.html
......
...@@ -413,6 +413,7 @@ extra-context = ...@@ -413,6 +413,7 @@ extra-context =
key not_found_file caddy-configuration:not-found-file key not_found_file caddy-configuration:not-found-file
key username monitor-instance-parameter:username key username monitor-instance-parameter:username
key password monitor-htpasswd:passwd key password monitor-htpasswd:passwd
key global_disable_http2 configuration:global-disable-http2
# BBB: SlapOS Master non-zero knowledge BEGIN # BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:output key apache_certificate apache-certificate:output
# BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
......
...@@ -3,7 +3,16 @@ ...@@ -3,7 +3,16 @@
import {{ slave_configuration_directory }}/*.conf import {{ slave_configuration_directory }}/*.conf
:{{ https_port }} { :{{ https_port }} {
tls {{ master_certificate }} {{ master_certificate }} tls {{ master_certificate }} {{ master_certificate }} {
{%- if global_disable_http2 %}
# Disallow HTTP2
alpn http/1.1
{%- else %}
# Allow http2
alpn h2 http/1.1
{%- endif %}
}
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
status 404 / status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" { log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
...@@ -29,7 +38,15 @@ import {{ slave_configuration_directory }}/*.conf ...@@ -29,7 +38,15 @@ import {{ slave_configuration_directory }}/*.conf
# Access to server-status Caddy-style # Access to server-status Caddy-style
https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status { https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {
tls {{ frontend_configuration['ip-access-certificate'] }} {{ frontend_configuration['ip-access-certificate'] }} tls {{ frontend_configuration['ip-access-certificate'] }} {{ frontend_configuration['ip-access-certificate'] }} {
{%- if global_disable_http2 %}
# Disallow HTTP2
alpn http/1.1
{%- else %}
# Allow http2
alpn h2 http/1.1
{%- endif %}
}
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
basicauth "{{ username }}" {{ password | trim }} { basicauth "{{ username }}" {{ password | trim }} {
"Server Status" "Server Status"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment