Commit 9db2141d authored by eteri's avatar eteri Committed by Rafael Monnerat

Caddy with HTTPS

Support for HTTPS added. 

@rafael @kirr @gabriel 

/reviewed-on nexedi/slapos!249
parent 1c9e6856
[$${caddy-configuration:ipv6}]:$${caddy-configuration:port} {%- if parameter_dict['domain'] -%}
log $${caddy-configuration:access_log} {{ parameter_dict['domain'] }} {
root $${directory:public_html} {% if parameter_dict['cert-content'] and parameter_dict['key-content'] -%}
\ No newline at end of file
tls {{ custom_cert_dict['cert-file'] }} {{ custom_cert_dict['key-file'] }} {
ca {{ca_custom_frontend_dict['rendered']}}
}
{%- endif %}
log {{caddy_configuration_dict['access_log']}}
root {{ directory_dict['public_html'] }}
basicauth / admin {{htpasswd_dict}}
}
{%- endif %}
[{{caddy_configuration_dict['ipv6']}}]:{{parameter_dict['port']}} {
tls {{ custom_cert_dict['cert-file'] }} {{ custom_cert_dict['key-file'] }} {
ca {{ certificate_authority_dict['ca-cert-file'] }}
}
log {{caddy_configuration_dict['access_log']}}
root {{ directory_dict['public_html'] }}
basicauth / admin {{htpasswd_dict}}
}
\ No newline at end of file
...@@ -18,28 +18,29 @@ install = ...@@ -18,28 +18,29 @@ install =
[instance-profile] [instance-profile]
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in url = ${:_profile_base_location_}/instance.cfg.in
md5sum = ae83c35995ce14432ded78ca30cab61b md5sum = 403f86b667f7a5d397993735bcd162ab
output =${buildout:directory}/instance.cfg output =${buildout:directory}/instance.cfg
filename = instance.cfg filename = instance.cfg
mode = 0644 mode = 0644
[template-caddyfile] [template-caddyfile]
recipe = slapos.recipe.template recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/Caddyfile.in url = ${:_profile_base_location_}/Caddyfile.in
md5sum = 616f9c7cb788e1f1d7cee2093a7dc6ef md5sum = 2580eeb504d93627d1990f42663f80c7
output = ${buildout:directory}/Caddyfile.in filename = Caddyfile.in
location = ${buildout:parts-directory}/${:_buildout_section_name_}
mode = 0644 mode = 0644
[template-caddy] [template-caddy]
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-caddy.cfg.in url = ${:_profile_base_location_}/instance-caddy.cfg.in
md5sum = 045022e5698badca5dbdd6b95518f8e1 md5sum = f87880908a33c03ba68f233cda6c6265
output = ${buildout:directory}/instance-caddy.cfg.in output = ${buildout:directory}/instance-caddy.cfg.in
mode = 0644 mode = 0644
[template-public-html] [template-public-html]
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/index.html url = ${:_profile_base_location_}/templates/index.html
md5sum = b5794ac8b10ed90173ad566e6e324b35 md5sum = b5794ac8b10ed90173ad566e6e324b35
output = ${buildout:directory}/index.html output = ${buildout:directory}/index.html
mode = 0644 mode = 0644
......
...@@ -2,10 +2,12 @@ ...@@ -2,10 +2,12 @@
parts = parts =
caddy-service caddy-service
caddy-configuration caddy-configuration
certificate-authority
custom-cert
htpasswd
public-html public-html
publish-connection-information publish-connection-information
eggs-directory = ${buildout:eggs-directory} eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory} develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true offline = true
...@@ -20,29 +22,82 @@ service = $${:etc}/service ...@@ -20,29 +22,82 @@ service = $${:etc}/service
public_html = $${buildout:directory}/public_html public_html = $${buildout:directory}/public_html
run = $${:var}/run run = $${:var}/run
log = $${:var}/log log = $${:var}/log
ca-dir = $${:srv}/ssl
#www = $${:srv}/www
#ssl = $${:etc}/ssl
################################# #################################
# caddy service # caddy service
################################# #################################
[caddy-service] [caddy-service]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = ${caddy:output} -conf $${caddy-configuration:output} command-line = ${caddy:output} -conf $${caddy-configuration:rendered}
wrapper-path = $${directory:service}/caddy wrapper-path = $${directory:service}/caddy
output = $${:wrapper-path} output = $${:wrapper-path}
[caddy-configuration] [caddy-configuration]
recipe = slapos.recipe.template recipe = slapos.recipe.template:jinja2
url = ${template-caddyfile:output} template = ${template-caddyfile:location}/${template-caddyfile:filename}
output = $${directory:etc}/Caddyfile rendered = $${directory:etc}/Caddyfile
mode = 0600 mode = 0600
access_log = $${directory:log}/caddy-access.log access_log = $${directory:log}/caddy-access.log
error_log = $${directory:log}/caddy-error.log error_log = $${directory:log}/caddy-error.log
ipv6 = $${slap-network-information:global-ipv6} ipv6 = $${slap-network-information:global-ipv6}
local_ip = $${slap-network-information:local-ipv4} local_ip = $${slap-network-information:local-ipv4}
port = 9443 context =
section parameter_dict slap-parameter
section directory_dict directory
section caddy_configuration_dict caddy-configuration
section certificate_authority_dict certificate-authority
key htpasswd_dict htpasswd:passwd
section custom_cert_dict custom-cert
section ca_custom_frontend_dict ca-custom-frontend
[ca-directory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${ca-directory:requests}
wrapper = $${directory:service}/certificate_authority
ca-private = $${ca-directory:private}
ca-certs = $${ca-directory:certs}
ca-newcerts = $${ca-directory:newcerts}
ca-crl = $${ca-directory:crl}
ca-cert-file = $${:ca-dir}/cacert.pem
ca-key-file = $${:ca-private}/cakey.pem
[custom-cert]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${directory:service}/caddy
wrapper = $${directory:service}/caddy
key-file = $${ca-directory:private}/custom.key
cert-file = $${ca-directory:certs}/custom.crt
key-content = $${slap-parameter:key-content}
cert-content = $${slap-parameter:cert-content}
[ca-custom-frontend]
recipe = slapos.recipe.template:jinja2
template = $${template-empty:target}
rendered = $${ca-directory:certs}/caddy_frontend.ca.crt
context =
key content slap-parameter:caddy-ca-certificate
[template-empty]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/$${:filename}
filename = empty.in
[htpasswd]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.pwd
bytes = 8
[public-html] [public-html]
recipe = slapos.recipe.template recipe = slapos.recipe.template
...@@ -52,4 +107,13 @@ mode = 0600 ...@@ -52,4 +107,13 @@ mode = 0600
[publish-connection-information] [publish-connection-information]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
url = http://[$${caddy-configuration:ipv6}]:$${caddy-configuration:port} init-password = $${htpasswd:passwd}
\ No newline at end of file init-user = admin
url = https://[$${caddy-configuration:ipv6}]:$${slap-parameter:port}
[slap-parameter]
domain =
key-content =
cert-content =
caddy-ca-certificate =
port = 9443
\ No newline at end of file
...@@ -28,7 +28,7 @@ rendered = $${buildout:parts-directory}/${:_buildout_section_name_}/${:filename} ...@@ -28,7 +28,7 @@ rendered = $${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
filename = instance-caddy.cfg filename = instance-caddy.cfg
[slap-connection] [slap-connection]
computer-id = {slap_connection:computer_id} computer-id = $${slap_connection:computer_id}
partition-id = $${slap_connection:partition_id} partition-id = $${slap_connection:partition_id}
server-url = $${slap_connection:server_url} server-url = $${slap_connection:server_url}
software-release-url = $${slap_connection:software_release_url} software-release-url = $${slap_connection:software_release_url}
......
{{ content }}
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment