Commit c37f5c11 authored by Łukasz Nowak's avatar Łukasz Nowak

Public backend apache.

parent e83cf277
...@@ -187,6 +187,10 @@ class Recipe(slapos.recipe.erp5.Recipe): ...@@ -187,6 +187,10 @@ class Recipe(slapos.recipe.erp5.Recipe):
apache_web = self.installBackendApache(self.getGlobalIPv6Address(), 15001, apache_web = self.installBackendApache(self.getGlobalIPv6Address(), 15001,
web_haproxy, backend_key, backend_certificate, suffix='_web', web_haproxy, backend_key, backend_certificate, suffix='_web',
access_control_string=access_control_string) access_control_string=access_control_string)
apache_public_web = self.installPublicBackendApache(
self.getGlobalIPv6Address(), 15080,
web_haproxy, suffix='_public_web',
access_control_string=access_control_string)
# One Admin Node # One Admin Node
zope_port += 1 zope_port += 1
...@@ -212,6 +216,7 @@ class Recipe(slapos.recipe.erp5.Recipe): ...@@ -212,6 +216,7 @@ class Recipe(slapos.recipe.erp5.Recipe):
kumo_conf = self.installKumo(self.getLocalIPv4Address()) kumo_conf = self.installKumo(self.getLocalIPv4Address())
self.setConnectionDict(dict( self.setConnectionDict(dict(
site_web_url=apache_web, site_web_url=apache_web,
public_site_web_url=apache_public_web,
site_admin_url=apache_admin, site_admin_url=apache_admin,
site_user_url=apache_login, site_user_url=apache_login,
site_user=user, site_user=user,
...@@ -342,6 +347,54 @@ class Recipe(slapos.recipe.erp5.Recipe): ...@@ -342,6 +347,54 @@ class Recipe(slapos.recipe.erp5.Recipe):
self.logger.debug('Created link %r -> %r' % (link, target)) self.logger.debug('Created link %r -> %r' % (link, target))
self.path_list.append(repo_path) self.path_list.append(repo_path)
def installPublicBackendApache(self, ip, port, backend,
suffix='', access_control_string=None):
apache_conf = self._getApacheConfigurationDict(
'public_backend_apache'+suffix, ip, port)
apache_conf['server_name'] = '%s' % apache_conf['ip']
# no ssl needed
prefix = 'public_backend_apache'+suffix
rewrite_rule_template = \
"RewriteRule (.*) http://%(backend)s$1 [L,P]"
if access_control_string is None:
path_template = pkg_resources.resource_string('slapos.recipe.erp5',
'template/apache.zope.conf.path.in')
path = path_template % dict(path='/')
else:
path_template = pkg_resources.resource_string('slapos.recipe.erp5',
'template/apache.zope.conf.path-protected.in')
path = path_template % dict(path='/',
access_control_string=access_control_string)
d = dict(
path=path,
backend=backend,
backend_path='/',
port=apache_conf['port'],
vhname=path.replace('/', ''),
)
rewrite_rule = rewrite_rule_template % d
apache_conf.update(**dict(
path_enable=path,
rewrite_rule=rewrite_rule
))
apache_conf_string = pkg_resources.resource_string('slapos.recipe.bef_erp5',
'template/apache.public.zope.conf.in') % apache_conf
apache_config_file = self.createConfigurationFile(prefix + '.conf',
apache_conf_string)
self.path_list.append(apache_config_file)
self.path_list.extend(zc.buildout.easy_install.scripts([(
'public_backend_apache'+suffix,
'slapos.recipe.erp5' + '.apache', 'runApache')], self.ws,
sys.executable, self.wrapper_directory, arguments=[
dict(
required_path_list=[],
binary=self.options['httpd_binary'],
config=apache_config_file
)
]))
# Note: IPv6 is assumed always
return 'https://[%(ip)s]:%(port)s' % apache_conf
def _install(self): def _install(self):
self.path_list = [] self.path_list = []
self.requirements, self.ws = self.egg.working_set() self.requirements, self.ws = self.egg.working_set()
......
# Apache configuration file for Zope
# Automatically generated
# List of modules
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule antiloris_module modules/mod_antiloris.so
# Basic server configuration
PidFile "%(pid_file)s"
LockFile "%(lock_file)s"
Listen %(ip)s:%(port)s
ServerAdmin %(server_admin)s
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
ServerTokens Prod
ServerSignature Off
TraceEnable Off
# As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER
# Log configuration
ErrorLog "%(error_log)s"
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
CustomLog "%(access_log)s" common
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
# in order to follow default configuration
CacheDisable /
%(path_enable)s
# Magic of Zope related rewrite
RewriteEngine On
RewriteOptions inherit
%(rewrite_rule)s
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment