Commit 9db2141d authored by eteri's avatar eteri Committed by Rafael Monnerat

Caddy with HTTPS

Support for HTTPS added. 

@rafael @kirr @gabriel 

/reviewed-on nexedi/slapos!249
parent 1c9e6856
[$${caddy-configuration:ipv6}]:$${caddy-configuration:port}
{%- if parameter_dict['domain'] -%}
log $${caddy-configuration:access_log}
{{ parameter_dict['domain'] }} {
root $${directory:public_html}
\ No newline at end of file
{% if parameter_dict['cert-content'] and parameter_dict['key-content'] -%}
tls {{ custom_cert_dict['cert-file'] }} {{ custom_cert_dict['key-file'] }} {
ca {{ca_custom_frontend_dict['rendered']}}
}
{%- endif %}
log {{caddy_configuration_dict['access_log']}}
root {{ directory_dict['public_html'] }}
basicauth / admin {{htpasswd_dict}}
}
{%- endif %}
[{{caddy_configuration_dict['ipv6']}}]:{{parameter_dict['port']}} {
tls {{ custom_cert_dict['cert-file'] }} {{ custom_cert_dict['key-file'] }} {
ca {{ certificate_authority_dict['ca-cert-file'] }}
}
log {{caddy_configuration_dict['access_log']}}
root {{ directory_dict['public_html'] }}
basicauth / admin {{htpasswd_dict}}
}
\ No newline at end of file
......@@ -14,32 +14,33 @@ parts =
[gowork]
install =
github.com/mholt/caddy
[instance-profile]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
md5sum = ae83c35995ce14432ded78ca30cab61b
md5sum = 403f86b667f7a5d397993735bcd162ab
output =${buildout:directory}/instance.cfg
filename = instance.cfg
mode = 0644
[template-caddyfile]
recipe = slapos.recipe.template
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/Caddyfile.in
md5sum = 616f9c7cb788e1f1d7cee2093a7dc6ef
output = ${buildout:directory}/Caddyfile.in
md5sum = 2580eeb504d93627d1990f42663f80c7
filename = Caddyfile.in
location = ${buildout:parts-directory}/${:_buildout_section_name_}
mode = 0644
[template-caddy]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-caddy.cfg.in
md5sum = 045022e5698badca5dbdd6b95518f8e1
md5sum = f87880908a33c03ba68f233cda6c6265
output = ${buildout:directory}/instance-caddy.cfg.in
mode = 0644
[template-public-html]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/index.html
url = ${:_profile_base_location_}/templates/index.html
md5sum = b5794ac8b10ed90173ad566e6e324b35
output = ${buildout:directory}/index.html
mode = 0644
......
......@@ -2,10 +2,12 @@
parts =
caddy-service
caddy-configuration
certificate-authority
custom-cert
htpasswd
public-html
publish-connection-information
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
......@@ -20,29 +22,82 @@ service = $${:etc}/service
public_html = $${buildout:directory}/public_html
run = $${:var}/run
log = $${:var}/log
#www = $${:srv}/www
#ssl = $${:etc}/ssl
ca-dir = $${:srv}/ssl
#################################
# caddy service
#################################
[caddy-service]
recipe = slapos.cookbook:wrapper
command-line = ${caddy:output} -conf $${caddy-configuration:output}
recipe = slapos.cookbook:wrapper
command-line = ${caddy:output} -conf $${caddy-configuration:rendered}
wrapper-path = $${directory:service}/caddy
output = $${:wrapper-path}
[caddy-configuration]
recipe = slapos.recipe.template
url = ${template-caddyfile:output}
output = $${directory:etc}/Caddyfile
recipe = slapos.recipe.template:jinja2
template = ${template-caddyfile:location}/${template-caddyfile:filename}
rendered = $${directory:etc}/Caddyfile
mode = 0600
access_log = $${directory:log}/caddy-access.log
error_log = $${directory:log}/caddy-error.log
ipv6 = $${slap-network-information:global-ipv6}
local_ip = $${slap-network-information:local-ipv4}
port = 9443
context =
section parameter_dict slap-parameter
section directory_dict directory
section caddy_configuration_dict caddy-configuration
section certificate_authority_dict certificate-authority
key htpasswd_dict htpasswd:passwd
section custom_cert_dict custom-cert
section ca_custom_frontend_dict ca-custom-frontend
[ca-directory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${ca-directory:requests}
wrapper = $${directory:service}/certificate_authority
ca-private = $${ca-directory:private}
ca-certs = $${ca-directory:certs}
ca-newcerts = $${ca-directory:newcerts}
ca-crl = $${ca-directory:crl}
ca-cert-file = $${:ca-dir}/cacert.pem
ca-key-file = $${:ca-private}/cakey.pem
[custom-cert]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${directory:service}/caddy
wrapper = $${directory:service}/caddy
key-file = $${ca-directory:private}/custom.key
cert-file = $${ca-directory:certs}/custom.crt
key-content = $${slap-parameter:key-content}
cert-content = $${slap-parameter:cert-content}
[ca-custom-frontend]
recipe = slapos.recipe.template:jinja2
template = $${template-empty:target}
rendered = $${ca-directory:certs}/caddy_frontend.ca.crt
context =
key content slap-parameter:caddy-ca-certificate
[template-empty]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/$${:filename}
filename = empty.in
[htpasswd]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.pwd
bytes = 8
[public-html]
recipe = slapos.recipe.template
......@@ -52,4 +107,13 @@ mode = 0600
[publish-connection-information]
recipe = slapos.cookbook:publish
url = http://[$${caddy-configuration:ipv6}]:$${caddy-configuration:port}
\ No newline at end of file
init-password = $${htpasswd:passwd}
init-user = admin
url = https://[$${caddy-configuration:ipv6}]:$${slap-parameter:port}
[slap-parameter]
domain =
key-content =
cert-content =
caddy-ca-certificate =
port = 9443
\ No newline at end of file
......@@ -6,7 +6,7 @@
[buildout]
parts =
switch-softwaretype
# publish-connection-parameter
# Define egg directories to be the one from Software Release
......@@ -28,7 +28,7 @@ rendered = $${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
filename = instance-caddy.cfg
[slap-connection]
computer-id = {slap_connection:computer_id}
computer-id = $${slap_connection:computer_id}
partition-id = $${slap_connection:partition_id}
server-url = $${slap_connection:server_url}
software-release-url = $${slap_connection:software_release_url}
......@@ -48,4 +48,4 @@ computer = $${slap_connection:computer_id}
partition = $${slap_connection:partition_id}
url = $${slap_connection:server_url}
key = $${slap_connection:key_file}
cert = $${slap_connection:cert_file}
cert = $${slap_connection:cert_file}
\ No newline at end of file
{{ content }}
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment