Commit 34945832 authored by Cédric Le Ninivin's avatar Cédric Le Ninivin

apache-frontend: Introduce new architecture for apache frontend

parent 6bc5832d
This diff is collapsed.
......@@ -87,8 +87,6 @@ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javasc
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent
# SSL Configuration
%(ssl_snippet)s
......@@ -146,9 +144,6 @@ Header append Vary User-Agent
ProxyTimeout 600
RewriteEngine On
# Remove "Secure" from cookies, as backend may be https
Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
# Include configuration file not operated by slapos. This file won't be erased
# or changed when slapgrid is ran. It can be freely customized by node admin.
# Include %(custom_apache_virtualhost_conf)s
......
# Apache configuration file for Zope
# Automatically generated
# Basic server configuration
PidFile "%(pid_cache_file)s"
ServerName %(server_name)s
DocumentRoot %(document_root)s
ServerRoot %(instance_home)s
%(listen_cache)s
ServerAdmin %(server_admin)s
DefaultType text/plain
TypesConfig %(httpd_home)s/conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER
ServerTokens Prod
# Log configuration
ErrorLog "%(error_cache_log)s"
LogLevel warn
# LogFormat "%%h %%{REMOTE_USER}i %%{Host}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
# LogFormat "%%h %%{REMOTE_USER}i %%{Host}i %%l %%u %%t \"%%r\" %%>s %%b" common
# CustomLog "%(access_log)s" common
LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_cache_log)s" combined
%(path_enable)s
# List of modules
#LoadModule unixd_module modules/mod_unixd.so
#LoadModule access_compat_module modules/mod_access_compat.so
#LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module %(httpd_home)s/modules/mod_authz_host.so
LoadModule log_config_module %(httpd_home)s/modules/mod_log_config.so
LoadModule deflate_module %(httpd_home)s/modules/mod_deflate.so
LoadModule setenvif_module %(httpd_home)s/modules/mod_setenvif.so
LoadModule version_module %(httpd_home)s/modules/mod_version.so
LoadModule proxy_module %(httpd_home)s/modules/mod_proxy.so
LoadModule proxy_http_module %(httpd_home)s/modules/mod_proxy_http.so
LoadModule ssl_module %(httpd_home)s/modules/mod_ssl.so
LoadModule mime_module %(httpd_home)s/modules/mod_mime.so
LoadModule dav_module %(httpd_home)s/modules/mod_dav.so
LoadModule dav_fs_module %(httpd_home)s/modules/mod_dav_fs.so
LoadModule negotiation_module %(httpd_home)s/modules/mod_negotiation.so
LoadModule rewrite_module %(httpd_home)s/modules/mod_rewrite.so
LoadModule headers_module %(httpd_home)s/modules/mod_headers.so
LoadModule cache_module %(httpd_home)s/modules/mod_cache.so
LoadModule mem_cache_module %(httpd_home)s/modules/mod_mem_cache.so
LoadModule antiloris_module %(httpd_home)s/modules/mod_antiloris.so
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
# Cache directives
CacheEnable mem /
CacheDefaultExpire 3600
MCacheSize 8192
MCacheMaxObjectCount 1000
MCacheMaxObjectSize 8192
MCacheRemovalAlgorithm LRU
# Deflate
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# SSL Configuration
%(ssl_snippet)s
# Only accept generic (i.e not Zope) backends on http
<VirtualHost *:%(cached_port)s>
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Include configuration file not operated by slapos. This file won't be erased
# or changed when slapgrid is ran. It can be freely customized by node admin.
# Include %(custom_apache_virtualhost_conf)s
RewriteMap apachemapcached txt:%(apachecachedmap_path)s
RewriteCond ${apachemapcached:%%{SERVER_NAME}} >""
RewriteRule ^/(.*)$ ${apachemapcached:%%{SERVER_NAME}}/$1 [L,P]
# If nothing exist : put a nice error
ErrorDocument 404 /notfound.html
</VirtualHost>
......@@ -37,7 +37,7 @@ cronstamps = $${:etc}/cronstamps
ca-dir = $${:srv}/ssl
squid-cache = $${:srv}/squid_cache
stunnel-conf = $${:etc}/stunnel
[instance-parameter]
# Fetches parameters defined in SlapOS Master for this instance.
......@@ -79,6 +79,9 @@ ca_crl = $${certificate-authority:ca-crl}
access-log = $${directory:log}/frontend-apache-access.log
error-log = $${directory:log}/frontend-apache-error.log
pid-file = $${directory:run}/httpd.pid
cache-access-log = $${directory:log}/frontend-apache-access-cached.log
cache-error-log = $${directory:log}/frontend-apache-error-cached.log
cache-pid-file = $${directory:run}/httpd-cached.pid
# Create wrapper for "apachectl conftest" in bin
......@@ -106,40 +109,15 @@ certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/
[ca-frontend]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/apache_frontend.key
cert-file = $${cadirectory:certs}/apache_frontend.crt
executable = $${directory:service}/apache_frontend
wrapper = $${directory:service}/apache_frontend
# Put domain name
name = $${instance-parameter:configuration.domain}
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
[stunnel]
recipe = slapos.cookbook:stunnel
stunnel-binary = ${stunnel:location}/bin/stunnel
wrapper = $${directory:bin}/stunnel
log-file = $${directory:log}/stunnel.log
config-file = $${directory:etc}/stunnel.conf
key-file = $${ca-stunnel:key-file}
cert-file = $${ca-stunnel:cert-file}
pid-file = $${directory:run}/stunnel.pid
local-port = $${squid-hardcoded:backend-port}
local-host = $${squid-hardcoded:backend-ip}
remote-host = $${squid-hardcoded:remote-host}
remote-port = $${squid-hardcoded:remote-port}
client = false
post-rotate-script = $${directory:bin}/stunnel_post_rotate
#[ca-frontend]
#<= certificate-authority
#recipe = slapos.cookbook:certificate_authority.request
#key-file = $${cadirectory:certs}/apache_frontend.key
#cert-file = $${cadirectory:certs}/apache_frontend.crt
#executable = $${directory:service}/apache_frontend
#wrapper = $${directory:service}/apache_frontend
## Put domain name
#name = $${instance-parameter:configuration.domain}
[cron]
recipe = slapos.cookbook:cron
......@@ -182,7 +160,7 @@ recipe = slapos.cookbook:logrotate.d
name = apache
log = $${apache:error-log} $${apache:access-log}
frequency = daily
rotate-num = 30
rotatep-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${apache:pid-file} SIGUSR1
sharedscripts = true
notifempty = true
......@@ -199,7 +177,7 @@ ip = $${squid-hardcoded:ip}
port = $${squid-hardcoded:port}
backend-ip = $${squid-hardcoded:backend-ip}
backend-port = $${squid-hardcoded:backend-port}
domain = $${squid-hardcoded:domain}
public-ipv4 = $${instance-parameter:configuration.public-ipv4}
access-log-path = $${directory:log}/squid-access.log
cache-log-path = $${directory:log}/squid-cache.log
pid-filename-path = $${directory:run}/squid.pid
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment