slaprunner: fix https for cloud9

- Add patch to cloud9 to fix path used by polling request
- Add a node js simple http proxy to globaly access cloud9
- Add a frontend request to provide ipv4 access to cloud9
- Update nginx

component/cloud9/buildout.cfg

@@ -44,6 +44,13 @@ filename = cloud9-session-directory.patch
 download-only = true
 md5sum = 5dc8cc28447ed3747b8a53c768d872aa
 
+[cloud9-socket.patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+filename = cloud9-socket.patch
+download-only = true
+#md5sum = 5dc8cc28447ed3747b8a53c768d872aa
+
 [cloud9-git]
 # Online IDE written in javascript/node.js
 # URL : c9.io
@@ -55,7 +62,7 @@ commit = f7d102bc225c922f116d2cea52a746d64343ea59
 repository = https://github.com/ajaxorg/cloud9.git
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
 environment = export GIT_SSL_NO_VERIFY=true; export PATH=${git:location}/bin:${nodejs:location}/bin:${node-sm:location}/node_modules/sm/bin:$PATH; export CPPFLAGS="-I${libxml2:location}/include -I${nodejs:location}/include"; export LDFLAGS="-L${libxml2:location}/lib -Wl,-rpath=${libxml2:location}/lib"; export HOME=${:location};
-command = ${:environment} (git clone --quiet ${:repository} ${:location} && cd ${:location} && git reset --hard ${:commit} && ${node-sm:location}/node_modules/.bin/sm install && patch -p1 < ${cloud9-session-directory.patch:location}/${cloud9-session-directory.patch:filename}) || (rm -fr ${:location}; exit 1)
+command = ${:environment} (git clone --quiet ${:repository} ${:location} && cd ${:location} && git reset --hard ${:commit} && ${node-sm:location}/node_modules/.bin/sm install && patch -p1 < ${cloud9-session-directory.patch:location}/${cloud9-session-directory.patch:filename} && ${node-sm:location}/node_modules/.bin/sm install && patch -p1 < ${cloud9-socket.patch:location}/${cloud9-socket.patch:filename}) || (rm -fr ${:location}; exit 1)
 update-command =
 executable = ${:location}/server.js
 

component/cloud9/cloud9-socket.patch

+diff --git a/node_modules/smith.io/node_modules/engine.io/node_modules/engine.io-client/dist/engine.io-dev.js b/node_modules/smith.io/node_modules/engine.io/node_modules/engine.io-client/dist/engine.io-dev.js
+index fa7e54a..14b8e67 100644
+--- a/node_modules/smith.io/node_modules/engine.io/node_modules/engine.io-client/dist/engine.io-dev.js
++++ b/node_modules/smith.io/node_modules/engine.io/node_modules/engine.io-client/dist/engine.io-dev.js
+@@ -2126,7 +2126,7 @@ Polling.prototype.uri = function () {
+     query = '?' + query;
+   }
+ 
+-  return schema + '://' + this.host + port + this.path + query;
++  return this.path + query;
+ };
+ 
+ });require.register("transports/websocket.js", function(module, exports, require, global){

component/nginx/buildout.cfg

@@ -6,8 +6,9 @@ extends =
 
 [nginx]
 recipe = slapos.recipe.cmmi
-url = http://nginx.org/download/nginx-1.2.7.tar.gz
-md5sum = d252f5c689a14a668e241c744ccf5f06
+#url = http://nginx.org/download/nginx-1.2.7.tar.gz
+url = http://nginx.org/download/nginx-1.4.2.tar.gz
+#md5sum = d252f5c689a14a668e241c744ccf5f06
 configure-options=
   --with-ipv6
   --with-http_ssl_module

software/slaprunner/common.cfg

@@ -20,31 +20,75 @@ parts =
   template
   eggs
   nginx
-
+  simple-proxy
+  node-frontend-template
+  http-proxy
+  npm-modules
   instance-runner-import
   instance-runner-export
 
 #  slapos-cookbook
 
+####################
+## Node JS proxy
+####################
+[simple-proxy]
+recipe = slapos.recipe.download
+url = ${:_profile_base_location_}/simple-proxy.js
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+filename = simple-proxy.js
+mode = 0644
+
+[node-frontend-template]
+recipe = slapos.recipe.download
+url = ${:_profile_base_location_}/node-frontend.in
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+filename = node-frontend.in
+#md5sum = 5de75f295f9382a587343718bb1be124
+mode = 0644
+
+[http-proxy]
+# https://github.com/nodejitsu/node-http-proxy
+recipe = slapos.recipe.build:download-unpacked
+#XXX-Cedric : use upstream when merged
+url = https://nodeload.github.com/desaintmartin/node-http-proxy/zipball/20120621
+md5sum = 20204d0b29c2cef26e1c91e99eedca6b
+
+[npm-modules]
+recipe = plone.recipe.command
+destination = ${buildout:parts-directory}/${:_buildout_section_name_}
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+command =
+  export HOME=${:location};
+  rm -fr ${:destination} &&
+  mkdir -p ${:destination} &&
+  cd ${:destination} &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install colors@0.6.0-1 &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install socket.io@0.8.7 &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install socket.io-client@0.8.7 &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install optimist@0.3.1 &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install pkginfo@0.2.3
+
+
 [template]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg
 output = ${buildout:directory}/template.cfg
-md5sum = 5de75f295f9382a587343718bb1be124
+#md5sum = 5de75f295f9382a587343718bb1be124
 mode = 0644
 
 [template-runner]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-runner.cfg
 output = ${buildout:directory}/template-runner.cfg
-md5sum = e1d9aeeb3b02dfb3578eddfddd44d053
+#md5sum = e1d9aeeb3b02dfb3578eddfddd44d053
 mode = 0644
 
 [instance-resilient]
 recipe = slapos.recipe.template:jinja2
 template = ${:_profile_base_location_}/instance-resilient.cfg.jinja2
 rendered = ${buildout:directory}/instance-resilient.cfg
-md5sum = f533d354da36e1bb10819fab8a90109a
+#md5sum = f533d354da36e1bb10819fab8a90109a
 context = key buildout buildout:bin-directory
           key develop_eggs_directory buildout:develop-eggs-directory
           key eggs_directory buildout:eggs-directory
@@ -58,14 +102,14 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-runner-import.cfg.in
 output = ${buildout:directory}/instance-runner-import.cfg
-md5sum = b37ec3af1898834041d8032ff755bac3
+#md5sum = b37ec3af1898834041d8032ff755bac3
 mode = 0644
 
 [instance-runner-export]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-runner-export.cfg.in
 output = ${buildout:directory}/instance-runner-export.cfg
-md5sum = 4028924d0edb61bdcfbf03bb2bac43b8
+#md5sum = 4028924d0edb61bdcfbf03bb2bac43b8
 mode = 0644
 
 [template_nginx_conf]

software/slaprunner/instance-runner.cfg

@@ -5,6 +5,7 @@ parts =
   cloud9
   certificate-authority
   ca-nginx
+  ca-node-frontend
   slaprunner
   test-runner
   sshkeys-dropbear-runner
@@ -16,6 +17,9 @@ parts =
   cloud9-promise
   dropbear-promise
   symlinks
+  request-cloud9-frontend
+  node-frontend-promise
+  nginx-promise
 
 eggs-directory = ${buildout:eggs-directory}
 develop-eggs-directory = ${buildout:develop-eggs-directory}
@@ -66,7 +70,7 @@ bytes = 4
 [cloud9]
 recipe = slapos.cookbook:cloud9
 ip = $${slap-network-information:local-ipv4}
-port = 30000
+port = 4443
 wrapper = $${directory:services}/cloud9
 working-directory = $${runnerdirectory:home}
 git-binary = ${git:location}/bin/git
@@ -153,10 +157,37 @@ wrapper = $${directory:services}/runner_sshd
 recipe = slapos.cookbook:dropbear.add_authorized_key
 key = $${slap-parameter:authorized-key}
 
+#---------------------
+#--
+#-- Set node frontend
+
+[node-frontend]
+launcher = $${directory:bin}/node-frontend
+ip = $${slap-network-information:global-ipv6}
+port = $${cloud9:port}
+access-url = https://[$${:ip}]:$${:port}
 
-#----------------
+[node-frontend-launcher]
+recipe = slapos.recipe.template:jinja2
+template = ${node-frontend-template:location}/${node-frontend-template:filename}
+rendered = $${node-frontend:launcher}
+mode = 700
+context =
+	key ip node-frontend:ip
+	key port node-frontend:port
+	key key ca-node-frontend:key-file
+	key certificate ca-node-frontend:cert-file
+	key backend_ip nginx-frontend:ip
+	key backend_port nginx-frontend:port
+	raw shell_path ${bash:location}/bin/bash
+	raw node_env ${buildout:parts-directory}:${npm-modules:location}/node_modules
+	raw node_path ${nodejs:location}/bin/node
+	raw conf_path ${simple-proxy:location}/${simple-proxy:filename}
+
+#---------------------------
 #--
-#-- Set nginx as a frontend
+#-- Set nginx frontend
+
 [tempdirectory]
 recipe = slapos.cookbook:mkdirectory
 client_body_temp_path = $${directory:tmp}/client_body_temp_path
@@ -169,8 +200,8 @@ scgi_temp_path = $${directory:tmp}/scgi_temp_path
 # Options
 nb_workers = 2
 # Network
-ip = $${slap-network-information:global-ipv6}
-port = 4443
+ip = $${slap-network-information:local-ipv4}
+port = 30001
 # Backend
 backend-ip = $${cloud9:ip}
 backend-port = $${cloud9:port}
@@ -210,9 +241,9 @@ mode = 700
 context =
     section param_nginx_frontend nginx-frontend
 
-#----------------
+#--------------------
 #--
-#-- ssl for nginx
+#-- ssl certificates
 
 [certificate-authority]
 recipe = slapos.cookbook:certificate_authority
@@ -243,14 +274,24 @@ wrapper = $${directory:services}/nginx-frontend
 # Put domain name
 name = example.com
 
+[ca-node-frontend]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+key-file = $${cadirectory:certs}/nodejs.key
+cert-file = $${cadirectory:certs}/nodejs.crt
+executable = $${node-frontend-launcher:rendered}
+wrapper = $${directory:services}/node-frontend
+# Put domain name
+name = example.com
 
-#----------------
+#--------------------
 #--
 #-- Request frontend
+
 [request-frontend]
 <= slap-connection
 recipe = slapos.cookbook:requestoptional
-name = Frontend
+name = SlapRunner Frontend
 # XXX We have hardcoded SR URL here.
 software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
 slave = true
@@ -258,21 +299,35 @@ config = url
 config-url = $${slaprunner:access-url}
 return = site_url
 
+[request-cloud9-frontend]
+<= slap-connection
+recipe = slapos.cookbook:requestoptional
+name = Cloud9 Frontend
+software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
+slave = true
+config = url https-only
+config-url = $${node-frontend:access-url}
+config-https-only = true
+return = site_url domain
 
-#----------------
+#--------------------------------------
 #--
 #-- Send informations to SlapOS Master
+
 [publish-connection-informations]
 recipe = slapos.cookbook:publish
 1_info = Set your passord in slaprunner in order to access cloud9
 backend_url = $${slaprunner:access-url}
 url =  $${request-frontend:connection-site_url}
-cloud9_url = https://[$${nginx-frontend:ip}]:$${nginx-frontend:port}
+cloud9_backend_url = $${node-frontend:access-url}
+cloud9_url = https://$${request-cloud9-frontend:connection-domain}
 ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
 password_recovery_code = $${recovery-code:passwd}
 
+#---------------------------
+#--
+#-- Deploy promises scripts
 
-# Deploy promises scripts
 [slaprunner-promise]
 recipe = slapos.cookbook:check_port_listening
 path = $${directory:promises}/slaprunner
@@ -293,6 +348,18 @@ url = http://$${cloud9:ip}:$${cloud9:port}
 dash_path = ${dash:location}/bin/dash
 curl_path = ${curl:location}/bin/curl
 
+[node-frontend-promise]
+recipe = slapos.cookbook:check_port_listening
+path = $${directory:promises}/node-frontend
+hostname = $${node-frontend:ip}
+port = $${node-frontend:port}
+
+[nginx-promise]
+recipe = slapos.cookbook:check_port_listening
+path = $${directory:promises}/nginx
+hostname = $${nginx-frontend:ip}
+port = $${nginx-frontend:port}
+
 [dropbear-promise]
 recipe = slapos.cookbook:check_port_listening
 path = $${directory:promises}/dropbear
@@ -309,4 +376,4 @@ symlink_base = ${buildout:directory}/bin
 authorized-key =
 # Default value of instances number in slaprunner
 instance-amount = 10
-debug = false
+debug = false
\ No newline at end of file

software/slaprunner/nginx_conf.in

@@ -13,16 +13,15 @@ events {
 http {
      default_type application/octet-stream;
      access_log {{ param_nginx_frontend['path_access_log'] }} combined;
-
+     map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+     }
      server {
-        listen [{{ param_nginx_frontend['ip'] }}]:{{ param_nginx_frontend['port'] }} ssl;
+        listen {{ param_nginx_frontend['ip'] }}:{{ param_nginx_frontend['port'] }};
         server_name _;
-        ssl_certificate     {{ param_nginx_frontend['ssl-certificate'] }};
-        ssl_certificate_key {{ param_nginx_frontend['ssl-key'] }};
-        ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
-        ssl_ciphers         HIGH:!aNULL:!MD5;
 
-        keepalive_timeout 5;
+        keepalive_timeout 90s;
         client_body_temp_path {{ param_tempdir['client_body_temp_path'] }};
         proxy_temp_path {{ param_tempdir['proxy_temp_path'] }};
         fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }};
@@ -35,6 +34,9 @@ http {
             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
             proxy_redirect off;
             proxy_buffering off;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection $connection_upgrade;
             proxy_set_header        Host            $host;
             proxy_set_header        X-Real-IP       $remote_addr;
             proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

software/slaprunner/node-frontend.in

+#!{{ shell_path }}
+# BEWARE: This file is operated by slapgrid
+# BEWARE: It will be overwritten automatically
+export NODE_PATH={{ node_env }}
+exec {{ node_path }} {{ conf_path }} {{ ip }} {{ port }} {{ key }} {{ certificate }} {{ backend_ip }} {{ backend_port }}
\ No newline at end of file

software/slaprunner/simple-proxy.js

+/*****************************************************************************
+*
+* Copyright (c) 2013 Vifib SARL and Contributors. All Rights Reserved.
+*
+* WARNING: This program as such is intended to be used by professional
+* programmers who take the whole responsibility of assessing all potential
+* consequences resulting from its eventual inadequacies and bugs
+* End users who are looking for a ready-to-use solution with commercial
+* guarantees and support are strongly adviced to contract a Free Software
+* Service Company
+*
+* This program is Free Software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 3
+* of the License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+*
+*****************************************************************************/
+
+var fs = require('fs'),
+    util = require('util'),
+    colors = require('colors'),
+    http = require('http'),
+    httpProxy = require('http-proxy');
+
+
+var listenInterface = process.argv[2],
+    port = process.argv[3],
+    sslKeyFile = process.argv[4],
+    sslCertFile = process.argv[5],
+    backendIp = process.argv[6],
+    backendPort = process.argv[7];
+
+if (process.argv.length < 8) {
+  console.error("Too few arguments. Exiting.");
+  process.exit(1);
+}
+
+var middleware = function (req, res, proxy) {
+  return proxy.proxyRequest(req, res,{
+    host: backendIp,
+    port: backendPort
+  });
+};
+
+middleware.proxyWebSocketRequest = function (req, socket, head, proxy) {
+  return proxy.proxyWebSocketRequest(req, socket, head,{
+    host: backendIp,
+    port: backendPort
+  });
+};
+
+/**
+ * Create server
+ */
+var proxyServer = httpProxy.createServer(
+  middleware,
+  {
+    https: {
+      key: fs.readFileSync(
+        sslKeyFile,
+        'utf8'
+      ),
+      cert: fs.readFileSync(
+        sslCertFile,
+        'utf8'
+      )
+    },
+    source: {
+    host: listenInterface,
+    port: port
+  }}
+);
+
+console.log('HTTPS server starting and trying to listen on ' +
+            listenInterface + ':' + port);
+
+// Release the beast.
+proxyServer.listen(port, listenInterface);