[buildout] parts = directory configtest logrotate cron cron-entry-logrotate ca-frontend certificate-authority logrotate-entry-caddy logrotate-entry-nginx caddy-frontend switch-caddy-softwaretype frontend-caddy-graceful frontend-nginx-graceful not-found-html promise-frontend-caddy-configuration promise-caddy-frontend-v4-https promise-caddy-frontend-v4-http promise-caddy-frontend-v6-https promise-caddy-frontend-v6-http promise-caddy-frontend-cached promise-caddy-frontend-ssl-cached promise-caddy-is-process-older-than-dependency-set promise-nginx-frontend-v4-https promise-nginx-frontend-v4-http promise-nginx-frontend-v6-https promise-nginx-frontend-v6-http promise-nginx-configuration promise-nginx-is-process-older-than-dependency-set trafficserver-launcher trafficserver-reload trafficserver-configuration-directory trafficserver-records-config trafficserver-remap-config trafficserver-plugin-config trafficserver-storage-config trafficserver-promise-listen-port trafficserver-promise-cache-availability ## Nginx nginx-frontend ## Monitor for Caddy monitor-base monitor-ats-cache-stats-wrapper monitor-traffic-summary-last-stats-wrapper monitor-caddy-server-status-wrapper monitor-verify-re6st-connectivity extends = ${monitor-template:output} eggs-directory = ${buildout:eggs-directory} develop-eggs-directory = ${buildout:develop-eggs-directory} offline = true # Create all needed directories [directory] recipe = slapos.cookbook:mkdirectory bin = $${buildout:directory}/bin/ etc = $${buildout:directory}/etc/ srv = $${buildout:directory}/srv/ var = $${buildout:directory}/var/ template = $${buildout:directory}/template/ backup = $${:srv}/backup log = $${:var}/log run = $${:var}/run service = $${:etc}/service etc-run = $${:etc}/run promise = $${:etc}/promise logrotate-backup = $${:backup}/logrotate logrotate-entries = $${:etc}/logrotate.d cron-entries = $${:etc}/cron.d crontabs = $${:etc}/crontabs cronstamps = $${:etc}/cronstamps ca-dir = $${:srv}/ssl varnginx = $${:var}/nginx [switch-caddy-softwaretype] recipe = slapos.cookbook:softwaretype single-default = $${dynamic-custom-personal-template-slave-list:rendered} single-custom-personal = $${dynamic-custom-personal-template-slave-list:rendered} [instance-parameter] # Fetches parameters defined in SlapOS Master for this instance. # Always the same. recipe = slapos.cookbook:slapconfiguration.serialised computer = $${slap-connection:computer-id} partition = $${slap-connection:partition-id} url = $${slap-connection:server-url} key = $${slap-connection:key-file} cert = $${slap-connection:cert-file} # Define default parameter(s) that will be used later, in case user didn't # specify it # All parameters are available through the configuration.XX syntax. # All possible parameters should have a default. configuration.domain = example.org configuration.public-ipv4 = configuration.port = 4443 configuration.plain_http_port = 8080 configuration.plain_nginx_port = 8081 configuration.nginx_port = 9443 configuration.server-admin = admin@example.com configuration.apache_custom_https = "" configuration.apache_custom_http = "" configuration.apache-key = configuration.apache-certificate = configuration.apache-ca-certificate = configuration.open-port = 80 443 configuration.extra_slave_instance_list = configuration.disk-cache-size = 8G configuration.ram-cache-size = 1G configuration.trafficserver-autoconf-port = 8083 configuration.trafficserver-mgmt-port = 8084 configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html configuration.enable-http2-by-default = true configuration.mpm-graceful-shutdown-timeout = 5 configuration.monitor-cors-domains = configuration.monitor-httpd-port = 8072 [frontend-configuration] template-log-access = ${template-log-access:target} log-access-configuration = $${directory:etc}/log-access.conf caddy-directory = ${caddy:location} caddy-ipv6 = $${instance-parameter:ipv6-random} caddy-https-port = $${instance-parameter:configuration.port} [jinja2-template-base] recipe = slapos.recipe.template:jinja2 rendered = $${buildout:directory}/$${:filename} extra-context = context = import json_module json key eggs_directory buildout:eggs-directory key develop_eggs_directory buildout:develop-eggs-directory key slap_software_type instance-parameter:slap-software-type key slapparameter_dict instance-parameter:configuration section directory directory $${:extra-context} [software-release-path] template-empty = ${template-empty:target} template-slave-configuration = ${template-slave-configuration:target} template-default-slave-virtualhost = ${template-default-slave-virtualhost:target} template-cached-slave-virtualhost = ${template-cached-slave-virtualhost:target} caddy-location = ${caddy:location} template-nginx-eventsource-slave-virtualhost = ${template-nginx-eventsource-slave-virtualhost:target} template-nginx-notebook-slave-virtualhost = ${template-nginx-notebook-slave-virtualhost:target} [dynamic-custom-personal-template-slave-list] < = jinja2-template-base template = ${template-slave-list:target} filename = custom-personal-instance-slave-list.cfg extensions = jinja2.ext.do extra-context = key caddy_configuration_directory caddy-directory:slave-configuration key nginx_configuration_directory caddy-directory:nginx-slave-configuration key caddy_cached_configuration_directory caddy-directory:slave-with-cache-configuration key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration key http_port instance-parameter:configuration.plain_http_port key https_port instance-parameter:configuration.port key nginx_http_port instance-parameter:configuration.plain_nginx_port key nginx_https_port instance-parameter:configuration.nginx_port key public_ipv4 instance-parameter:configuration.public-ipv4 key slave_instance_list instance-parameter:slave-instance-list key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list key custom_ssl_directory caddy-directory:vh-ssl key caddy_log_directory caddy-directory:slave-log key local_ipv4 instance-parameter:ipv4-random key local_ipv6 instance-parameter:ipv6-random key global_ipv6 slap-network-information:global-ipv6 key varnginx directory:varnginx key empty_template software-release-path:template-empty key template_custom_slave_configuration software-release-path:template-slave-configuration key template_default_slave_configuration software-release-path:template-default-slave-virtualhost key template_cached_slave_configuration software-release-path:template-cached-slave-virtualhost key template_eventsource_slave_configuration software-release-path:template-nginx-eventsource-slave-virtualhost key template_notebook_slave_configuration software-release-path:template-nginx-notebook-slave-virtualhost raw software_type single-custom-personal key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered section logrotate_dict logrotate section frontend_configuration frontend-configuration section caddy_configuration caddy-configuration section nginx_configuration nginx-configuration key monitor_base_url monitor-instance-parameter:monitor-base-url key promise_directory monitor-directory:promises key report_directory monitor-directory:reports raw bin_directory ${buildout:bin-directory} key login_certificate ca-frontend:cert-file key login_key ca-frontend:key-file key login_ca_crt ca-custom-frontend:rendered key enable_http2_by_default instance-parameter:configuration.enable-http2-by-default key access_log caddy-configuration:access-log key error_log caddy-configuration:error-log raw sixtunnel_executable ${6tunnel:location}/bin/6tunnel raw service_directory $${directory:service} key not_found_file caddy-configuration:not-found-file [dynamic-virtualhost-template-slave] <= jinja2-template-base template = ${template-slave-configuration:target} rendered = $${directory:template}/slave-virtualhost.conf.in extensions = jinja2.ext.do extra-context = key https_port instance-parameter:configuration.port key http_port instance-parameter:configuration.plain_http_port key apache_custom_https instance-parameter:configuration.apache_custom_https key apache_custom_http instance-parameter:configuration.apache_custom_http # Deploy Caddy Frontend with Jinja power [dynamic-caddy-frontend-template] < = jinja2-template-base template = ${template-caddy-frontend-configuration:target} rendered = $${caddy-configuration:frontend-configuration} extra-context = key httpd_home software-release-path:caddy-location key httpd_mod_ssl_cache_directory caddy-directory:mod-ssl key instance_home buildout:directory key server_admin instance-parameter:configuration.server-admin key login_certificate ca-frontend:cert-file key login_key ca-frontend:key-file key login_ca_crt ca-custom-frontend:rendered key ca_dir certificate-authority:ca-dir key ca_crl certificate-authority:ca-crl key access_log caddy-configuration:access-log key slave_configuration_directory caddy-directory:slave-configuration key cached_port caddy-configuration:cache-through-port key ssl_cached_port caddy-configuration:ssl-cache-through-port key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration section frontend_configuration frontend-configuration key http_port instance-parameter:configuration.plain_http_port key https_port instance-parameter:configuration.port key local_ipv4 instance-parameter:ipv4-random key global_ipv6 slap-network-information:global-ipv6 key error_log caddy-configuration:error-log key not_found_file caddy-configuration:not-found-file key username slap-parameter:monitor-username key password slap-parameter:monitor-password [caddy-wrapper] < = jinja2-template-base template = ${template-caddy-wrapper:output} rendered = $${directory:bin}/caddy-wrapper mode = 0700 extra-context = raw caddy ${caddy:output} key conf dynamic-caddy-frontend-template:rendered key log caddy-configuration:error-log key grace instance-parameter:configuration.mpm-graceful-shutdown-timeout [caddy-frontend] recipe = slapos.cookbook:wrapper command-line = $${caddy-wrapper:rendered} -pidfile $${caddy-configuration:pid-file} wrapper-path = $${directory:service}/frontend_caddy wait-for-files = $${ca-frontend:cert-file} $${ca-frontend:key-file} [not-found-html] recipe = slapos.cookbook:symbolic.link target-directory = $${caddy-directory:document-root} link-binary = ${template-not-found-html:target} [caddy-directory] recipe = slapos.cookbook:mkdirectory document-root = $${directory:srv}/htdocs slave-configuration = $${directory:etc}/caddy-slave-conf.d/ slave-with-cache-configuration = $${directory:etc}/caddy-slave-with-cache-conf.d/ cache = $${directory:var}/cache mod-ssl = $${:cache}/httpd_mod_ssl vh-ssl = $${:slave-configuration}/ssl slave-log = $${directory:log}/httpd nginx-slave-configuration = $${directory:etc}/nginx-slave-conf.d/ [caddy-configuration] frontend-configuration = $${directory:etc}/Caddyfile access-log = $${directory:log}/frontend-access.log error-log = $${directory:log}/frontend-error.log pid-file = $${directory:run}/httpd.pid frontend-configuration-verification = $${caddy-wrapper:rendered} -validate > /dev/null frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi not-found-file = $${caddy-directory:document-root}/notfound.html # Communication with ATS cache-port = $${trafficserver-variable:input-port} cache-through-port = 26011 ssl-cache-through-port = 26012 [configtest] recipe = slapos.cookbook:wrapper command-line = $${caddy-wrapper:rendered} -validate wrapper-path = $${directory:bin}/caddy-configtest [certificate-authority] recipe = slapos.cookbook:certificate_authority openssl-binary = ${openssl:location}/bin/openssl ca-dir = $${directory:ca-dir} requests-directory = $${cadirectory:requests} wrapper = $${directory:service}/certificate_authority ca-private = $${cadirectory:private} ca-certs = $${cadirectory:certs} ca-newcerts = $${cadirectory:newcerts} ca-crl = $${cadirectory:crl} [cadirectory] recipe = slapos.cookbook:mkdirectory requests = $${directory:ca-dir}/requests/ private = $${directory:ca-dir}/private/ certs = $${directory:ca-dir}/certs/ newcerts = $${directory:ca-dir}/newcerts/ crl = $${directory:ca-dir}/crl/ [ca-frontend] <= certificate-authority recipe = slapos.cookbook:certificate_authority.request key-file = $${cadirectory:certs}/frontend.key cert-file = $${cadirectory:certs}/frontend.crt executable = $${directory:service}/frontend_caddy wrapper = $${directory:service}/frontend_caddy key-content = $${instance-parameter:configuration.apache-key} cert-content = $${instance-parameter:configuration.apache-certificate} # Put domain name name = $${instance-parameter:configuration.domain} [ca-custom-frontend] < = jinja2-template-base template = ${template-empty:target} rendered = $${cadirectory:certs}/frontend.ca.crt extra-context = key content instance-parameter:configuration.apache-ca-certificate [cron] recipe = slapos.cookbook:cron dcrond-binary = ${dcron:location}/sbin/crond cron-entries = $${directory:cron-entries} crontabs = $${directory:crontabs} cronstamps = $${directory:cronstamps} catcher = $${cron-simplelogger:wrapper} binary = $${directory:service}/crond [cron-simplelogger] recipe = slapos.cookbook:simplelogger wrapper = $${directory:bin}/cron_simplelogger log = $${directory:log}/cron.log [cron-entry-logrotate] <= cron recipe = slapos.cookbook:cron.d name = logrotate frequency = 0 0 * * * command = $${logrotate:wrapper} # Deploy Logrotate [logrotate] recipe = slapos.cookbook:logrotate # Binaries logrotate-binary = ${logrotate:location}/sbin/logrotate gzip-binary = ${gzip:location}/bin/gzip gunzip-binary = ${gzip:location}/bin/gunzip # Directories wrapper = $${directory:bin}/logrotate conf = $${directory:etc}/logrotate.conf logrotate-entries = $${directory:logrotate-entries} backup = $${directory:logrotate-backup} state-file = $${directory:srv}/logrotate.status [logrotate-entry-caddy] <= logrotate recipe = slapos.cookbook:logrotate.d name = caddy log = $${caddy-configuration:error-log} $${caddy-configuration:access-log} frequency = daily rotatep-num = 30 post = $${frontend-caddy-lazy-graceful:rendered} & sharedscripts = true notifempty = true create = true [logrotate-entry-nginx] <= logrotate recipe = slapos.cookbook:logrotate.d name = caddy-nginx log = $${nginx-configuration:error_log} $${nginx-configuration:access_log} frequency = daily rotatep-num = 30 post = $${nginx-configuration:nginx-graceful-command} sharedscripts = true notifempty = true create = true ################# # Trafficserver ################# [trafficserver-directory] recipe = slapos.cookbook:mkdirectory configuration = $${directory:etc}/trafficserver local-state = $${directory:var}/trafficserver bin_path = ${trafficserver:location}/bin log = $${directory:log}/trafficserver cache-path = $${directory:srv}/ats_cache [trafficserver-variable] wrapper-path = $${directory:service}/trafficserver reload-path = $${directory:etc-run}/trafficserver-reload local-ip = $${instance-parameter:ipv4-random} input-port = 23432 hostname = $${instance-parameter:configuration.frontend-name} remap = map /HTTPS/ http://$${instance-parameter:ipv4-random}:$${caddy-configuration:ssl-cache-through-port} map / http://$${instance-parameter:ipv4-random}:$${caddy-configuration:cache-through-port} plugin-config = ${trafficserver:location}/libexec/trafficserver/rfc5861.so cache-path = $${trafficserver-directory:cache-path} disk-cache-size = $${instance-parameter:configuration.disk-cache-size} autoconf-port = $${instance-parameter:configuration.trafficserver-autoconf-port} mgmt-port = $${instance-parameter:configuration.trafficserver-mgmt-port} ram-cache-size = $${instance-parameter:configuration.ram-cache-size} [trafficserver-configuration-directory] recipe = plone.recipe.command command = cp -rn ${trafficserver:location}/etc/trafficserver/* $${:target} target = $${trafficserver-directory:configuration} [trafficserver-launcher] recipe = slapos.cookbook:wrapper command-line = ${trafficserver:location}/bin/traffic_cop wrapper-path = $${trafficserver-variable:wrapper-path} environment = TS_ROOT=$${buildout:directory} [trafficserver-reload] recipe = slapos.cookbook:wrapper command-line = ${trafficserver:location}/bin/traffic_line -x wrapper-path = $${trafficserver-variable:reload-path} environment = TS_ROOT=$${buildout:directory} # XXX Dedicated Jinja Section without slapparameter [trafficserver-jinja2-template-base] recipe = slapos.recipe.template:jinja2 rendered = $${trafficserver-directory:configuration}/$${:filename} extra-context = mode = 600 context = section ats_directory trafficserver-directory section ats_configuration trafficserver-variable $${:extra-context} [trafficserver-records-config] < = trafficserver-jinja2-template-base template = ${template-trafficserver-records-config:location}/${template-trafficserver-records-config:filename} filename = records.config extra-context = import os_module os [trafficserver-storage-config] < = trafficserver-jinja2-template-base template = ${template-trafficserver-storage-config:location}/${template-trafficserver-storage-config:filename} filename = storage.config [trafficserver-remap-config] < = trafficserver-jinja2-template-base template = ${template-empty:target} filename = remap.config context = key content trafficserver-variable:remap [trafficserver-plugin-config] < = trafficserver-jinja2-template-base template = ${template-empty:target} filename = plugin.config context = key content trafficserver-variable:plugin-config [trafficserver-promise-listen-port] recipe = slapos.cookbook:check_port_listening path = $${directory:promise}/trafficserver-port-listening hostname = $${trafficserver-variable:local-ip} port = $${trafficserver-variable:input-port} [trafficserver-line] recipe = slapos.cookbook:wrapper command-line = ${trafficserver:location}/bin/traffic_line wrapper-path = $${directory:bin}/traffic_line environment = TS_ROOT=$${buildout:directory} [trafficserver-promise-cache-availability] recipe = collective.recipe.template input = inline:#!${buildout:executable} import subprocess import sys traffic_line = "$${trafficserver-line:wrapper-path}" result = float(subprocess.check_output([traffic_line, '-r', 'proxy.node.cache.percent_free' ])) if result != 0: sys.exit(0) sys.stderr.write("Cache not available, availability: %s" % result) sys.exit(127) output = $${directory:promise}/trafficserver-cache-availability mode = 700 ### End of ATS sections ### Caddy Graceful and promises [frontend-caddy-graceful-bin] < = jinja2-template-base template = ${template-wrapper:output} rendered = $${directory:bin}/frontend-caddy-safe-graceful mode = 0700 extra-context = key content caddy-configuration:frontend-graceful-command [frontend-caddy-graceful] < = jinja2-template-base template = ${template-caddy-graceful-script:target} rendered = $${directory:etc-run}/frontend-caddy-safe-graceful mode = 0700 extra-context = key directory_run directory:run key directory_etc directory:etc key directory_bin directory:bin key caddy_graceful_reload_command caddy-configuration:frontend-graceful-command [frontend-caddy-lazy-graceful] < = jinja2-template-base template = ${template-caddy-lazy-script-call:target} rendered = $${directory:bin}/frontend-caddy-lazy-graceful mode = 0700 pid-file = $${directory:run}/lazy-graceful.pid extra-context = key pid_file :pid-file raw wait_time 60 key lazy_command caddy-configuration:frontend-graceful-command # Promises checking configuration: [promise-frontend-caddy-configuration] < = jinja2-template-base template = ${template-wrapper:output} rendered = $${directory:promise}/frontend-caddy-configuration-promise mode = 0700 extra-context = key content caddy-configuration:frontend-configuration-verification [promise-caddy-frontend-v4-https] recipe = slapos.cookbook:check_port_listening path = $${directory:promise}/caddy_frontend_ipv4_https hostname = $${instance-parameter:ipv4-random} port = $${instance-parameter:configuration.port} [promise-caddy-frontend-v4-http] recipe = slapos.cookbook:check_port_listening path = $${directory:promise}/caddy_frontend_ipv4_http hostname = $${instance-parameter:ipv4-random} port = $${instance-parameter:configuration.plain_http_port} [promise-caddy-frontend-v6-https] recipe = slapos.cookbook:check_port_listening path = $${directory:promise}/caddy_frontend_ipv6_https hostname = $${instance-parameter:ipv6-random} port = $${instance-parameter:configuration.port} [promise-caddy-frontend-v6-http] recipe = slapos.cookbook:check_port_listening path = $${directory:promise}/caddy_frontend_ipv6_http hostname = $${instance-parameter:ipv6-random} port = $${instance-parameter:configuration.plain_http_port} [promise-caddy-frontend-cached] recipe = slapos.cookbook:check_port_listening path = $${directory:promise}/caddy_cached hostname = $${instance-parameter:ipv4-random} port = $${caddy-configuration:cache-through-port} [promise-caddy-frontend-ssl-cached] recipe = slapos.cookbook:check_port_listening path = $${directory:promise}/caddy_ssl_cached hostname = $${instance-parameter:ipv4-random} port = $${caddy-configuration:ssl-cache-through-port} [promise-caddy-is-process-older-than-dependency-set] recipe = slapos.cookbook:wrapper command-line = ${buildout:bin-directory}/is-process-older-than-dependency-set $${caddy-configuration:pid-file} wrapper-path = $${directory:promise}/caddy-frontend-is-running-actual-software-release [slap_connection] # Kept for backward compatibility computer_id = $${slap-connection:computer-id} partition_id = $${slap-connection:partition-id} server_url = $${slap-connection:server-url} software_release_url = $${slap-connection:software-release-url} key_file = $${slap-connection:key-file} cert_file = $${slap-connection:cert-file} [slap-parameter] # Define default parameter(s) that will be used later, in case user didn't # specify it # All parameters are available through the configuration.XX syntax. # All possible parameters should have a default. domain = example.org public-ipv4 = port = 4443 plain_http_port = 8080 server-admin = admin@example.com apache_custom_https = "" apache_custom_http = "" apache-key = apache-certificate = open-port = 80 443 extra_slave_instance_list = frontend-name = monitor-username = $${monitor-instance-parameter:username} monitor-password = $${monitor-htpasswd:passwd} ####### # Monitoring sections # [monitor-instance-parameter] monitor-httpd-port = $${instance-parameter:configuration.monitor-httpd-port} cors-domains = $${instance-parameter:configuration.monitor-cors-domains} username = $${slap-parameter:monitor-username} password = $${slap-parameter:monitor-password} [monitor-conf-parameters] private-path-list += $${directory:logrotate-backup} [monitor-traffic-summary-last-stats-wrapper] < = jinja2-template-base template = ${template-wrapper:output} rendered = $${monitor-directory:reports}/traffic-summary-last-stats_every_1_hour mode = 0700 command = export TS_ROOT=$${buildout:directory} && echo "<pre>$(${trafficserver:location}/bin/traffic_logstats -f $${trafficserver-directory:log}/squid.blog)</pre>" extra-context = key content monitor-traffic-summary-last-stats-wrapper:command # Produce ATS Cache stats [monitor-ats-cache-stats-wrapper] < = jinja2-template-base template = ${template-wrapper:output} rendered = $${monitor-directory:reports}/ats-cache-stats_every_1_hour mode = 0700 command = export TS_ROOT=$${buildout:directory} && echo "<pre>$(${trafficserver:location}/bin/traffic_shell $${monitor-ats-cache-stats-config:rendered})</pre>" extra-context = key content monitor-ats-cache-stats-wrapper:command [monitor-caddy-server-status-wrapper] < = jinja2-template-base template = ${template-wrapper:output} rendered = $${monitor-directory:reports}/monitor-caddy-server-status-wrapper mode = 0700 command = ${curl:location}/bin/curl -s http://$${instance-parameter:ipv4-random}:$${instance-parameter:configuration.plain_http_port}/server-status -u $${monitor-instance-parameter:username}:$${monitor-htpasswd:passwd} 2>&1 extra-context = key content monitor-caddy-server-status-wrapper:command [monitor-ats-cache-stats-config] < = jinja2-template-base template = ${template-empty:target} rendered = $${trafficserver-configuration-directory:target}/cache-config.stats mode = 644 context = raw content show:cache-stats [monitor-verify-re6st-connectivity] recipe = slapos.cookbook:check_url_available path = $${directory:promise}/re6st-connectivity url = $${instance-parameter:configuration.re6st-verification-url} dash_path = ${dash:location}/bin/dash curl_path = ${curl:location}/bin/curl ####################### # Nginx # [nginx-wrapper] < = jinja2-template-base template = ${template-caddy-wrapper:output} rendered = $${directory:bin}/nginx-wrapper mode = 0700 extra-context = raw caddy ${caddy:output} key conf dynamic-nginx-frontend-template:rendered key log nginx-configuration:error_log key grace instance-parameter:configuration.mpm-graceful-shutdown-timeout [nginx-frontend] recipe = slapos.cookbook:wrapper command-line = $${nginx-wrapper:rendered} -pidfile $${nginx-configuration:pid-file} wrapper-path = $${directory:service}/frontend_nginx [dynamic-nginx-frontend-template] < = jinja2-template-base template = ${template-nginx-configuration:output} rendered = $${directory:etc}/nginx.cfg mode = 0600 extra-context = key port nginx-configuration:port key ssl_certificate nginx-configuration:ssl_certificate key ssl_key nginx-configuration:ssl_key key local_ip nginx-configuration:local_ip key plain_port nginx-configuration:plain_port key slave_configuration_directory nginx-configuration:slave-configuration-directory [nginx-configuration] access_log = $${directory:log}/nginx-access.log error_log = $${directory:log}/nginx-error.log ip = $${slap-network-information:global-ipv6} local_ip = $${slap-network-information:local-ipv4} port = $${instance-parameter:configuration.nginx_port} plain_port = $${instance-parameter:configuration.plain_nginx_port} worker_processes = 4 worker_connections = 1024 slave-configuration-directory = $${caddy-directory:nginx-slave-configuration} pid-file = $${directory:run}/nginx.pid nginx-graceful-command = $${:nginx-configuration-verification}; if [ $? -eq 0 ]; then kill -HUP $(cat $${:pid-file}); fi nginx-configuration-verification = $${nginx-wrapper:rendered} -validate ssl_certificate = $${ca-frontend:cert-file} ssl_key = $${ca-frontend:key-file} [frontend-nginx-graceful] < = jinja2-template-base template = ${template-wrapper:output} rendered = $${directory:etc-run}/frontend-nginx-safe-graceful mode = 0700 extra-context = key content nginx-configuration:nginx-graceful-command [promise-nginx-configuration] < = jinja2-template-base template = ${template-wrapper:output} rendered = $${directory:promise}/nginx-configuration-promise mode = 0700 extra-context = key content nginx-configuration:nginx-configuration-verification [promise-nginx-frontend-v4-https] recipe = slapos.cookbook:check_port_listening path = $${directory:promise}/nginx_frontend_ipv4_https hostname = $${instance-parameter:ipv4-random} port = $${instance-parameter:configuration.nginx_port} [promise-nginx-frontend-v4-http] recipe = slapos.cookbook:check_port_listening path = $${directory:promise}/nginx_frontend_ipv4_http hostname = $${instance-parameter:ipv4-random} port = $${instance-parameter:configuration.plain_nginx_port} [promise-nginx-frontend-v6-https] recipe = slapos.cookbook:check_port_listening path = $${directory:promise}/nginx_frontend_ipv6_https hostname = $${instance-parameter:ipv6-random} port = $${instance-parameter:configuration.nginx_port} [promise-nginx-frontend-v6-http] recipe = slapos.cookbook:check_port_listening path = $${directory:promise}/nginx_frontend_ipv6_http hostname = $${instance-parameter:ipv6-random} port = $${instance-parameter:configuration.plain_nginx_port} [promise-nginx-is-process-older-than-dependency-set] recipe = slapos.cookbook:wrapper command-line = ${buildout:bin-directory}/is-process-older-than-dependency-set $${nginx-configuration:pid-file} wrapper-path = $${directory:promise}/promise-nginx-is-process-older-than-dependency-set