Add nginx-reverse-proxy Software Release.
[slapos.git] / software / reverse-proxy-nginx / instance.cfg.in
1 [buildout]
2 parts =
3   directory
4   reverse-proxy
5   certificate-authority
6   ca-nginx
7   logrotate
8   logrotate-entry-nginx
9   cron
10   cron-entry-logrotate
11   smtp-port-promise
12   publish-connection-parameter
13
14 # Define egg directories to be the one from Software Release
15 # (/opt/slapgrid/...)
16 eggs-directory = ${buildout:eggs-directory}
17 develop-eggs-directory = ${buildout:develop-eggs-directory}
18 offline = true
19
20 # Fetch parameters defined in SlapOS Master for this instance
21 [instance-parameter]
22 recipe = slapos.cookbook:slapconfiguration
23 computer = $${slap-connection:computer-id}
24 partition = $${slap-connection:partition-id}
25 url = $${slap-connection:server-url}
26 key = $${slap-connection:key-file}
27 cert = $${slap-connection:cert-file}
28
29 # Set default parameters
30 configuration.slave-instance-list =
31 configuration.domain = un-hardcode-me
32 #configuration.http-port = 80
33 #configuration.https-port = 443
34 configuration.smtp-port = 25
35 configuration.public-ipv4 =
36
37 # Create needed directories
38 [directory]
39 recipe = slapos.cookbook:mkdirectory
40 home = $${buildout:directory}
41 bin = $${:home}/bin
42 etc = $${:home}/etc
43 srv = $${:home}/srv
44 var = $${:home}/var
45
46 service = $${:etc}/service
47 promise = $${:etc}/promise
48 backup = $${:srv}/backup
49 log = $${:var}/log
50 run = $${:var}/run
51
52 ca-dir = $${:srv}/ssl
53 ca-requests = $${:ca-dir}/requests
54 ca-private = $${:ca-dir}/private
55 ca-certs = $${:ca-dir}/certs
56 ca-newcerts = $${:ca-dir}/newcerts
57 ca-crl = $${:ca-dir}/crl
58
59 nginx-configuration = $${:etc}/nginx
60 nginx-ssl = $${:ca-dir}/nginx
61 nginx-log = $${:home}/logs
62 nginx-htdocs = $${:srv}/www
63
64 cron-entries = $${:etc}/cron.d
65 crontabs = $${:etc}/crontabs
66 cronstamps = $${:etc}/cronstamps
67
68 logrotate-entries = $${:etc}/logrotate.d
69 logrotate-backup = $${:backup}/logrotate
70
71
72 # Deploy nginx and publish connection parameters inside of the recipe
73 [reverse-proxy]
74 recipe = slapos.cookbook:reverseproxy.nginx
75 nginx-executable = ${nginx-unstable:location}/sbin/nginx
76 wrapper = $${directory:bin}/nginx
77
78 configuration-file = $${directory:nginx-configuration}/nginx.conf
79
80 ipv6 = $${instance-parameter:ipv6-random}
81 ipv4 = $${instance-parameter:ipv4-random}
82 slave-instance-list = $${instance-parameter:slave-instance-list}
83 #http-port = $${instance-parameter:http-port}
84 #https-port = $${instance-parameter:https-port}
85 smtp-port = $${instance-parameter:configuration.smtp-port}
86 domain = $${instance-parameter:configuration.domain}
87
88 access-log = $${directory:nginx-log}/access.log
89 error-log = $${directory:nginx-log}/error.log
90
91 key-file = $${directory:nginx-configuration}/nginx.key
92 cert-file = $${directory:nginx-configuration}/nginx.crt
93
94 pid-file = $${directory:run}/nginx
95
96 htdocs = $${directory:nginx-htdocs}
97 home-directory = $${directory:home}
98
99 # Set the public IPs (if possible) as slave connection parameter so that user knows what IP
100 # to bind to its domain name
101 public-ipv4 = $${instance-parameter:configuration.public-ipv4}
102
103 # Create and handle certificate related stuffs, including encapsulating run of nginx executable
104 [certificate-authority]
105 recipe = slapos.cookbook:certificate_authority
106 openssl-binary = ${openssl:location}/bin/openssl
107 ca-dir = $${directory:ca-dir}
108 requests-directory = $${directory:ca-requests}
109 wrapper = $${directory:service}/ca
110 ca-private = $${directory:ca-private}
111 ca-certs = $${directory:ca-certs}
112 ca-newcerts = $${directory:ca-newcerts}
113 ca-crl = $${directory:ca-crl}
114
115 [ca-nginx]
116 <= certificate-authority
117 recipe = slapos.cookbook:certificate_authority.request
118 executable = $${reverse-proxy:wrapper}
119 wrapper = $${directory:service}/nginx
120 key-file = $${reverse-proxy:key-file}
121 cert-file = $${reverse-proxy:cert-file}
122
123
124 # Deploy logrotate
125 [logrotate]
126 recipe = slapos.cookbook:logrotate
127 # Binaries
128 logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
129 gzip-binary = ${gzip:location}/bin/gzip
130 gunzip-binary = ${gzip:location}/bin/gunzip
131 # Directories
132 wrapper = $${directory:bin}/logrotate
133 conf = $${directory:etc}/logrotate.conf
134 logrotate-entries = $${directory:logrotate-entries}
135 backup = $${directory:logrotate-backup}
136 state-file = $${directory:srv}/logrotate.status
137
138 [logrotate-entry-nginx]
139 <= logrotate
140 recipe = slapos.cookbook:logrotate.d
141 name = nginx
142 log = $${reverse-proxy:access-log} $${reverse-proxy:error-log}
143 frequency = daily
144 rotate-num = 30
145 post = ${buildout:bin-directory}/killpidfromfile $${reverse-proxy:pid-file} SIGUSR1
146 sharedscripts = true
147 notifempty = true
148 create = true
149
150
151 # Deploy cron and configure it
152 [cron-simplelogger]
153 recipe = slapos.cookbook:simplelogger
154 wrapper = $${directory:bin}/cron_simplelogger
155 log = $${directory:log}/crond.log
156
157 [cron]
158 recipe = slapos.cookbook:cron
159 dcrond-binary = ${dcron:location}/sbin/crond
160 cron-entries = $${directory:cron-entries}
161 crontabs = $${directory:crontabs}
162 cronstamps = $${directory:cronstamps}
163 catcher = $${cron-simplelogger:wrapper}
164 binary = $${directory:service}/crond
165
166 [cron-entry-logrotate]
167 <= cron
168 recipe = slapos.cookbook:cron.d
169 name = logrotate
170 frequency = 0 0 * * *
171 command = $${logrotate:wrapper}
172
173
174 # Check promises
175 [smtp-port-promise]
176 recipe = slapos.cookbook:check_port_listening
177 path = $${directory:promise}/smtp-port-promise
178 hostname = $${instance-parameter:ipv6-random}
179 port = $${instance-parameter:configuration.smtp-port}
180
181
182 # Publish instance connection parameters
183 # Note: Parameters of slaves are published in the reverse-proxy recipe
184 [publish-connection-parameter]
185 recipe = slapos.cookbook:publish
186 ipv4 = $${instance-parameter:ipv4-random}
187 ipv6 = $${instance-parameter:ipv6-random}
188