Allow to configure SSL authnetication backend.
[slapos.git] / software / erp5 / snippet-backend.cfg
1 [apache-public-%(backend_name)s]
2 recipe = slapos.cookbook:apache.zope.backend
3 backend = http://$${haproxy-%(backend_name)s:ip}:$${haproxy-%(backend_name)s:port}/
4 ip = $${slap-network-information:global-ipv6}
5 port = %(apache_public_port)s
6 scheme = http
7 wrapper = $${basedirectory:services}/apache-public-%(backend_name)s
8 configuration-file = $${directory:apache-conf}/apache-public-%(backend_name)s.conf
9 access-control-string = %(access_control_string)s
10 pid-file = $${basedirectory:run}/apache-public-%(backend_name)s.pid
11 lock-file = $${basedirectory:run}/apache-public-%(backend_name)s.lock
12 error-log = $${basedirectory:log}/apache-public-%(backend_name)s-error.log
13 access-log = $${basedirectory:log}/apache-public-%(backend_name)s-access.log
14 apache-binary = ${apache:location}/bin/httpd
15
16 [apache-%(backend_name)s]
17 recipe = slapos.cookbook:apache.zope.backend
18 backend = http://$${haproxy-%(backend_name)s:ip}:$${haproxy-%(backend_name)s:port}/
19 ip = $${slap-network-information:global-ipv6}
20 port = %(apache_port)s
21 wrapper = $${rootdirectory:bin}/apache-%(backend_name)s
22 scheme = https
23 key-file = $${directory:apache-conf}/apache-%(backend_name)s.key
24 cert-file = $${directory:apache-conf}/apache-%(backend_name)s.crt
25 configuration-file = $${directory:apache-conf}/apache-%(backend_name)s.conf
26 access-control-string = %(access_control_string)s
27 pid-file = $${basedirectory:run}/apache-%(backend_name)s.pid
28 lock-file = $${basedirectory:run}/apache-%(backend_name)s.lock
29 ssl-session-cache = $${basedirectory:log}/apache-ssl-session-cache
30 error-log = $${basedirectory:log}/apache-%(backend_name)s-error.log
31 access-log = $${basedirectory:log}/apache-%(backend_name)s-access.log
32 apache-binary = ${apache:location}/bin/httpd
33 ssl-authentication = %(ssl_authentication)s
34 # Note: Without erp5-certificate-authority main certificate have to be hardcoded
35 ssl-authentication-certificate = $${erp5-certificate-authority:ca-dir}/cacert.pem
36 ssl-authentication-crl = $${erp5-certificate-authority:ca-crl}
37
38 [ca-apache-%(backend_name)s]
39 <= certificate-authority
40 recipe = slapos.cookbook:certificate_authority.request
41 key-file = $${apache-%(backend_name)s:key-file}
42 cert-file = $${apache-%(backend_name)s:cert-file}
43 executable = $${apache-%(backend_name)s:wrapper}
44 wrapper = $${basedirectory:services}/apache-%(backend_name)s
45
46 [logrotate-entry-apache-public-%(backend_name)s]
47 <= logrotate
48 recipe = slapos.cookbook:logrotate.d
49 name = apache-public-%(backend_name)s
50 log = $${apache-public-%(backend_name)s:error-log} $${apache-public-%(backend_name)s:access-log}
51 post = ${buildout:bin-directory}/killpidfromfile $${apache-public-%(backend_name)s:pid-file} SIGUSR1
52
53 [logrotate-entry-apache-%(backend_name)s]
54 <= logrotate
55 recipe = slapos.cookbook:logrotate.d
56 name = apache-%(backend_name)s
57 log = $${apache-%(backend_name)s:error-log} $${apache-%(backend_name)s:access-log}
58 post = ${buildout:bin-directory}/killpidfromfile $${apache-%(backend_name)s:pid-file} SIGUSR1
59
60 [haproxy-%(backend_name)s]
61 recipe = slapos.cookbook:haproxy
62 name = %(backend_name)s
63 conf-path = $${rootdirectory:etc}/haproxy-%(backend_name)s.cfg
64 ip = $${slap-network-information:local-ipv4}
65 port = %(haproxy_port)s
66 maxconn = %(maxconn)s
67 server-check-path = %(server_check_path)s
68 wrapper-path = $${basedirectory:services}/haproxy-%(backend_name)s
69 binary-path = ${haproxy:location}/sbin/haproxy
70 backend-list = %(haproxy_backend_list)s