Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
1 result
Blame Permalink
  • McConahy, Renee Margaret's avatar
    50404abf
    Add crude front-end Web router. · 50404abf
    McConahy, Renee Margaret authored 
    This creates a service that listens on (by default) port 80 and maps
LOCKSS's many Web interfaces, each listening on a different port, to
paths under a single base. For example:

    http://lockss.test/crawler -> http://lockss.test:24631

This is not ready for production. The remaining tasks are as follows:

- Turn the front-end into a proper Docker image and service. (It should
  include a health check.)

- Merge the lockss-config-frontend into the main lockss role.

- Remove from the firewall rules access to the other administrative
  ports that are now accessed through this.

- Document the front-end paths. Or, better yet, write a landing page
  that lists them all.
    50404abf
    History
    Add crude front-end Web router.
    McConahy, Renee Margaret authored 
    This creates a service that listens on (by default) port 80 and maps
LOCKSS's many Web interfaces, each listening on a different port, to
paths under a single base. For example:

    http://lockss.test/crawler -> http://lockss.test:24631

This is not ready for production. The remaining tasks are as follows:

- Turn the front-end into a proper Docker image and service. (It should
  include a health check.)

- Merge the lockss-config-frontend into the main lockss role.

- Remove from the firewall rules access to the other administrative
  ports that are now accessed through this.

- Document the front-end paths. Or, better yet, write a landing page
  that lists them all.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
httpd.conf.j2 3.53 KiB 
ServerRoot "/usr/local/apache2"
Listen {{ lockss_frontend_port }}
LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
<IfModule !mpm_prefork_module>
</IfModule>
<IfModule mpm_prefork_module>
</IfModule>
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
<IfModule unixd_module>
User daemon
Group daemon
</IfModule>
ServerAdmin you@example.com
<Directory />
    AllowOverride none
    Require all denied
</Directory>
DocumentRoot "/usr/local/apache2/htdocs"
<Directory "/usr/local/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
<Files ".ht*">
    Require all denied
</Files>
ErrorLog /proc/self/fd/2
LogLevel warn
<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog /proc/self/fd/1 common
</IfModule>
<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/apache2/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>
<IfModule headers_module>
    RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

RedirectMatch ^/$ /{{ lockss_frontend_default_backend }}/

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyRequests off
{% for b in lockss_frontend_backends %}
ProxyPass /{{ b.name }}/ http://{{ lockss_hostname }}:{{ b.port }}/
{% endfor %}

LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so
Include conf/extra/proxy-html.conf

{% for b in lockss_frontend_backends %}
<Location /{{ b.name }}/>
    ProxyPassReverse /
    ProxyPassReverseCookiePath / /{{ b.name }}/

    ProxyHTMLURLMap / /{{ b.name }}/
</Location>
{% endfor %}

<Location />
    ProxyHTMLEnable On
{% for b in lockss_frontend_backends %}
    ProxyHTMLURLMap http://{{ lockss_hostname }}:{{ b.port }} /{{ b.name }}
{% endfor %}
    RequestHeader unset Accept-Encoding
</Location>