apache2 subordinate #1

  • By hloeung
  • Latest version (#1)
  • trusty
  • Stable
  • Edge

Description

Apache2 subordinate charm


Juju apache2-subordinate charm

The apache2-subordinate charm relates to a primary web service charm
and exposes its code or content to the world over HTTP/HTTPS.
This means that your site is the primary service,
and other Web server subordinates can be substituted for this one
if they use the same relation data.

How to deploy the charm

Assuming you have a copy of the apache2-subordinate charm
in ./charms/$distrocodename/apache2-subordinate,
and that you want to use it to expose a wordpress service:

juju deploy --repository=charms local:apache2-subordinate
juju add-relation wordpress apache2-subordinate

Using the webservice relation

The primary relation used by the apache2-subordinate charm
is the webservice relation.
The charm requires the services variable to be set in the relation data.
The services variable must be a list of dictionaries,
each describing the parameters for a virtual host.

Please note that all data in these dictionaries
will be passed as strings by juju,
and the apache2-subordinate charm will decode the data into python objects.

Vhost definition dictionary supports the following keys:

  • url - scheme://hostname:port

    For example: http://myblog.me.com:80.

    If https is used the charm will either deploy SSL certificates
    or if they are not available it will create self signed keypair.
    Currently only http and https are supported.

  • type - vhost type.

    Currently only php is supported.

  • document_root

  • extra_packages (optional)

    List of extra packages the vhost requires.

    For example: ["php5_mysql", "php5_curl"]

  • webserver_options (optional)

    List of options specific to the web server subordinate.

    For example: ["mod_rewrite", "-serve-cgi-bin.conf", "+mod_status"]

  • redirects (optional)

    List of redirects.

    For example:

    [
        {"match": "/wp-admin",
         "target": "https://mysite.example.com/wp-admin"},
        {"match": "/wp-login.php",
         "target": "https://mysite.example.com/wp-login.php"}
    ]
    
  • proxy (optional)

    List of proxy urls and targets.

    For example:

    [
        {"match": "/media/",
         "proxy_target": "http://media.example.com/"},
    ]
    
  • vhost_options (optional)

    Dictionary mapping Apache directives to their parameters.
    This is intended as a bit of a back channel
    for charms that explicitly know their Web server subordinate is Apache.

    For example:

    {'Header': 'append Vary "Cookie"'}
    

Example Relation Data

Putting all the pieces together,
a Wordpress installation might look something like the following:

[
    {
        "url": "http://mysite.example.com:8080",
        "type": "php",
        "document_root": "/srv/mysite.example.com",
        "extra_packages": ["php_mysql"],
        "redirects": [
            {"match": "/wp-admin", "target": "https://mysite.example.com/wp-admin"},
            {"match": "/wp-login.php", "target": "https://mysite.example.com/wp-login.php"}
        ],
        "proxy": [
            {"match": "/media/", "proxy_target": "http://media.example.com/"}
        ],
        "webserver_options": ["mod_rewrite", "mod_headers"],
        "vhost_options": {'Header': 'append Vary "Cookie"'},
    },
    {
        "url": "https://mysite.example.com:443",
        "type": "php",
        "document_root": "/srv/mysite.example.com",
        "extra_packages": ["php_mysql"],
        "webserver_options": ["mod_headers"],
        "vhost_options": {'Header': 'append Vary "Cookie"'},
    }
]

TODO

  • Add support for wsgi vhosts
    • Use document_root to specify wsgi script, or a new path variable?
  • Improve support for static content vhosts?
    • What's missing, currently?

Configuration

ssl_honor_cipher_order
(boolean) Enable server cipher suite preference.
True
ssl_certificate
(string) SSL certificate in base64
ssl_key
(string) SSL key in base64
ssl_protocol
(string) SSL Protocols to enable.
ALL -SSLv2 -SSLv3
logrotate_dateext
(boolean) If set to True (default) logrotate will append date to each rotated file
True
logrotate_retention
(int) Number of (daily rotated) logs to keep on disk
60
mpm_type
(string) The name of the apache-mpm-* package to install.
worker
ssl_chain
(string) SSL chain bundle in bas64
ssl_cipher_suite
(string) List of server cipher suites.
EECDH+AESGCM+AES128:EDH+AESGCM+AES128:EECDH+AES128:EDH+AES128:ECDH+AESGCM+AES128:aRSA+AESGCM+AES128:ECDH+AES128:DH+AES128:aRSA+AES128:EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:ECDH+AESGCM:aRSA+AESGCM:ECDH:DH:aRSA:HIGH:!MEDIUM:!aNULL:!NULL:!LOW:!3DES:!DSS:!EXP:!PSK:!SRP