Juju Charms Collection
turnip package

Merge lp:~cjwatson/charms/trusty/turnip/direct-haproxy into lp:~canonical-launchpad-branches/charms/trusty/turnip/devel

Proposed by Colin Watson on 2015-04-24

Status:	Merged
Merged at revision:	62
Proposed branch:	lp:~cjwatson/charms/trusty/turnip/direct-haproxy
Merge into:	lp:~canonical-launchpad-branches/charms/trusty/turnip/devel
Diff against target:	41 lines (+20/-3) 1 file modified hooks/actions.py (+20/-3)
To merge this branch:	bzr merge lp:~cjwatson/charms/trusty/turnip/direct-haproxy
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
William Grant	code	2015-04-24	Approve on 2015-04-24
Review via email: mp+257417@code.launchpad.net

Commit message

Expect to be proxied directly using haproxy, rather than via Apache; this entails setting up our service relations a little differently.

Description of the change

Expect to be proxied directly using haproxy, rather than via Apache; this entails setting up our service relations a little differently.

Revision history for this message

William Grant (wgrant) wrote on 2015-04-24:

The new service could do with a comment that it is because dodgy haproxy charm.

review: Approve (code)

lp:~cjwatson/charms/trusty/turnip/direct-haproxy updated on 2015-04-25

63. By Colin Watson on 2015-04-25: Add HSTS header to git-service-smart-http, per Mozilla Security recommendations.
64. By Colin Watson on 2015-04-25: Comment dubious use of haproxy charm.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Colin Watson

William Grant

 === modified file 'hooks/actions.py'
 --- hooks/actions.py	2015-04-19 00:04:11 +0000
 +++ hooks/actions.py	2015-04-25 02:21:36 +0000
@@ -199,11 +199,28 @@
                  'check',
                  ]],
              },
++        # This is a slightly dubious use of the haproxy charm, but we don't
++        # have good relation settings and end up needing to hardcode some
++        # ports.
++        {
++            'service_name': 'git-service-http-redirect',
++            'service_host': '0.0.0.0',
++            'service_port': '80',
++            'service_options':
++                http_options +
++                ['redirect scheme https code 301 if !{ ssl_fc }'],
++            'servers': [],
++            },
+         {
              'service_name': 'git-service-smart-http',
              'service_host': '0.0.0.0',
--            'service_port': str(config['port_smart_http']),
--            'service_options': http_options + ['option httpchk'],
++            'service_port': '443',
++            'service_options':
++                http_options +
++                ['option httpchk',
++                 'rspadd Strict-Transport-Security:\\ max-age=15768000',
++                 ],
++            'crts': ['DEFAULT'],
              'servers': [[
                  server_name, server_ip, str(config['port_smart_http']),
                  'check',
@@ -234,5 +251,5 @@
          hookenv.relation_set(
              relid,
              hostname=hookenv.unit_private_ip(),
--            port=config['port_smart_http'],
++            port='443',
              services=haproxy_services)

Juju Charms Collectionturnip package