Juju Charms Collection
turnip package

Merge lp:~cjwatson/charms/trusty/turnip/direct-haproxy into lp:~canonical-launchpad-branches/charms/trusty/turnip/devel

  1. Trusty Tahr (14.04)
  2. direct-haproxy
  3. Merge into devel
Proposed by Colin Watson
Status: Merged
Merged at revision: 62
Proposed branch: lp:~cjwatson/charms/trusty/turnip/direct-haproxy
Merge into: lp:~canonical-launchpad-branches/charms/trusty/turnip/devel
Diff against target: 41 lines (+20/-3)
1 file modified
hooks/actions.py (+20/-3)
To merge this branch: bzr merge lp:~cjwatson/charms/trusty/turnip/direct-haproxy
Reviewer Review Type Date Requested Status
William Grant code Approve
Review via email: mp+257417@code.launchpad.net

Commit message

Expect to be proxied directly using haproxy, rather than via Apache; this entails setting up our service relations a little differently.

Description of the change

Expect to be proxied directly using haproxy, rather than via Apache; this entails setting up our service relations a little differently.

To post a comment you must log in.
Revision history for this message
William Grant (wgrant) wrote :

The new service could do with a comment that it is because dodgy haproxy charm.

review: Approve (code)
lp:~cjwatson/charms/trusty/turnip/direct-haproxy updated
63. By Colin Watson

Add HSTS header to git-service-smart-http, per Mozilla Security recommendations.

64. By Colin Watson

Comment dubious use of haproxy charm.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'hooks/actions.py'
--- hooks/actions.py 2015-04-19 00:04:11 +0000
+++ hooks/actions.py 2015-04-25 02:21:36 +0000
@@ -199,11 +199,28 @@
199 'check',199 'check',
200 ]],200 ]],
201 },201 },
202 # This is a slightly dubious use of the haproxy charm, but we don't
203 # have good relation settings and end up needing to hardcode some
204 # ports.
205 {
206 'service_name': 'git-service-http-redirect',
207 'service_host': '0.0.0.0',
208 'service_port': '80',
209 'service_options':
210 http_options +
211 ['redirect scheme https code 301 if !{ ssl_fc }'],
212 'servers': [],
213 },
202 {214 {
203 'service_name': 'git-service-smart-http',215 'service_name': 'git-service-smart-http',
204 'service_host': '0.0.0.0',216 'service_host': '0.0.0.0',
205 'service_port': str(config['port_smart_http']),217 'service_port': '443',
206 'service_options': http_options + ['option httpchk'],218 'service_options':
219 http_options +
220 ['option httpchk',
221 'rspadd Strict-Transport-Security:\\ max-age=15768000',
222 ],
223 'crts': ['DEFAULT'],
207 'servers': [[224 'servers': [[
208 server_name, server_ip, str(config['port_smart_http']),225 server_name, server_ip, str(config['port_smart_http']),
209 'check',226 'check',
@@ -234,5 +251,5 @@
234 hookenv.relation_set(251 hookenv.relation_set(
235 relid,252 relid,
236 hostname=hookenv.unit_private_ip(),253 hostname=hookenv.unit_private_ip(),
237 port=config['port_smart_http'],254 port='443',
238 services=haproxy_services)255 services=haproxy_services)

Subscribers

People subscribed via source and target branches

to all changes: