Merge ~pjdc/ubuntu-mirror-charm/+git/ubuntu-mirror-charm:linuxcontainers into ubuntu-mirror-charm:master
- Git
- lp:~pjdc/ubuntu-mirror-charm/+git/ubuntu-mirror-charm
- linuxcontainers
- Merge into master
Proposed by
Paul Collins
| Status: | Merged |
|---|---|
| Approved by: | Paul Collins |
| Approved revision: | f08fd0ed505169a5de682cd77cfee04228dfa68e |
| Merged at revision: | c69b05c81bc8af2b1f25e38872d99f58576db775 |
| Proposed branch: | ~pjdc/ubuntu-mirror-charm/+git/ubuntu-mirror-charm:linuxcontainers |
| Merge into: | ubuntu-mirror-charm:master |
| Diff against target: |
1231 lines (+1038/-9) 13 files modified
config.yaml (+80/-1) files/check-mirror.sh (+11/-2) files/mirror-linuxcontainers.sh (+97/-0) hooks/Config.py (+1/-0) hooks/hooks.py (+34/-6) keys/juju-tools.asc (+51/-0) keys/lxc-devel.asc (+29/-0) templates/apache-linuxcontainers-api.include.tmpl (+41/-0) templates/apache-linuxcontainers-tls.include.tmpl (+16/-0) templates/apache-linuxcontainers.tmpl (+74/-0) tests/unit/test_linuxcontainers.py (+56/-0) tests/unit/testdata/linuxcontainers/linuxcontainers.txt (+429/-0) tests/unit/testdata/linuxcontainers/thirdparty.txt (+119/-0) |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Barry Price | Approve | ||
| Canonical IS Reviewers | Pending | ||
|
Review via email:
|
|||
Commit message
add linuxcontainers support
Description of the change
To post a comment you must log in.
Revision history for this message
| 🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
Revision history for this message
| 🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
Change successfully merged at revision c69b05c81bc8af2
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | diff --git a/config.yaml b/config.yaml |
| 2 | index f2b4616..2f5f38c 100644 |
| 3 | --- a/config.yaml |
| 4 | +++ b/config.yaml |
| 5 | @@ -511,7 +511,7 @@ options: |
| 6 | type: string |
| 7 | description: "Root location of mirrored files for the MAAS images mirror" |
| 8 | mirror_maas-images_description: |
| 9 | - default: "Ubuntu Old Releases" |
| 10 | + default: "MAAS images" |
| 11 | type: string |
| 12 | description: "A brief welcome message for the MAAS images mirror" |
| 13 | mirror_maas-images_rsync_log: |
| 14 | @@ -563,6 +563,85 @@ options: |
| 15 | description: > |
| 16 | Local path of the key file to use when triggering downstream |
| 17 | mirrors. If empty, downstream mirrors are not triggered. |
| 18 | + mirror_linuxcontainers_name: |
| 19 | + default: "images.linuxcontainers.org" |
| 20 | + type: string |
| 21 | + description: > |
| 22 | + FQDN of the Linux Containers image mirror. |
| 23 | + |
| 24 | + When set to "image.linuxcontainers.org", the virtualhost will |
| 25 | + redirect to the uk or us subdomain based on the source IP |
| 26 | + location as determined by GeoIP. |
| 27 | + mirror_linuxcontainers_aliases: |
| 28 | + default: '["uk.images.linuxcontainers.org", "us.images.linuxcontainers.org"]' |
| 29 | + type: string |
| 30 | + description: > |
| 31 | + List of Apache aliases for the Linux Containers image mirror. |
| 32 | + |
| 33 | + When mirror_linuxcontainers_name is set to "images.linuxcontainers.org", |
| 34 | + a separate virtualhost will be generated for each alias to act |
| 35 | + as destinations for GeoIP-based redirects and to log traffic to |
| 36 | + each alias separately. |
| 37 | + |
| 38 | + Otherwise, these aliases will simple be declared as standard |
| 39 | + Apache aliases using the ServerAlias directive. |
| 40 | + mirror_linuxcontainers_path: |
| 41 | + default: "/srv/ftp.root/lxc-images" |
| 42 | + type: string |
| 43 | + description: "Root location of mirrored files for the Linux Containers image mirror" |
| 44 | + mirror_linuxcontainers_description: |
| 45 | + default: "Linux Containers (LXC/LXD) Images" |
| 46 | + type: string |
| 47 | + description: "A brief welcome message for the Linux Containers image mirror" |
| 48 | + mirror_linuxcontainers_rsync_log: |
| 49 | + default: false |
| 50 | + type: boolean |
| 51 | + description: "Whether to log rsync requests for the Linux Containers image mirror" |
| 52 | + mirror_linuxcontainers_command: |
| 53 | + default: "mirror-linuxcontainers.sh" |
| 54 | + type: string |
| 55 | + description: "The command to use to sync the Linux Containers image mirror" |
| 56 | + mirror_linuxcontainers_source_url: |
| 57 | + default: "rsync://rsync.images.linuxcontainers.org/lxc-images" |
| 58 | + type: string |
| 59 | + description: "The URL the Linux Containers image mirror will be fetched from" |
| 60 | + mirror_linuxcontainers_rsync_auth: |
| 61 | + default: '{}' |
| 62 | + type: string |
| 63 | + description: "Optional rsync authentication details for mirror_linuxcontainers_source_url" |
| 64 | + mirror_linuxcontainers_rsync_module: |
| 65 | + default: "lxc-images" |
| 66 | + type: string |
| 67 | + description: "The name of the rsync module for this mirror role" |
| 68 | + mirror_linuxcontainers_sync_time: |
| 69 | + default: "ondemand" |
| 70 | + type: string |
| 71 | + description: "When mirror updates should be run. Either a cron(5) format time specification or 'ondemand' for ssh triggering" |
| 72 | + mirror_linuxcontainers_trigger: |
| 73 | + default: "" |
| 74 | + type: string |
| 75 | + description: "A base64 string containing the ssh trigger public key" |
| 76 | + mirror_linuxcontainers_apache_early_extra: |
| 77 | + default: "" |
| 78 | + type: string |
| 79 | + description: "A base64 string containing apache configuration options to be included early in the config file" |
| 80 | + mirror_linuxcontainers_apache_late_extra: |
| 81 | + default: "" |
| 82 | + type: string |
| 83 | + description: "A base64 string containing apache configuration options to be included late in the config file" |
| 84 | + mirror_linuxcontainers_downstream_mirrors: |
| 85 | + default: "" |
| 86 | + type: "string" |
| 87 | + description: > |
| 88 | + A space-separated list of mirrors to trigger following a sync. |
| 89 | + Username defaults to the mirror_user config setting, and |
| 90 | + otherwise may be specified by "user@host" syntax. |
| 91 | + mirror_linuxcontainers_trigger_keyfile: |
| 92 | + default: "" |
| 93 | + type: "string" |
| 94 | + description: > |
| 95 | + Local path of the key file to use when triggering downstream |
| 96 | + mirrors. If empty, downstream mirrors are not triggered. |
| 97 | mirror_old-releases_name: |
| 98 | default: "old-releases.ubuntu.com" |
| 99 | type: string |
| 100 | diff --git a/files/check-mirror.sh b/files/check-mirror.sh |
| 101 | index a04d177..003b48a 100755 |
| 102 | --- a/files/check-mirror.sh |
| 103 | +++ b/files/check-mirror.sh |
| 104 | @@ -63,14 +63,17 @@ case ${role} in |
| 105 | unsigned=xenial/current/SHA256SUMS |
| 106 | signed=${unsigned}.gpg |
| 107 | ;; |
| 108 | + linuxcontainers) |
| 109 | + unsigned=streams/v1/index.json |
| 110 | + signed=${unsigned}.gpg |
| 111 | + ;; |
| 112 | old-releases) |
| 113 | unsigned=ubuntu/dists/warty/Release |
| 114 | signed=${unsigned}.gpg |
| 115 | ;; |
| 116 | simple-streams) |
| 117 | - # TODO(pjdc): key is not packaged; fetch from install hook? |
| 118 | unsigned=juju/images/releases/streams/v1/index.json |
| 119 | - signed=${unsigned}.gpg # not used |
| 120 | + signed=${unsigned}.gpg |
| 121 | ;; |
| 122 | maas-images) |
| 123 | # NOTE(pjdc): ephemeral-v3 is the current stuff and seems to have no fixed paths to signed files we could check |
| 124 | @@ -99,12 +102,18 @@ case ${role} in |
| 125 | cloud-images) |
| 126 | keyring_file=/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg |
| 127 | ;; |
| 128 | + linuxcontainers) |
| 129 | + keyring_file=/usr/local/share/ubuntu-mirror-charm.gpg |
| 130 | + ;; |
| 131 | old-releases) |
| 132 | keyring_file=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg |
| 133 | ;; |
| 134 | ubuntu-cloud-archive) |
| 135 | keyring_file=/usr/share/keyrings/ubuntu-cloud-keyring.gpg |
| 136 | ;; |
| 137 | + simple-streams) |
| 138 | + keyring_file=/usr/local/share/ubuntu-mirror-charm.gpg |
| 139 | + ;; |
| 140 | *) |
| 141 | keyring_file=/usr/share/keyrings/ubuntu-archive-keyring.gpg |
| 142 | ;; |
| 143 | diff --git a/files/mirror-linuxcontainers.sh b/files/mirror-linuxcontainers.sh |
| 144 | new file mode 100755 |
| 145 | index 0000000..4f0e3fb |
| 146 | --- /dev/null |
| 147 | +++ b/files/mirror-linuxcontainers.sh |
| 148 | @@ -0,0 +1,97 @@ |
| 149 | +#!/bin/bash |
| 150 | +# |
| 151 | +#-------------------------------------------------------# |
| 152 | +# This file is Juju managed - do not make local changes # |
| 153 | +#-------------------------------------------------------# |
| 154 | +# |
| 155 | +# Author: Chris Stratford <chris.stratford@canonical.com> |
| 156 | +# Copyright 2014,2021 Canonical Ltd. |
| 157 | +# |
| 158 | +# Triple-pass rsync mirror for images.linuxcontainers.org |
| 159 | +# |
| 160 | +# ${role}.conf should look like: |
| 161 | +# DEST_DIR=/srv/ftp.root/lxc-images |
| 162 | +# SOURCE_URL=rsync://rsync.image.linuxcontainers.org/lxc-images |
| 163 | +# RSYNC_PASSWORD=secret |
| 164 | + |
| 165 | +if [ $# -lt 1 ]; then |
| 166 | + myname=$(basename $0) |
| 167 | + echo "Usage: ${myname} <role>" |
| 168 | + exit 1 |
| 169 | +fi |
| 170 | + |
| 171 | +role=$1 |
| 172 | +myhostname=$(hostname) |
| 173 | +logfile=${HOME}/log/mirror-${role}.log |
| 174 | + |
| 175 | +# Magic to make sure things keep running in the background |
| 176 | +# after ssh has gone away |
| 177 | +if [ "$2" != "go" ]; then |
| 178 | + annotate-output $0 $1 go > ${logfile} 2>&1 & |
| 179 | + exit 0 |
| 180 | +fi |
| 181 | + |
| 182 | +set -u |
| 183 | + |
| 184 | +function log { |
| 185 | + echo $1 |
| 186 | +} |
| 187 | + |
| 188 | +function fatal { |
| 189 | + log $1 |
| 190 | + exit 1 |
| 191 | +} |
| 192 | + |
| 193 | +if [ -f ${HOME}/mirror-config/${role}.conf ]; then |
| 194 | + . ${HOME}/mirror-config/${role}.conf |
| 195 | +else |
| 196 | + fatal "${role}.conf file missing - aborting" |
| 197 | +fi |
| 198 | + |
| 199 | +export RSYNC_PASSWORD |
| 200 | +lockfile="Archive-Update-in-Progress-${role}-${myhostname}" |
| 201 | +lockpath="${DEST_DIR}/${lockfile}" |
| 202 | + |
| 203 | +if lockfile -! -l 43200 -r 0 "${lockpath}"; then |
| 204 | + fatal "${myhostname} is unable to start an rsync for ${role}. Lockfile exists" |
| 205 | +fi |
| 206 | +trap "rm -f ${lockpath} > /dev/null 2>&1" exit |
| 207 | + |
| 208 | +if [ ! -d ${DEST_DIR} ]; then |
| 209 | + log "${DEST_DIR} does not exist yet, trying to create it..." |
| 210 | + mkdir -p ${DEST_DIR} || fatal "Creation of ${DEST_DIR} failed." |
| 211 | +fi |
| 212 | + |
| 213 | +if [ -n "${RSYNC_USER}" ]; then |
| 214 | + url=$(echo ${SOURCE_URL}|sed -e "s,//,//${RSYNC_USER}@,") |
| 215 | +else |
| 216 | + url=${SOURCE_URL} |
| 217 | +fi |
| 218 | + |
| 219 | +# If upstream is close to us and triggers us via ssh, we may start |
| 220 | +# syncing before it has deleted its local lock file, which then |
| 221 | +# becomes a "file has vanished" and non-zero exit, causing the trace |
| 222 | +# file to not update, which makes the mirror seem stale when it isn't. |
| 223 | +# Therefore, let's just: |
| 224 | +log "== Sleeping to allow upstream delete its lock file ==" |
| 225 | +sleep 5 |
| 226 | + |
| 227 | + |
| 228 | +# Here we use a three-phase sunc as per RT#126178. |
| 229 | +log "== Phase 1: Syncing new images from source ==" |
| 230 | +rsync --timeout 10800 -a --include='/images/***' --exclude='*' ${SOURCE_URL} ${DEST_DIR} || fatal "Phase 1 sync from $url failed" |
| 231 | + |
| 232 | +log "== Phase 2: Syncing metadata from source ==" |
| 233 | +rsync --timeout 10800 -a --exclude "${lockpath}" --exclude '/images/***' --delete ${SOURCE_URL} ${DEST_DIR} || fatal "Phase 2 sync from $url failed" |
| 234 | + |
| 235 | +log "== Phase 3: Removing images no longer present on source ==" |
| 236 | +rsync --timeout 10800 -a --include='/images/***' --exclude='*' --delete ${SOURCE_URL} ${DEST_DIR} || fatal "Phase 3 sync from $url failed" |
| 237 | + |
| 238 | +if [ -n "${DOWNSTREAM_MIRRORS}" -a -n "${TRIGGER_KEYFILE}" ]; then |
| 239 | + t=15m |
| 240 | + log "== Triggering downstream mirrors (will give up after $t) ==" |
| 241 | + timeout $t ${SCRIPT_DIR}/trigger-downstream-mirrors.sh $role $TRIGGER_KEYFILE $DOWNSTREAM_MIRRORS |
| 242 | +fi |
| 243 | + |
| 244 | +savelog ${logfile} > /dev/null 2>&1 |
| 245 | +rm -f ${lockpath} > /dev/null 2>&1 |
| 246 | diff --git a/hooks/Config.py b/hooks/Config.py |
| 247 | index 03f840a..5f41727 100755 |
| 248 | --- a/hooks/Config.py |
| 249 | +++ b/hooks/Config.py |
| 250 | @@ -241,6 +241,7 @@ class Config: |
| 251 | return [ |
| 252 | "cdimage", |
| 253 | "cloud-image", |
| 254 | + "linuxcontainers", |
| 255 | "maas-images", |
| 256 | "old-releases", |
| 257 | "ports", |
| 258 | diff --git a/hooks/hooks.py b/hooks/hooks.py |
| 259 | index 3c1b3b4..24a6cc8 100755 |
| 260 | --- a/hooks/hooks.py |
| 261 | +++ b/hooks/hooks.py |
| 262 | @@ -18,6 +18,8 @@ import sys |
| 263 | import types |
| 264 | import yaml |
| 265 | |
| 266 | +from glob import glob |
| 267 | + |
| 268 | from charmhelpers.core.host import ( |
| 269 | adduser, |
| 270 | lsb_release, |
| 271 | @@ -63,11 +65,13 @@ required_pkgs = [ |
| 272 | 'apache2', |
| 273 | 'curl', # for check-mirror.sh |
| 274 | 'devscripts', # provides annotate-output |
| 275 | + 'geoip-database', |
| 276 | + 'libapache2-mod-geoip', |
| 277 | 'logrotate', |
| 278 | 'procmail', # provides lockfile |
| 279 | 'rsync', |
| 280 | - 'vsftpd', |
| 281 | 'ubuntu-cloud-keyring', # for check-mirror.sh |
| 282 | + 'vsftpd', |
| 283 | 'xinetd', |
| 284 | ] |
| 285 | |
| 286 | @@ -75,6 +79,7 @@ service_affecting_packages = ['apache2'] |
| 287 | |
| 288 | apache_modules = [ |
| 289 | 'expires', |
| 290 | + 'geoip', |
| 291 | 'headers', |
| 292 | 'rewrite', |
| 293 | ] |
| 294 | @@ -82,6 +87,7 @@ apache_modules = [ |
| 295 | scripts_to_copy = [ |
| 296 | 'mirror-1stage.sh', |
| 297 | 'mirror-2stage.sh', |
| 298 | + 'mirror-linuxcontainers.sh', |
| 299 | 'check-mirror.sh', |
| 300 | 'check-updates.sh', |
| 301 | ] |
| 302 | @@ -522,8 +528,15 @@ def configure_apache(conf, hostname): # noqa: C901 |
| 303 | tmpl_data["logdir"] = apache_logdir |
| 304 | tmpl_data["addresses"] = role_config.get('addresses', ['*']) |
| 305 | all_addresses.update(tmpl_data["addresses"]) |
| 306 | - tmpl_data["ports"] = [80, 443] if role_config.get('https') else [80] |
| 307 | - all_ports.update(tmpl_data["ports"]) |
| 308 | + |
| 309 | + ports = [80] |
| 310 | + if role_config.get('https'): |
| 311 | + ports.append(443) |
| 312 | + if role == 'linuxcontainers': |
| 313 | + ports.append(8443) |
| 314 | + all_ports.update(ports) |
| 315 | + tmpl_data["ports"] = ports |
| 316 | + |
| 317 | file_from_template(mirror['tmpl_file'], sites_available, tmpl_data) |
| 318 | ensure_symlink(sites_available, sites_enabled) |
| 319 | |
| 320 | @@ -543,8 +556,11 @@ def configure_apache(conf, hostname): # noqa: C901 |
| 321 | os.chown(mirror["path"], mirror_userinfo.pw_uid, mirror_userinfo.pw_gid) |
| 322 | ensure_symlink(mirror["path"], linkdest) |
| 323 | |
| 324 | - # Update ports file |
| 325 | - all_addresses.discard('*') # archive.ubuntu.com must not open port 443. |
| 326 | + # archive.ubuntu.com must not open port 443. Three factors align |
| 327 | + # to prevent this: 1) we do not set "addresses" or "https" in the |
| 328 | + # role_map; 2) the template doesn't make non-port-80 sockets for |
| 329 | + # members of "addresses"; 3) the wildcard address is discarded. |
| 330 | + all_addresses.discard('*') |
| 331 | file_from_template('apache-listen-ports.conf.tmpl', '/etc/apache2/ports.conf', |
| 332 | {'addresses': sorted(all_addresses), 'ports': sorted(all_ports)}) |
| 333 | |
| 334 | @@ -939,7 +955,10 @@ def configure_nrpe(conf, hostname): # noqa: C901 |
| 335 | tmpl_data["hostname"] = hostname |
| 336 | tmpl_data["use"] = "active-service" |
| 337 | tmpl_data["nagios_hostname"] = conf.nagios_hostname() |
| 338 | - tmpl_data["tracepath"] = os.path.join(mirror["path"], ".trace", mirror["base_role"] + "-" + hostname) |
| 339 | + if role == "linuxcontainers": |
| 340 | + tmpl_data["tracepath"] = os.path.join(mirror["path"], ".serial") |
| 341 | + else: |
| 342 | + tmpl_data["tracepath"] = os.path.join(mirror["path"], ".trace", mirror["base_role"] + "-" + hostname) |
| 343 | |
| 344 | for check, check_details in role_checks.items(): |
| 345 | if check_details.get('when') and not role_config.get(check_details['when']): |
| 346 | @@ -1104,6 +1123,14 @@ def configure_directories(conf, hostname): |
| 347 | mkdir("/srv/ftp.root") |
| 348 | |
| 349 | |
| 350 | +def configure_keyring(conf, hostname): |
| 351 | + import_cmd = [ |
| 352 | + '/usr/bin/gpg', '--no-default-keyring', '--keyring', '/usr/local/share/ubuntu-mirror-charm.gpg', '--import'] |
| 353 | + keys = glob(os.path.join(charm_dir(), 'keys', '*.asc')) |
| 354 | + import_cmd.extend(keys) |
| 355 | + check_call(import_cmd) |
| 356 | + |
| 357 | + |
| 358 | @hooks.hook("install.real") |
| 359 | def install(): |
| 360 | conf = Config() |
| 361 | @@ -1134,6 +1161,7 @@ def config_changed(): |
| 362 | configure_nrpe(conf, hostname) |
| 363 | configure_log_archiving(conf, hostname) |
| 364 | configure_sysctl(conf, hostname) |
| 365 | + configure_keyring(conf, hostname) |
| 366 | |
| 367 | |
| 368 | @hooks.hook("upgrade-charm") |
| 369 | diff --git a/keys/juju-tools.asc b/keys/juju-tools.asc |
| 370 | new file mode 100644 |
| 371 | index 0000000..0bf2290 |
| 372 | --- /dev/null |
| 373 | +++ b/keys/juju-tools.asc |
| 374 | @@ -0,0 +1,51 @@ |
| 375 | +-----BEGIN PGP PUBLIC KEY BLOCK----- |
| 376 | + |
| 377 | +mQINBFJN1n8BEAC1vt2w08Y4ztJrv3maOycMezBb7iUs6DLH8hOZoqRO9EW9558W |
| 378 | +8CN6G4sVbC/nIhivvn/paw0gSicfYXGs5teCJL3ShrcsGkhTs+5q7UO2TVGAUPwb |
| 379 | +CFWCqPkCB/+CiQ/fnEAWV5c11KzMTBtQ2nfJFS8rEQfc2PJMKqd/Y+LDItOc5E5Y |
| 380 | +SseGT/60coyTZO0iE3mKv1osFjSJlUv/6f/ziHGgV+IowOtEeeaEz8H/oU4vHhyA |
| 381 | +THL/k9DSNb0I/+aI8R84OB7EqrQ/ck6B6+CTbwGwkQUBK6z/Isl3uq9MhGjsiPjy |
| 382 | +EfOJNTfa+knlQcedc3/2S/jTUBDxU+myga9gQ2jF4oEzb74LarpV4y1KXpsqyLwd |
| 383 | +8/vpNG5rTLtjZ3ZTJu7EkAra6pNK/Uxj9guIkCIGIVS1SWtsR0mCY+6TOdfJu7bt |
| 384 | +qOcSWkp3gaYcnCid8ecZuD8KDcxJscdYBetxCV4TLVV5CwO4MMVkxcI3zL1ORzHS |
| 385 | +j0W+aYzdtycHu2w8ZQwQRuFB2y5zsxE69MOoS857FzwhRctPSiwIPWH+Qo2BkNAM |
| 386 | +K5fVc19z9kzgtRP1+rHgBox2w+hOSZiYf0vluaG7NPUsMfVOGBFTxn1W+rb3NL/m |
| 387 | +hUoDPl2e2zoViEsaT2p+ATwFDN0DlQLLQxsVIbxdL6cfMQASHmADOHA6dwARAQAB |
| 388 | +tEtKdWp1IFRvb2xzIChDYW5vbmljYWwgSnVqdSBUb29sIEJ1aWxkZXIpIDxqdWp1 |
| 389 | +LXRvb2xzLW5vcmVwbHlAY2Fub25pY2FsLmNvbT6JAjkEEwEKACMFAlJN1n8CGwMH |
| 390 | +CwkNCAwHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRA3j2KvahV9szBED/wOlDTMpevL |
| 391 | +bYyh+mFaeNBw/mwCdWqpwQkpIRLwxt0al1eV9KIVhu6CK1g1UMZ24H3gy5Btj5N5 |
| 392 | +ga02xgqfQRrP4Mqv2dYZOL5p8WFuZjbow9a+e89mqqFuW6/os57cFwZ7Z3imbBDa |
| 393 | +aWzuzdeWLEK7PfT6rpik6ZMIpI1LGywI93abaZX8v6ouwFeQovXcS0HKt906+ElI |
| 394 | +oWgSh8dL2hqZ71SR/74sehkEZSYfQRLa7RJCDvA/iInXeGRuyaheQ1iTrY606aBh |
| 395 | ++NyOgr4cG+7Sy3FIbqgBx0hxkY8LZv4L7l2IDDjgbTEGILpQ2tkykDnFY7QgEdE4 |
| 396 | +5TzPONg9zyk91NRHqjLIm9CFt8P3rcs+MBjaxv+S45RIHQEu+ewkr6BihnPPldkN |
| 397 | +eSIi4Z0OTTQfAI0oDkREVFnnOHfzZ8uafHXOnhUYsovZ3YrowoiNXOWRxeOvt5cL |
| 398 | +XE0Gyq7n8ESe9JOCg3AZcrDX12xWX+gaSgDaD66fI5xr+A3128BLpYQTMXOpe1n9 |
| 399 | +rfsiA8XBEFsB6+xMJBtSSPUsaWjes/aziI87fBv7FpEMagnWLqJ7xk2E2RR06B9t |
| 400 | +F+SoiLF3aQ0ZJFqKpDDYBO5kZkHIql0jVkuPEz5fxTOZjZE4irTZiSMdJ6xsm9AU |
| 401 | +axxW8e4pax116l4D2toMJPvXkA9lCZ3RIrkCDQRSTdZ/ARAA7SonLFZQrrLD93Jp |
| 402 | +GpgJnYha6rr3pdIm9wH5PnV9Ysgyt/aM9RVrMXzSjMRpxdV6qxK7Lbzh/V9QxpoI |
| 403 | +YvFIi4Yu5k0wDPSm/sowBtVI/X2WMSSvd3DUaigTFBQ1giIY3R46wqcY99RfUPJ1 |
| 404 | +VsHFZ0mZq5GuAPSv/Ky7r9SByMDtQk+Pt8jiOIiJ8eGgKy/W0Wau8ImNqSUyj+67 |
| 405 | +QeOCpEKTjS2gQypi6vgCtUCDfy4yHPxppARary/GDjVIAvwjdu/+0rshWcWUOwq8 |
| 406 | +ex2ddPYQf9dGmF9CesaFknpVnkXb9pbw+qBF/CSdk6Z/ApgtXFGwWszP5/Wqq2Pd |
| 407 | +ilM1C80WcZVhuwk+acYztk5P5hGw0XL2nDeNg08hcDy2NEL/hA9PM2DSFpoWy1aA |
| 408 | +Gjt/8ICPY3SNJlfJUhMIBOK0nmHIoHGU/tX7AiuwEKyP8Qh5kp8fYoO4c59WfeKq |
| 409 | +e6rbttt7IEywAlY6HiLMymqC/d0nPk0Cy5bujacH2y3ahAgCwNVvo+E77J7m7Ui2 |
| 410 | +vqzvpcW6Fla2EzbXus4nIgqEV/qX6fQXqItptKZFvZeznj0epRswkmFm7KLXD5p1 |
| 411 | +SzkmfAujy5xQJktZKvtTKRROnX5JdBB8RT83MIJr+U4FOT3UPQYc2V1O2k4PYF9G |
| 412 | +g5YZtNPTvdx8dvN7qwiO7R7xenkAEQEAAYkCHwQYAQoACQUCUk3WfwIbDAAKCRA3 |
| 413 | +j2KvahV9s4+SD/sEKOBs6YE2dhax0y/wx1AKJbkneVhxTjgCggY/rbnLm6w85xQl |
| 414 | +EgGycmdRq4JkBDhmzsevx+THNJicBwN9qP12Z14kM1pr7WWw9fOmshPQx5kJXYs+ |
| 415 | +FiK6f5vHXcNiTyvC8oOGquGrDoB7SACgTr+Lkm/dNfpRn0XsApUy6vQSqChAzqkJ |
| 416 | +qYZCIIbHTea1DIoNhVI+VTaJ1Z5IqMM9mi43RVYeq7yyBNLwhdjEIOX9qBK4Secn |
| 417 | +mFz94SCz+b5titGyFiBAJzPBP/NSwM6DP2OfRhsBC6K4xDELn8Dpucb9FHqaLG75 |
| 418 | +K3oDhTEUfTBiG3PRfc57974+V3KrkK71rMzWpQJ2IyMtxzl8qO4JYhLRSL0kMq8/ |
| 419 | +hYlXGcNwyUUtiDPOwvG44KDVgXbrnFTVqLU6nc9k/yPD1pfommaTAWrb2tTitkGf |
| 420 | +zOxHnpWTP48l+6qzfEM1PUKvx3U04BZe8JCaU+JVdy6O/rLjEVjYq/vBY6EGOxa2 |
| 421 | +C4Vs43YdFOXSa38ze0J4nFRGO8gOBP/EJyE8Nwqg7i+6VvkD+H2KbZVUXiWld+v/ |
| 422 | +vwtaXhWd7JS+v38YZ4CijEBe69VYHpSNIz87uhVKgdkFBhoOGtf9/NEO7NYwk7/N |
| 423 | +qsH+JQgcphKkC+JH0Dw7Q/0e16LClkPPa21NseVGUWzS0WmS+0egtDDutg== |
| 424 | +=hQAI |
| 425 | +-----END PGP PUBLIC KEY BLOCK----- |
| 426 | diff --git a/keys/lxc-devel.asc b/keys/lxc-devel.asc |
| 427 | new file mode 100644 |
| 428 | index 0000000..90af404 |
| 429 | --- /dev/null |
| 430 | +++ b/keys/lxc-devel.asc |
| 431 | @@ -0,0 +1,29 @@ |
| 432 | +-----BEGIN PGP PUBLIC KEY BLOCK----- |
| 433 | + |
| 434 | +mQINBFLQvwwBEADNVxfLfsKibZbF5v2Tct9N0gxdFViOzVd/IRDrJ6pTEAcMlWdS |
| 435 | +h3VM3lV0qd1WtMlqCTgcbbk6zUAYnPQ2RsagCpOlaIZqbZ8Cv4390PuVAhG2QQvt |
| 436 | +9YrED00unJBomsC3QuF+xg0SBpHChmFUgJxomsFuAjowdMoh8XExM2v4TEe+vm9Z |
| 437 | +7ohBCxkw7C5cV9cQHeC1XiGBCccRe1Ib1U7+GmPUxAtGzHUsQQ4MjE/j830dmPJw |
| 438 | +w/ZNauKyNqSzpBsMnEiX+8RwqYEeYtqBAw9pnA3BMSshfA5L5ORw3zYecowUWt+l |
| 439 | +r5lhzBq2v3LLjzjwsb4wel8L7HZnUD+1bQe0QQkxWDKlHOIsB02DCwmz3fc9bvBI |
| 440 | +KZwRQZ8al7HicpWc4zJPBb7U0BSHE+YwTdOffFFL7YfbRS+4yfn0JBSmtyfTPaOp |
| 441 | +FvHV8MES52Mam3vyXWCKXC//3EXcWhhX4ZHfkcWJtEkDf1FwupptV6HEgx2d6UTZ |
| 442 | +0vEK20Dx+Hzlg0mpR10SS/ltch8w1Zl2co467oTMspdnPosTrxG0p2G+s/gUA/+E |
| 443 | +LY8fB/heXfNSb5IB3JJ8OTI+cwqN1Aw9X4aKPQcvPGvfQ5Mz8FZ4gkV38QzzMHsr |
| 444 | +6eeZGUPcCctP6FVfCHO0Mzxwv2VOnTbH+k72Acni2piTwn0APd9LKilXOwARAQAB |
| 445 | +tDpMWEMgcHJlLWJ1aWx0IGltYWdlcyA8bHhjLWRldmVsQGxpc3RzLmxpbnV4Y29u |
| 446 | +dGFpbmVycy5vcmc+iQI4BBMBAgAiBQJS0L8MAhsDBgsJCAcDAgYVCAIJCgsEFgID |
| 447 | +AQIeAQIXgAAKCRC67/iMIvbiFtzVD/933Dv/NsyPAiwT6BFLlqtq/Tl3NxcUogDS |
| 448 | +Rkv1oMiIunaKZRE/pQbLJVTSbt/eC3Kz7I40juDNsFGXXhD/sQCovMc58NpTKNPR |
| 449 | +zs3jC5vDIW721cLOhYqITvdWN+RKDCJqxBBNJztKEv29uA0PONssKBmC/apTdB6D |
| 450 | +QLLy3ddO/LzxDrCtC8ePLGjeVoEelZHR3tg8QZE+oVBuL3ZC2NTg/XaLSDO4zGCg |
| 451 | +Jyd1IHGKhi20Q/sBLmsFifnWt5b6ovmRqwlsZXqcS+a7Z+WSmZWT9hKIR2XSzYUW |
| 452 | +pmlJNO4VPzHgEcaCxlw3HxQqX0Loz4R8Y91shKuJ591ZMtmyf4j6Yl9KZfLs+lZH |
| 453 | +iX7uazhw4miXdpCvOKe8fPLa+68JGIYPxG22l2jqPJ9FIOtpSrJX3D/i8xed5h2V |
| 454 | +Vd38fZBn+cH1Wqbw1Ni94/f66Rp5GzJyMoVO7A016Ek3wx920SmX4HkCSEel77pF |
| 455 | +gvCBZkQDiD6TNCJxjHQpxoSGo6SDEfP0FjntB0yVy0zi+Iij9F3O1bPIIuses4OQ |
| 456 | +FkUGJb6V0L1wXl5hOARmVtgn6klwhsLf0EsjuH9yJN2GCuaKdjAdR8J1TsjW+q4h |
| 457 | +DKMvYOZ99YJUE+qujz9u93tJRZTuD8pQsGRez7qrZ0LUAdd/aOjNDLWzJ8AzeQE+ |
| 458 | +OKVNmCzO9A== |
| 459 | +=euOK |
| 460 | +-----END PGP PUBLIC KEY BLOCK----- |
| 461 | diff --git a/templates/apache-linuxcontainers-api.include.tmpl b/templates/apache-linuxcontainers-api.include.tmpl |
| 462 | new file mode 100644 |
| 463 | index 0000000..36cf273 |
| 464 | --- /dev/null |
| 465 | +++ b/templates/apache-linuxcontainers-api.include.tmpl |
| 466 | @@ -0,0 +1,41 @@ |
| 467 | +## This template does not use any Cheetah features (yet?) but for |
| 468 | +## consistency it is not included raw, and therefore $ is escaped. |
| 469 | + # LXD: Recursive queries |
| 470 | + RewriteCond %{QUERY_STRING} recursion=1 |
| 471 | + RewriteRule ^/1.0.*\$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] |
| 472 | + |
| 473 | + # LXD: Normal queries |
| 474 | + RewriteRule ^/1.0.*\$ /meta/lxd%{REQUEST_URI}/index.json [L] |
| 475 | + |
| 476 | + <Location /> |
| 477 | + Require all granted |
| 478 | + </Location> |
| 479 | + |
| 480 | + # LXC: Allow image listing |
| 481 | + <Location /images> |
| 482 | + Options +Indexes |
| 483 | + </Location> |
| 484 | + |
| 485 | + # LXD: API root |
| 486 | + <Location /1.0/> |
| 487 | + ErrorDocument 404 /meta/lxd/404.json |
| 488 | + Options -Indexes |
| 489 | + </Location> |
| 490 | + |
| 491 | + # LXD: images |
| 492 | + <Location /1.0/images/> |
| 493 | + ErrorDocument 404 /meta/lxd/1.0/images/404.json |
| 494 | + Options +FollowSymlinks |
| 495 | + </Location> |
| 496 | + |
| 497 | + # LXD: aliases |
| 498 | + <Location /1.0/images/aliases/> |
| 499 | + ErrorDocument 404 /meta/lxd/404.json |
| 500 | + </Location> |
| 501 | + |
| 502 | + # LXD: downloads |
| 503 | + <LocationMatch "^/1.0/images/[0-9a-f]*/export"> |
| 504 | + Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" |
| 505 | + </LocationMatch> |
| 506 | + # Simplestreams: redirect |
| 507 | + RewriteRule ^/streams(.*)\$ /meta/simplestreams\$1 [L] |
| 508 | diff --git a/templates/apache-linuxcontainers-tls.include.tmpl b/templates/apache-linuxcontainers-tls.include.tmpl |
| 509 | new file mode 100644 |
| 510 | index 0000000..3851d19 |
| 511 | --- /dev/null |
| 512 | +++ b/templates/apache-linuxcontainers-tls.include.tmpl |
| 513 | @@ -0,0 +1,16 @@ |
| 514 | +#if $port == 80 |
| 515 | +#set $proto = 'http' |
| 516 | +#else if $port == 443 |
| 517 | +#set $proto = 'https' |
| 518 | +#else |
| 519 | +#set $proto = 'https' |
| 520 | +#end if |
| 521 | + # SSL configuration |
| 522 | + SSLEngine On |
| 523 | + SSLCertificateFile /etc/ssl/certs/${name}.crt |
| 524 | + SSLCertificateKeyFile /etc/ssl/private/${name}.key |
| 525 | + SSLCertificateChainFile /etc/ssl/certs/${name}_chain.crt |
| 526 | + Header always set Strict-Transport-Security "max-age=31536000" |
| 527 | + RequestHeader set X_FORWARDED_PORT "${port}" |
| 528 | + RequestHeader set X_FORWARDED_PROTO "${proto}" |
| 529 | + |
| 530 | diff --git a/templates/apache-linuxcontainers.tmpl b/templates/apache-linuxcontainers.tmpl |
| 531 | new file mode 100644 |
| 532 | index 0000000..f2c9391 |
| 533 | --- /dev/null |
| 534 | +++ b/templates/apache-linuxcontainers.tmpl |
| 535 | @@ -0,0 +1,74 @@ |
| 536 | +#for $port in $ports |
| 537 | +#set global $port = $port |
| 538 | +#set $sockets = ' '.join(sorted(['{}:{}'.format(address, port) for address in $addresses])) |
| 539 | +#if $port == 80 |
| 540 | +#set global $proto = 'http' |
| 541 | +#set $uk_url = 'http://uk.{}/'.format($name) |
| 542 | +#set $us_url = 'http://us.{}/'.format($name) |
| 543 | +#else if $port == 443 |
| 544 | +#set global $proto = 'https' |
| 545 | +#set $uk_url = 'https://uk.{}/'.format($name) |
| 546 | +#set $us_url = 'https://us.{}/'.format($name) |
| 547 | +#else |
| 548 | +#set global $proto = 'https' |
| 549 | +#set $uk_url = 'https://uk.{}:{}/'.format($name, $port) |
| 550 | +#set $us_url = 'https://us.{}:{}/'.format($name, $port) |
| 551 | +#end if |
| 552 | +<VirtualHost ${sockets}> |
| 553 | + ServerName ${name} |
| 554 | +#if $name != "images.linuxcontainers.org" |
| 555 | + #for $alias in $aliases |
| 556 | + ServerAlias ${alias} |
| 557 | + #end for |
| 558 | +#end if |
| 559 | + CustomLog \${APACHE_LOG_DIR}/${name}.log vhost_combined |
| 560 | + DocumentRoot /srv/${name}/www |
| 561 | + |
| 562 | + <Location /> |
| 563 | + Require all granted |
| 564 | + </Location> |
| 565 | + |
| 566 | +#if $proto == "https" |
| 567 | +#include 'templates/apache-linuxcontainers-tls.include.tmpl' |
| 568 | +#end if |
| 569 | + RewriteEngine on |
| 570 | + AllowEncodedSlashes On |
| 571 | + |
| 572 | +#if $name == "images.linuxcontainers.org" |
| 573 | + # GeoIP: Redirect everything to appropriate country server |
| 574 | + GeoIPEnable On |
| 575 | + GeoIPDBFile /usr/share/GeoIP/GeoIP.dat |
| 576 | + GeoIPDBFile /usr/share/GeoIP/GeoIPv6.dat |
| 577 | + |
| 578 | + # Send North America, Oceania and South America to the US server |
| 579 | + RewriteCond %{ENV:GEOIP_CONTINENT_CODE} ^(NA|OC|SA)\$ |
| 580 | + RewriteRule ^/(.*)\$ ${us_url}\$1 [R=301,L] |
| 581 | + RewriteCond %{ENV:GEOIP_CONTINENT_CODE_V6} ^(NA|OC|SA)\$ |
| 582 | + RewriteRule ^/(.*)\$ ${us_url}\$1 [R=301,L] |
| 583 | + |
| 584 | + # Send Africa, Antarctica, Asia, Europe, and all else to the UK server |
| 585 | + RewriteRule ^/(.*)\$ ${uk_url}\$1 [R=301,L] |
| 586 | +#else |
| 587 | +#include 'templates/apache-linuxcontainers-api.include.tmpl' |
| 588 | +#end if |
| 589 | +</VirtualHost> |
| 590 | + |
| 591 | +#if $name == "images.linuxcontainers.org" |
| 592 | +#for $alias in $aliases |
| 593 | +<VirtualHost ${sockets}> |
| 594 | + ServerName ${alias} |
| 595 | + CustomLog \${APACHE_LOG_DIR}/${alias}.log vhost_combined |
| 596 | + DocumentRoot /srv/${name}/www |
| 597 | + |
| 598 | +#if $proto == "https" |
| 599 | +#include 'templates/apache-linuxcontainers-tls.include.tmpl' |
| 600 | +#end if |
| 601 | + RewriteEngine on |
| 602 | + AllowEncodedSlashes On |
| 603 | + |
| 604 | +#include 'templates/apache-linuxcontainers-api.include.tmpl' |
| 605 | +</VirtualHost> |
| 606 | + |
| 607 | +#end for |
| 608 | +#end if |
| 609 | +#end for |
| 610 | diff --git a/tests/unit/test_linuxcontainers.py b/tests/unit/test_linuxcontainers.py |
| 611 | new file mode 100644 |
| 612 | index 0000000..5a485ea |
| 613 | --- /dev/null |
| 614 | +++ b/tests/unit/test_linuxcontainers.py |
| 615 | @@ -0,0 +1,56 @@ |
| 616 | +import os |
| 617 | +import pytest |
| 618 | +import unittest |
| 619 | + |
| 620 | +from Cheetah.Template import Template |
| 621 | + |
| 622 | +TEMPLATE = 'apache-linuxcontainers.tmpl' |
| 623 | + |
| 624 | +THIRDPARTY_SEARCH_LIST = { |
| 625 | + 'addresses': ['*'], |
| 626 | + 'name': 'lxd.example.net', |
| 627 | + 'aliases': ['uk.lxd.example.net', 'us.lxd.example.net'], |
| 628 | + 'ports': [80, 443], |
| 629 | +} |
| 630 | + |
| 631 | +LINUXCONTAINERS_SEARCH_LIST = { |
| 632 | + 'addresses': ['91.189.88.247', '[2001:67c:1360:8001::33]'], |
| 633 | + 'name': 'images.linuxcontainers.org', |
| 634 | + 'aliases': ['uk.images.linuxcontainers.org', 'us.images.linuxcontainers.org'], |
| 635 | + 'ports': [80, 443, 8443], |
| 636 | +} |
| 637 | + |
| 638 | + |
| 639 | +class TestLinuxcontainers(unittest.TestCase): |
| 640 | + def setUp(self): |
| 641 | + self.addTypeEqualityFunc(str, self.assertMultiLineEqual) |
| 642 | + self.maxDiff = None |
| 643 | + self.testdata_dir = os.path.join(os.path.dirname(__file__), 'testdata', 'linuxcontainers') |
| 644 | + |
| 645 | + def _template_compare(self, template, search_list, wanted_file): |
| 646 | + template_file = os.path.join(os.getcwd(), template) |
| 647 | + template = Template(file=template_file, searchList=search_list) |
| 648 | + wanted = open(wanted_file).read() |
| 649 | + self.assertEqual(str(template), wanted) |
| 650 | + |
| 651 | + # Cheetah warns about using the Python version of NameMapper, so |
| 652 | + # we ignore it here. Matching more closely by the message doesn't |
| 653 | + # seem to work, probably because it begins with a newline and |
| 654 | + # Python's warnings matching code anchors the message regexp. |
| 655 | + @pytest.mark.filterwarnings("ignore::UserWarning:Cheetah") |
| 656 | + def test_template_linuxcontainers(self): |
| 657 | + self._template_compare( |
| 658 | + os.path.join(os.getcwd(), 'templates', TEMPLATE), |
| 659 | + LINUXCONTAINERS_SEARCH_LIST, |
| 660 | + os.path.join(self.testdata_dir, 'linuxcontainers.txt')) |
| 661 | + |
| 662 | + # Cheetah warns about using the Python version of NameMapper, so |
| 663 | + # we ignore it here. Matching more closely by the message doesn't |
| 664 | + # seem to work, probably because it begins with a newline and |
| 665 | + # Python's warnings matching code anchors the message regexp. |
| 666 | + @pytest.mark.filterwarnings("ignore::UserWarning:Cheetah") |
| 667 | + def test_template_thirdparty(self): |
| 668 | + self._template_compare( |
| 669 | + os.path.join(os.getcwd(), 'templates', TEMPLATE), |
| 670 | + THIRDPARTY_SEARCH_LIST, |
| 671 | + os.path.join(self.testdata_dir, 'thirdparty.txt')) |
| 672 | diff --git a/tests/unit/testdata/linuxcontainers/linuxcontainers.txt b/tests/unit/testdata/linuxcontainers/linuxcontainers.txt |
| 673 | new file mode 100644 |
| 674 | index 0000000..1056067 |
| 675 | --- /dev/null |
| 676 | +++ b/tests/unit/testdata/linuxcontainers/linuxcontainers.txt |
| 677 | @@ -0,0 +1,429 @@ |
| 678 | +<VirtualHost 91.189.88.247:80 [2001:67c:1360:8001::33]:80> |
| 679 | + ServerName images.linuxcontainers.org |
| 680 | + CustomLog ${APACHE_LOG_DIR}/images.linuxcontainers.org.log vhost_combined |
| 681 | + DocumentRoot /srv/images.linuxcontainers.org/www |
| 682 | + |
| 683 | + <Location /> |
| 684 | + Require all granted |
| 685 | + </Location> |
| 686 | + |
| 687 | + RewriteEngine on |
| 688 | + AllowEncodedSlashes On |
| 689 | + |
| 690 | + # GeoIP: Redirect everything to appropriate country server |
| 691 | + GeoIPEnable On |
| 692 | + GeoIPDBFile /usr/share/GeoIP/GeoIP.dat |
| 693 | + GeoIPDBFile /usr/share/GeoIP/GeoIPv6.dat |
| 694 | + |
| 695 | + # Send North America, Oceania and South America to the US server |
| 696 | + RewriteCond %{ENV:GEOIP_CONTINENT_CODE} ^(NA|OC|SA)$ |
| 697 | + RewriteRule ^/(.*)$ http://us.images.linuxcontainers.org/$1 [R=301,L] |
| 698 | + RewriteCond %{ENV:GEOIP_CONTINENT_CODE_V6} ^(NA|OC|SA)$ |
| 699 | + RewriteRule ^/(.*)$ http://us.images.linuxcontainers.org/$1 [R=301,L] |
| 700 | + |
| 701 | + # Send Africa, Antarctica, Asia, Europe, and all else to the UK server |
| 702 | + RewriteRule ^/(.*)$ http://uk.images.linuxcontainers.org/$1 [R=301,L] |
| 703 | +</VirtualHost> |
| 704 | + |
| 705 | +<VirtualHost 91.189.88.247:80 [2001:67c:1360:8001::33]:80> |
| 706 | + ServerName uk.images.linuxcontainers.org |
| 707 | + CustomLog ${APACHE_LOG_DIR}/uk.images.linuxcontainers.org.log vhost_combined |
| 708 | + DocumentRoot /srv/images.linuxcontainers.org/www |
| 709 | + |
| 710 | + RewriteEngine on |
| 711 | + AllowEncodedSlashes On |
| 712 | + |
| 713 | + # LXD: Recursive queries |
| 714 | + RewriteCond %{QUERY_STRING} recursion=1 |
| 715 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] |
| 716 | + |
| 717 | + # LXD: Normal queries |
| 718 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] |
| 719 | + |
| 720 | + <Location /> |
| 721 | + Require all granted |
| 722 | + </Location> |
| 723 | + |
| 724 | + # LXC: Allow image listing |
| 725 | + <Location /images> |
| 726 | + Options +Indexes |
| 727 | + </Location> |
| 728 | + |
| 729 | + # LXD: API root |
| 730 | + <Location /1.0/> |
| 731 | + ErrorDocument 404 /meta/lxd/404.json |
| 732 | + Options -Indexes |
| 733 | + </Location> |
| 734 | + |
| 735 | + # LXD: images |
| 736 | + <Location /1.0/images/> |
| 737 | + ErrorDocument 404 /meta/lxd/1.0/images/404.json |
| 738 | + Options +FollowSymlinks |
| 739 | + </Location> |
| 740 | + |
| 741 | + # LXD: aliases |
| 742 | + <Location /1.0/images/aliases/> |
| 743 | + ErrorDocument 404 /meta/lxd/404.json |
| 744 | + </Location> |
| 745 | + |
| 746 | + # LXD: downloads |
| 747 | + <LocationMatch "^/1.0/images/[0-9a-f]*/export"> |
| 748 | + Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" |
| 749 | + </LocationMatch> |
| 750 | + # Simplestreams: redirect |
| 751 | + RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] |
| 752 | +</VirtualHost> |
| 753 | + |
| 754 | +<VirtualHost 91.189.88.247:80 [2001:67c:1360:8001::33]:80> |
| 755 | + ServerName us.images.linuxcontainers.org |
| 756 | + CustomLog ${APACHE_LOG_DIR}/us.images.linuxcontainers.org.log vhost_combined |
| 757 | + DocumentRoot /srv/images.linuxcontainers.org/www |
| 758 | + |
| 759 | + RewriteEngine on |
| 760 | + AllowEncodedSlashes On |
| 761 | + |
| 762 | + # LXD: Recursive queries |
| 763 | + RewriteCond %{QUERY_STRING} recursion=1 |
| 764 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] |
| 765 | + |
| 766 | + # LXD: Normal queries |
| 767 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] |
| 768 | + |
| 769 | + <Location /> |
| 770 | + Require all granted |
| 771 | + </Location> |
| 772 | + |
| 773 | + # LXC: Allow image listing |
| 774 | + <Location /images> |
| 775 | + Options +Indexes |
| 776 | + </Location> |
| 777 | + |
| 778 | + # LXD: API root |
| 779 | + <Location /1.0/> |
| 780 | + ErrorDocument 404 /meta/lxd/404.json |
| 781 | + Options -Indexes |
| 782 | + </Location> |
| 783 | + |
| 784 | + # LXD: images |
| 785 | + <Location /1.0/images/> |
| 786 | + ErrorDocument 404 /meta/lxd/1.0/images/404.json |
| 787 | + Options +FollowSymlinks |
| 788 | + </Location> |
| 789 | + |
| 790 | + # LXD: aliases |
| 791 | + <Location /1.0/images/aliases/> |
| 792 | + ErrorDocument 404 /meta/lxd/404.json |
| 793 | + </Location> |
| 794 | + |
| 795 | + # LXD: downloads |
| 796 | + <LocationMatch "^/1.0/images/[0-9a-f]*/export"> |
| 797 | + Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" |
| 798 | + </LocationMatch> |
| 799 | + # Simplestreams: redirect |
| 800 | + RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] |
| 801 | +</VirtualHost> |
| 802 | + |
| 803 | +<VirtualHost 91.189.88.247:443 [2001:67c:1360:8001::33]:443> |
| 804 | + ServerName images.linuxcontainers.org |
| 805 | + CustomLog ${APACHE_LOG_DIR}/images.linuxcontainers.org.log vhost_combined |
| 806 | + DocumentRoot /srv/images.linuxcontainers.org/www |
| 807 | + |
| 808 | + <Location /> |
| 809 | + Require all granted |
| 810 | + </Location> |
| 811 | + |
| 812 | + # SSL configuration |
| 813 | + SSLEngine On |
| 814 | + SSLCertificateFile /etc/ssl/certs/images.linuxcontainers.org.crt |
| 815 | + SSLCertificateKeyFile /etc/ssl/private/images.linuxcontainers.org.key |
| 816 | + SSLCertificateChainFile /etc/ssl/certs/images.linuxcontainers.org_chain.crt |
| 817 | + Header always set Strict-Transport-Security "max-age=31536000" |
| 818 | + RequestHeader set X_FORWARDED_PORT "443" |
| 819 | + RequestHeader set X_FORWARDED_PROTO "https" |
| 820 | + |
| 821 | + RewriteEngine on |
| 822 | + AllowEncodedSlashes On |
| 823 | + |
| 824 | + # GeoIP: Redirect everything to appropriate country server |
| 825 | + GeoIPEnable On |
| 826 | + GeoIPDBFile /usr/share/GeoIP/GeoIP.dat |
| 827 | + GeoIPDBFile /usr/share/GeoIP/GeoIPv6.dat |
| 828 | + |
| 829 | + # Send North America, Oceania and South America to the US server |
| 830 | + RewriteCond %{ENV:GEOIP_CONTINENT_CODE} ^(NA|OC|SA)$ |
| 831 | + RewriteRule ^/(.*)$ https://us.images.linuxcontainers.org/$1 [R=301,L] |
| 832 | + RewriteCond %{ENV:GEOIP_CONTINENT_CODE_V6} ^(NA|OC|SA)$ |
| 833 | + RewriteRule ^/(.*)$ https://us.images.linuxcontainers.org/$1 [R=301,L] |
| 834 | + |
| 835 | + # Send Africa, Antarctica, Asia, Europe, and all else to the UK server |
| 836 | + RewriteRule ^/(.*)$ https://uk.images.linuxcontainers.org/$1 [R=301,L] |
| 837 | +</VirtualHost> |
| 838 | + |
| 839 | +<VirtualHost 91.189.88.247:443 [2001:67c:1360:8001::33]:443> |
| 840 | + ServerName uk.images.linuxcontainers.org |
| 841 | + CustomLog ${APACHE_LOG_DIR}/uk.images.linuxcontainers.org.log vhost_combined |
| 842 | + DocumentRoot /srv/images.linuxcontainers.org/www |
| 843 | + |
| 844 | + # SSL configuration |
| 845 | + SSLEngine On |
| 846 | + SSLCertificateFile /etc/ssl/certs/images.linuxcontainers.org.crt |
| 847 | + SSLCertificateKeyFile /etc/ssl/private/images.linuxcontainers.org.key |
| 848 | + SSLCertificateChainFile /etc/ssl/certs/images.linuxcontainers.org_chain.crt |
| 849 | + Header always set Strict-Transport-Security "max-age=31536000" |
| 850 | + RequestHeader set X_FORWARDED_PORT "443" |
| 851 | + RequestHeader set X_FORWARDED_PROTO "https" |
| 852 | + |
| 853 | + RewriteEngine on |
| 854 | + AllowEncodedSlashes On |
| 855 | + |
| 856 | + # LXD: Recursive queries |
| 857 | + RewriteCond %{QUERY_STRING} recursion=1 |
| 858 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] |
| 859 | + |
| 860 | + # LXD: Normal queries |
| 861 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] |
| 862 | + |
| 863 | + <Location /> |
| 864 | + Require all granted |
| 865 | + </Location> |
| 866 | + |
| 867 | + # LXC: Allow image listing |
| 868 | + <Location /images> |
| 869 | + Options +Indexes |
| 870 | + </Location> |
| 871 | + |
| 872 | + # LXD: API root |
| 873 | + <Location /1.0/> |
| 874 | + ErrorDocument 404 /meta/lxd/404.json |
| 875 | + Options -Indexes |
| 876 | + </Location> |
| 877 | + |
| 878 | + # LXD: images |
| 879 | + <Location /1.0/images/> |
| 880 | + ErrorDocument 404 /meta/lxd/1.0/images/404.json |
| 881 | + Options +FollowSymlinks |
| 882 | + </Location> |
| 883 | + |
| 884 | + # LXD: aliases |
| 885 | + <Location /1.0/images/aliases/> |
| 886 | + ErrorDocument 404 /meta/lxd/404.json |
| 887 | + </Location> |
| 888 | + |
| 889 | + # LXD: downloads |
| 890 | + <LocationMatch "^/1.0/images/[0-9a-f]*/export"> |
| 891 | + Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" |
| 892 | + </LocationMatch> |
| 893 | + # Simplestreams: redirect |
| 894 | + RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] |
| 895 | +</VirtualHost> |
| 896 | + |
| 897 | +<VirtualHost 91.189.88.247:443 [2001:67c:1360:8001::33]:443> |
| 898 | + ServerName us.images.linuxcontainers.org |
| 899 | + CustomLog ${APACHE_LOG_DIR}/us.images.linuxcontainers.org.log vhost_combined |
| 900 | + DocumentRoot /srv/images.linuxcontainers.org/www |
| 901 | + |
| 902 | + # SSL configuration |
| 903 | + SSLEngine On |
| 904 | + SSLCertificateFile /etc/ssl/certs/images.linuxcontainers.org.crt |
| 905 | + SSLCertificateKeyFile /etc/ssl/private/images.linuxcontainers.org.key |
| 906 | + SSLCertificateChainFile /etc/ssl/certs/images.linuxcontainers.org_chain.crt |
| 907 | + Header always set Strict-Transport-Security "max-age=31536000" |
| 908 | + RequestHeader set X_FORWARDED_PORT "443" |
| 909 | + RequestHeader set X_FORWARDED_PROTO "https" |
| 910 | + |
| 911 | + RewriteEngine on |
| 912 | + AllowEncodedSlashes On |
| 913 | + |
| 914 | + # LXD: Recursive queries |
| 915 | + RewriteCond %{QUERY_STRING} recursion=1 |
| 916 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] |
| 917 | + |
| 918 | + # LXD: Normal queries |
| 919 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] |
| 920 | + |
| 921 | + <Location /> |
| 922 | + Require all granted |
| 923 | + </Location> |
| 924 | + |
| 925 | + # LXC: Allow image listing |
| 926 | + <Location /images> |
| 927 | + Options +Indexes |
| 928 | + </Location> |
| 929 | + |
| 930 | + # LXD: API root |
| 931 | + <Location /1.0/> |
| 932 | + ErrorDocument 404 /meta/lxd/404.json |
| 933 | + Options -Indexes |
| 934 | + </Location> |
| 935 | + |
| 936 | + # LXD: images |
| 937 | + <Location /1.0/images/> |
| 938 | + ErrorDocument 404 /meta/lxd/1.0/images/404.json |
| 939 | + Options +FollowSymlinks |
| 940 | + </Location> |
| 941 | + |
| 942 | + # LXD: aliases |
| 943 | + <Location /1.0/images/aliases/> |
| 944 | + ErrorDocument 404 /meta/lxd/404.json |
| 945 | + </Location> |
| 946 | + |
| 947 | + # LXD: downloads |
| 948 | + <LocationMatch "^/1.0/images/[0-9a-f]*/export"> |
| 949 | + Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" |
| 950 | + </LocationMatch> |
| 951 | + # Simplestreams: redirect |
| 952 | + RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] |
| 953 | +</VirtualHost> |
| 954 | + |
| 955 | +<VirtualHost 91.189.88.247:8443 [2001:67c:1360:8001::33]:8443> |
| 956 | + ServerName images.linuxcontainers.org |
| 957 | + CustomLog ${APACHE_LOG_DIR}/images.linuxcontainers.org.log vhost_combined |
| 958 | + DocumentRoot /srv/images.linuxcontainers.org/www |
| 959 | + |
| 960 | + <Location /> |
| 961 | + Require all granted |
| 962 | + </Location> |
| 963 | + |
| 964 | + # SSL configuration |
| 965 | + SSLEngine On |
| 966 | + SSLCertificateFile /etc/ssl/certs/images.linuxcontainers.org.crt |
| 967 | + SSLCertificateKeyFile /etc/ssl/private/images.linuxcontainers.org.key |
| 968 | + SSLCertificateChainFile /etc/ssl/certs/images.linuxcontainers.org_chain.crt |
| 969 | + Header always set Strict-Transport-Security "max-age=31536000" |
| 970 | + RequestHeader set X_FORWARDED_PORT "8443" |
| 971 | + RequestHeader set X_FORWARDED_PROTO "https" |
| 972 | + |
| 973 | + RewriteEngine on |
| 974 | + AllowEncodedSlashes On |
| 975 | + |
| 976 | + # GeoIP: Redirect everything to appropriate country server |
| 977 | + GeoIPEnable On |
| 978 | + GeoIPDBFile /usr/share/GeoIP/GeoIP.dat |
| 979 | + GeoIPDBFile /usr/share/GeoIP/GeoIPv6.dat |
| 980 | + |
| 981 | + # Send North America, Oceania and South America to the US server |
| 982 | + RewriteCond %{ENV:GEOIP_CONTINENT_CODE} ^(NA|OC|SA)$ |
| 983 | + RewriteRule ^/(.*)$ https://us.images.linuxcontainers.org:8443/$1 [R=301,L] |
| 984 | + RewriteCond %{ENV:GEOIP_CONTINENT_CODE_V6} ^(NA|OC|SA)$ |
| 985 | + RewriteRule ^/(.*)$ https://us.images.linuxcontainers.org:8443/$1 [R=301,L] |
| 986 | + |
| 987 | + # Send Africa, Antarctica, Asia, Europe, and all else to the UK server |
| 988 | + RewriteRule ^/(.*)$ https://uk.images.linuxcontainers.org:8443/$1 [R=301,L] |
| 989 | +</VirtualHost> |
| 990 | + |
| 991 | +<VirtualHost 91.189.88.247:8443 [2001:67c:1360:8001::33]:8443> |
| 992 | + ServerName uk.images.linuxcontainers.org |
| 993 | + CustomLog ${APACHE_LOG_DIR}/uk.images.linuxcontainers.org.log vhost_combined |
| 994 | + DocumentRoot /srv/images.linuxcontainers.org/www |
| 995 | + |
| 996 | + # SSL configuration |
| 997 | + SSLEngine On |
| 998 | + SSLCertificateFile /etc/ssl/certs/images.linuxcontainers.org.crt |
| 999 | + SSLCertificateKeyFile /etc/ssl/private/images.linuxcontainers.org.key |
| 1000 | + SSLCertificateChainFile /etc/ssl/certs/images.linuxcontainers.org_chain.crt |
| 1001 | + Header always set Strict-Transport-Security "max-age=31536000" |
| 1002 | + RequestHeader set X_FORWARDED_PORT "8443" |
| 1003 | + RequestHeader set X_FORWARDED_PROTO "https" |
| 1004 | + |
| 1005 | + RewriteEngine on |
| 1006 | + AllowEncodedSlashes On |
| 1007 | + |
| 1008 | + # LXD: Recursive queries |
| 1009 | + RewriteCond %{QUERY_STRING} recursion=1 |
| 1010 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] |
| 1011 | + |
| 1012 | + # LXD: Normal queries |
| 1013 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] |
| 1014 | + |
| 1015 | + <Location /> |
| 1016 | + Require all granted |
| 1017 | + </Location> |
| 1018 | + |
| 1019 | + # LXC: Allow image listing |
| 1020 | + <Location /images> |
| 1021 | + Options +Indexes |
| 1022 | + </Location> |
| 1023 | + |
| 1024 | + # LXD: API root |
| 1025 | + <Location /1.0/> |
| 1026 | + ErrorDocument 404 /meta/lxd/404.json |
| 1027 | + Options -Indexes |
| 1028 | + </Location> |
| 1029 | + |
| 1030 | + # LXD: images |
| 1031 | + <Location /1.0/images/> |
| 1032 | + ErrorDocument 404 /meta/lxd/1.0/images/404.json |
| 1033 | + Options +FollowSymlinks |
| 1034 | + </Location> |
| 1035 | + |
| 1036 | + # LXD: aliases |
| 1037 | + <Location /1.0/images/aliases/> |
| 1038 | + ErrorDocument 404 /meta/lxd/404.json |
| 1039 | + </Location> |
| 1040 | + |
| 1041 | + # LXD: downloads |
| 1042 | + <LocationMatch "^/1.0/images/[0-9a-f]*/export"> |
| 1043 | + Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" |
| 1044 | + </LocationMatch> |
| 1045 | + # Simplestreams: redirect |
| 1046 | + RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] |
| 1047 | +</VirtualHost> |
| 1048 | + |
| 1049 | +<VirtualHost 91.189.88.247:8443 [2001:67c:1360:8001::33]:8443> |
| 1050 | + ServerName us.images.linuxcontainers.org |
| 1051 | + CustomLog ${APACHE_LOG_DIR}/us.images.linuxcontainers.org.log vhost_combined |
| 1052 | + DocumentRoot /srv/images.linuxcontainers.org/www |
| 1053 | + |
| 1054 | + # SSL configuration |
| 1055 | + SSLEngine On |
| 1056 | + SSLCertificateFile /etc/ssl/certs/images.linuxcontainers.org.crt |
| 1057 | + SSLCertificateKeyFile /etc/ssl/private/images.linuxcontainers.org.key |
| 1058 | + SSLCertificateChainFile /etc/ssl/certs/images.linuxcontainers.org_chain.crt |
| 1059 | + Header always set Strict-Transport-Security "max-age=31536000" |
| 1060 | + RequestHeader set X_FORWARDED_PORT "8443" |
| 1061 | + RequestHeader set X_FORWARDED_PROTO "https" |
| 1062 | + |
| 1063 | + RewriteEngine on |
| 1064 | + AllowEncodedSlashes On |
| 1065 | + |
| 1066 | + # LXD: Recursive queries |
| 1067 | + RewriteCond %{QUERY_STRING} recursion=1 |
| 1068 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] |
| 1069 | + |
| 1070 | + # LXD: Normal queries |
| 1071 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] |
| 1072 | + |
| 1073 | + <Location /> |
| 1074 | + Require all granted |
| 1075 | + </Location> |
| 1076 | + |
| 1077 | + # LXC: Allow image listing |
| 1078 | + <Location /images> |
| 1079 | + Options +Indexes |
| 1080 | + </Location> |
| 1081 | + |
| 1082 | + # LXD: API root |
| 1083 | + <Location /1.0/> |
| 1084 | + ErrorDocument 404 /meta/lxd/404.json |
| 1085 | + Options -Indexes |
| 1086 | + </Location> |
| 1087 | + |
| 1088 | + # LXD: images |
| 1089 | + <Location /1.0/images/> |
| 1090 | + ErrorDocument 404 /meta/lxd/1.0/images/404.json |
| 1091 | + Options +FollowSymlinks |
| 1092 | + </Location> |
| 1093 | + |
| 1094 | + # LXD: aliases |
| 1095 | + <Location /1.0/images/aliases/> |
| 1096 | + ErrorDocument 404 /meta/lxd/404.json |
| 1097 | + </Location> |
| 1098 | + |
| 1099 | + # LXD: downloads |
| 1100 | + <LocationMatch "^/1.0/images/[0-9a-f]*/export"> |
| 1101 | + Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" |
| 1102 | + </LocationMatch> |
| 1103 | + # Simplestreams: redirect |
| 1104 | + RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] |
| 1105 | +</VirtualHost> |
| 1106 | + |
| 1107 | diff --git a/tests/unit/testdata/linuxcontainers/thirdparty.txt b/tests/unit/testdata/linuxcontainers/thirdparty.txt |
| 1108 | new file mode 100644 |
| 1109 | index 0000000..0b1e58d |
| 1110 | --- /dev/null |
| 1111 | +++ b/tests/unit/testdata/linuxcontainers/thirdparty.txt |
| 1112 | @@ -0,0 +1,119 @@ |
| 1113 | +<VirtualHost *:80> |
| 1114 | + ServerName lxd.example.net |
| 1115 | + ServerAlias uk.lxd.example.net |
| 1116 | + ServerAlias us.lxd.example.net |
| 1117 | + CustomLog ${APACHE_LOG_DIR}/lxd.example.net.log vhost_combined |
| 1118 | + DocumentRoot /srv/lxd.example.net/www |
| 1119 | + |
| 1120 | + <Location /> |
| 1121 | + Require all granted |
| 1122 | + </Location> |
| 1123 | + |
| 1124 | + RewriteEngine on |
| 1125 | + AllowEncodedSlashes On |
| 1126 | + |
| 1127 | + # LXD: Recursive queries |
| 1128 | + RewriteCond %{QUERY_STRING} recursion=1 |
| 1129 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] |
| 1130 | + |
| 1131 | + # LXD: Normal queries |
| 1132 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] |
| 1133 | + |
| 1134 | + <Location /> |
| 1135 | + Require all granted |
| 1136 | + </Location> |
| 1137 | + |
| 1138 | + # LXC: Allow image listing |
| 1139 | + <Location /images> |
| 1140 | + Options +Indexes |
| 1141 | + </Location> |
| 1142 | + |
| 1143 | + # LXD: API root |
| 1144 | + <Location /1.0/> |
| 1145 | + ErrorDocument 404 /meta/lxd/404.json |
| 1146 | + Options -Indexes |
| 1147 | + </Location> |
| 1148 | + |
| 1149 | + # LXD: images |
| 1150 | + <Location /1.0/images/> |
| 1151 | + ErrorDocument 404 /meta/lxd/1.0/images/404.json |
| 1152 | + Options +FollowSymlinks |
| 1153 | + </Location> |
| 1154 | + |
| 1155 | + # LXD: aliases |
| 1156 | + <Location /1.0/images/aliases/> |
| 1157 | + ErrorDocument 404 /meta/lxd/404.json |
| 1158 | + </Location> |
| 1159 | + |
| 1160 | + # LXD: downloads |
| 1161 | + <LocationMatch "^/1.0/images/[0-9a-f]*/export"> |
| 1162 | + Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" |
| 1163 | + </LocationMatch> |
| 1164 | + # Simplestreams: redirect |
| 1165 | + RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] |
| 1166 | +</VirtualHost> |
| 1167 | + |
| 1168 | +<VirtualHost *:443> |
| 1169 | + ServerName lxd.example.net |
| 1170 | + ServerAlias uk.lxd.example.net |
| 1171 | + ServerAlias us.lxd.example.net |
| 1172 | + CustomLog ${APACHE_LOG_DIR}/lxd.example.net.log vhost_combined |
| 1173 | + DocumentRoot /srv/lxd.example.net/www |
| 1174 | + |
| 1175 | + <Location /> |
| 1176 | + Require all granted |
| 1177 | + </Location> |
| 1178 | + |
| 1179 | + # SSL configuration |
| 1180 | + SSLEngine On |
| 1181 | + SSLCertificateFile /etc/ssl/certs/lxd.example.net.crt |
| 1182 | + SSLCertificateKeyFile /etc/ssl/private/lxd.example.net.key |
| 1183 | + SSLCertificateChainFile /etc/ssl/certs/lxd.example.net_chain.crt |
| 1184 | + Header always set Strict-Transport-Security "max-age=31536000" |
| 1185 | + RequestHeader set X_FORWARDED_PORT "443" |
| 1186 | + RequestHeader set X_FORWARDED_PROTO "https" |
| 1187 | + |
| 1188 | + RewriteEngine on |
| 1189 | + AllowEncodedSlashes On |
| 1190 | + |
| 1191 | + # LXD: Recursive queries |
| 1192 | + RewriteCond %{QUERY_STRING} recursion=1 |
| 1193 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index-rec.json [L] |
| 1194 | + |
| 1195 | + # LXD: Normal queries |
| 1196 | + RewriteRule ^/1.0.*$ /meta/lxd%{REQUEST_URI}/index.json [L] |
| 1197 | + |
| 1198 | + <Location /> |
| 1199 | + Require all granted |
| 1200 | + </Location> |
| 1201 | + |
| 1202 | + # LXC: Allow image listing |
| 1203 | + <Location /images> |
| 1204 | + Options +Indexes |
| 1205 | + </Location> |
| 1206 | + |
| 1207 | + # LXD: API root |
| 1208 | + <Location /1.0/> |
| 1209 | + ErrorDocument 404 /meta/lxd/404.json |
| 1210 | + Options -Indexes |
| 1211 | + </Location> |
| 1212 | + |
| 1213 | + # LXD: images |
| 1214 | + <Location /1.0/images/> |
| 1215 | + ErrorDocument 404 /meta/lxd/1.0/images/404.json |
| 1216 | + Options +FollowSymlinks |
| 1217 | + </Location> |
| 1218 | + |
| 1219 | + # LXD: aliases |
| 1220 | + <Location /1.0/images/aliases/> |
| 1221 | + ErrorDocument 404 /meta/lxd/404.json |
| 1222 | + </Location> |
| 1223 | + |
| 1224 | + # LXD: downloads |
| 1225 | + <LocationMatch "^/1.0/images/[0-9a-f]*/export"> |
| 1226 | + Header set Content-Type "multipart/form-data; boundary=f012e447-25dd-4f6d-8a14-105c3b27a768" |
| 1227 | + </LocationMatch> |
| 1228 | + # Simplestreams: redirect |
| 1229 | + RewriteRule ^/streams(.*)$ /meta/simplestreams$1 [L] |
| 1230 | +</VirtualHost> |
| 1231 | + |
This merge proposal is being monitored by mergebot. Change the status to Approved to merge.