saltstack-formulas/apache-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9c9bfe9538
apache-formula/apache/config/vhosts/proxy.tmpl
Andreas Thienemann 1f488b6af3 Do not pass full apache context to vhost templates. 
The full apache context variable can grow quite large if using multiple
vhosts with SSL certificates.
With 200 sites the apache variable is being rendered 200 times which resuls
in observed renderer output of about 950MB...

state.apply will result with MemoryErrors in such cases.

This PR modifies the templating code to _only_ use a per site context
and pass a trimmed down copy of the apache context instead of the full.

Drive-By: Correct indentation for context variables.
Drive-By: Remove duplicate map/apache functionality. Only use map.
2020-12-08 21:13:07 +01:00

132 lines
6.2 KiB
Cheetah
Raw Blame History

#
# This file is managed by Salt! Do not edit by hand!
#
{# Define default values here so the template below can just focus on layout #}
{% set sitename = site.get('ServerName', id) -%}
{% set vals = {
'interfaces': site.get('interface', '*').split(),
'port': site.get('port', '80'),
'ServerName': sitename,
'ServerAlias': site.get('ServerAlias', ''),
'ServerAdmin': site.get('ServerAdmin', 'webmaster@{0}'.format(sitename)),
'UseCanonicalName': site.get('UseCanonicalName'),
'LogLevel': site.get('LogLevel', 'warn'),
'ErrorLog': site.get('ErrorLog', '{0}/{1}-error.log'.format(map.logdir, sitename)),
'LogFormat': site.get('LogFormat', '"%a %l %u %t \\"%r\\" %>s %b \\"%{Referer}i\\" \\"%{User-Agent}i\\""'),
'CustomLog': site.get('CustomLog', '{0}/{1}-access.log'.format(map.logdir, sitename)),
'ProxyRequests': site.get('ProxyRequests', 'Off'),
'ProxyPreserveHost': site.get('ProxyPreserveHost', 'On'),
'ProxyRoute': site.get('ProxyRoute', {}),
'Location': {
'Order': 'allow,deny',
'Allow': 'from all',
'Require': 'all granted',
},
'LocationMatch': {
'Order': 'allow,deny',
'Allow': 'from all',
'Require': 'all granted',
},
} -%}
<VirtualHost {%- for intf in vals.interfaces %} {{ intf }}:{{ vals.port }}{% endfor -%}>
ServerName {{ vals.ServerName }}
{% if site.get('ServerAlias') != False %}ServerAlias {{ vals.ServerAlias }}{% endif %}
{% if site.get('ServerAdmin') != False %}ServerAdmin {{ vals.ServerAdmin }}{% endif %}
{% if site.get('UseCanonicalName') %}UseCanonicalName {{ vals.UseCanonicalName }}{% endif %}
{% if site.get('LogLevel') != False %}LogLevel {{ vals.LogLevel }}{% endif %}
{% if site.get('ErrorLog') != False %}ErrorLog {{ vals.ErrorLog }}{% endif %}
{% if site.get('LogFormat') != False -%}LogFormat {{ vals.LogFormat }}{% endif %}
{% if site.get('CustomLog') != False -%}LogFormat {{ vals.LogFormat }} {{ sitename }}
CustomLog {{ vals.CustomLog }} {{ sitename }}{% endif %}
{% if site.get('SSLCertificateFile') %}SSLEngine on
SSLCertificateFile {{ site.SSLCertificateFile }}
{% if site.get('SSLCertificateKeyFile') %}SSLCertificateKeyFile {{ site.SSLCertificateKeyFile }}{% endif %}
{% if site.get('SSLCertificateChainFile') %}SSLCertificateChainFile {{ site.SSLCertificateChainFile }}{% endif %}
{%- endif %}
{% if site.get('Rewrite') %}RewriteEngine on
{{ site.Rewrite|indent(4) }}
{%- endif %}
{% if site.get('SSLProxyEngine') %}SSLProxyEngine {{ site.SSLProxyEngine }}{% endif %}
ProxyRequests {{ vals.ProxyRequests }}
ProxyPreserveHost {{ vals.ProxyPreserveHost }}
{% if site.get('ProxyErrorOverride') %}ProxyErrorOverride {{ site.ProxyErrorOverride }} {% endif %}
{% if site.get('ProxyErrorDir') %}ProxyPass /{{ site.ProxyErrorDir }}/ ! {% endif %}
{%- for proxy, proxyargs in vals.ProxyRoute|dictsort|reverse %}
{%- set proxyvals = {
'ProxyPassSource': proxyargs.get('ProxyPassSource', '/'),
'ProxyPassTarget': proxyargs.get('ProxyPassTarget', 'https://{0}'.format(sitename)),
'ProxyPassTargetOptions': proxyargs.get('ProxyPassTargetOptions', ''),
'ProxyPassReverseSource': proxyargs.get('ProxyPassReverseSource', '/'),
'ProxyPassReverseTarget': proxyargs.get('ProxyPassReverseTarget', proxyargs.get('ProxyPassTarget', 'https://{0}'.format(sitename))),
} %}
######### {{proxy}} #########
ProxyPass {{ proxyvals.ProxyPassSource }} {{ proxyvals.ProxyPassTarget }} {{ proxyvals.ProxyPassTargetOptions }}
ProxyPassReverse {{ proxyvals.ProxyPassReverseSource }} {{ proxyvals.ProxyPassReverseTarget }}
{% endfor %}
{%- for path, loc in site.get('Location', {}).items() %}
{%- set lvals = {
'Order': loc.get('Order', vals.Location.Order),
'Allow': loc.get('Allow', vals.Location.Allow),
'Require': loc.get('Require', vals.Location.Require),
'Dav': loc.get('Dav', False),
} %}
<Location "{{ path }}">
{%- if map.version == '2.4' %}
{% if lvals.get('Require') != False %}Require {{ lvals.Require }}{% endif %}
{%- else %}
{% if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %}
{% if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %}
{%- endif %}
{% if loc.get('Formula_Append') %} {{ loc.Formula_Append|indent(8) }} {% endif %}
</Location>
{% endfor %}
{%- for regpath, locmat in site.get('LocationMatch', {}).items() %}
{%- set lmvals = {
'Order': locmat.get('Order', vals.LocationMatch.Order),
'Allow': locmat.get('Allow', vals.LocationMatch.Allow),
'Require': locmat.get('Require', vals.LocationMatch.Require),
'Dav': locmat.get('Dav', False),
} %}
<LocationMatch "{{ regpath }}">
{%- if map.version == '2.4' %}
{% if lmvals.get('Require') != False %}Require {{ lmvals.Require }}{% endif %}
{%- else %}
{% if lmvals.get('Order') != False %}Order {{ lmvals.Order }}{% endif %}
{% if lmvals.get('Allow') != False %}Allow {{ lmvals.Allow }}{% endif %}
{%- endif %}
{% if locmat.get('Formula_Append') %} {{ locmat.Formula_Append|indent(8) }} {% endif %}
</LocationMatch>
{% endfor %}
{%- for proxypath, prox in site.get('Proxy_control', {}).items() %}
{%- set proxvals = {
'AllowAll': prox.get('AllowAll', vals.AllowAll),
'AllowCountry': prox.get('AllowCountry', vals.AllowCountry),
'AllowIP': prox.get('AllowIP', vals.AllowIP),
} %}
<Proxy "{{ proxypath }}">
{%- if proxvals.get('AllowAll') != False %}
Require all granted
{%- else %}
{% if proxvals.get('AllowCountry') != False %}{% set country_list = proxvals.get('AllowCountry', {}) %}GeoIPEnable On
{% for every_country in country_list %}SetEnvIf GEOIP_COUNTRY_CODE {{ every_country }} AllowCountry
{% endfor %}Require env AllowCountry {% endif %}
{% if proxvals.get('AllowIP') is defined %}{% set ip_list = proxvals.get('AllowIP', {}) %}
Require ip {% for every_ip in ip_list %}{{ every_ip }} {% endfor %} {% endif %}
{%- endif %}
</Proxy>
{%- endfor %}
{%- if site.get('Formula_Append') %}
{{ site.Formula_Append|indent(4) }}
{%- endif %}
</VirtualHost>
Reference in New Issue View Git Blame Copy Permalink