apache2 subordinate #1
Description
Apache2 subordinate charm
- Tags:
- app-servers ›
Juju apache2-subordinate charm
The apache2-subordinate charm relates to a primary web service charm and exposes its code or content to the world over HTTP/HTTPS. This means that your site is the primary service, and other Web server subordinates can be substituted for this one if they use the same relation data.
How to deploy the charm
Assuming you have a copy of the apache2-subordinate charm
in ./charms/$distrocodename/apache2-subordinate,
and that you want to use it to expose a wordpress service:
juju deploy --repository=charms local:apache2-subordinate
juju add-relation wordpress apache2-subordinate
Using the webservice relation
The primary relation used by the apache2-subordinate charm
is the webservice relation.
The charm requires the services variable to be set in the relation data.
The services variable must be a list of dictionaries,
each describing the parameters for a virtual host.
Please note that all data in these dictionaries will be passed as strings by juju, and the apache2-subordinate charm will decode the data into python objects.
Vhost definition dictionary supports the following keys:
-
url -
scheme://hostname:portFor example:
http://myblog.me.com:80.If https is used the charm will either deploy SSL certificates or if they are not available it will create self signed keypair. Currently only http and https are supported.
-
type - vhost type.
Currently only
phpis supported. -
document_root
-
extra_packages (optional)
List of extra packages the vhost requires.
For example:
["php5_mysql", "php5_curl"] -
webserver_options (optional)
List of options specific to the web server subordinate.
For example:
["mod_rewrite", "-serve-cgi-bin.conf", "+mod_status"] -
redirects (optional)
List of redirects.
For example:
[ {"match": "/wp-admin", "target": "https://mysite.example.com/wp-admin"}, {"match": "/wp-login.php", "target": "https://mysite.example.com/wp-login.php"} ] -
redirect_match (optional)
List of redirect match entries.
For example:
[ {"match": "(.*).gif$", "target": "https://mysite.example.com$1.jpg", "type": "permanent"} ] -
proxy (optional)
List of proxy urls and targets.
For example:
[ {"match": "/media/", "proxy_target": "http://media.example.com/"}, ] -
vhost_options (optional)
List of dictionary mapping Apache directives to their parameters.
This is intended as a bit of a back channel for charms that explicitly know their Web server subordinate is Apache.For example:
[{'Header': 'append Vary "Cookie"'}]
Example Relation Data
Putting all the pieces together, a Wordpress installation might look something like the following:
[
{
"url": "http://mysite.example.com:8080",
"type": "php",
"document_root": "/srv/mysite.example.com",
"extra_packages": ["php_mysql"],
"redirects": [
{"match": "/wp-admin", "target": "https://mysite.example.com/wp-admin"},
{"match": "/wp-login.php", "target": "https://mysite.example.com/wp-login.php"}
],
"proxy": [
{"match": "/media/", "proxy_target": "http://media.example.com/"}
],
"webserver_options": ["mod_rewrite", "mod_headers"],
"vhost_options": [{'Header': 'append Vary "Cookie"'}],
},
{
"url": "https://mysite.example.com:443",
"type": "php",
"document_root": "/srv/mysite.example.com",
"extra_packages": ["php_mysql"],
"webserver_options": ["mod_headers"],
"vhost_options": [{'Header': 'append Vary "Cookie"'}],
}
]
TODO
- Add support for wsgi vhosts
- Use document_root to specify wsgi script, or a new path variable?
- Improve support for static content vhosts?
- What's missing, currently?
Configuration
- logrotate_dateext
- (boolean) If set to True (default) logrotate will append date to each rotated file
- True
- logrotate_retention
- (int) Number of (daily rotated) logs to keep on disk
- 60
- mpm_auto_tuning
- (boolean) Automatically tune mpm per host CPU & RAM
- True
- mpm_max_clients
- (int) Used by prefork and worker. Ignored if mpm_auto_tuning is True.
- 2048
- mpm_max_requests_per_child
- (int) Used by prefork and worker. Ignored if mpm_auto_tuning is True.
- mpm_max_spare_servers
- (int) Maximum number of server processes which are kept spare. Used by prefork only. Ignored if mpm_auto_tuning is True.
- 10
- mpm_max_spare_threads
- (int) Maximum number of worker threads which are kept spare. Used by worker only. Ignored if mpm_auto_tuning is True.
- 75
- mpm_min_spare_servers
- (int) Minimum number of server processes which are kept spare. Used by prefork only. Ignored if mpm_auto_tuning is True.
- 5
- mpm_min_spare_threads
- (int) Minimum number of worker threads which are kept spare. Used by worker only. Ignored if mpm_auto_tuning is True.
- 25
- mpm_server_limit
- (int) Upper limit on configurable number of processes. Used by prefork only. Ignored if mpm_auto_tuning is True.
- 128
- mpm_start_servers
- (int) Number of server processes to start. Used by prefork and worker. Ignored if mpm_auto_tuning is True.
- 5
- mpm_thread_limit
- (int) Sets the upper limit on the configurable number of threads per child process. Used by worker only. Ignored if mpm_auto_tuning is True.
- 64
- mpm_threads_per_child
- (int) Constant number of worker threads in each server process. Used by worker only. Ignored if mpm_auto_tuning is True.
- 64
- mpm_type
- (string) The name of the apache-mpm-* package to install. Note that if the relation type of the primary charm is PHP, prefork will be used no matter what this is set to.
- worker
- server_signature
- (string) Security setting. Set to one of On Off EMail
- On
- server_tokens
- (string) Controls how the server product name is announced. Set to one of - Full OS Minimal Minor Major ProductOnly
- OS
- ssl_certificate
- (string) SSL certificate in base64
- ssl_chain
- (string) SSL chain bundle in bas64
- ssl_cipher_suite
- (string) List of server cipher suites.
- EECDH+AESGCM+AES128:EDH+AESGCM+AES128:EECDH+AES128:EDH+AES128:ECDH+AESGCM+AES128:aRSA+AESGCM+AES128:ECDH+AES128:DH+AES128:aRSA+AES128:EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:ECDH+AESGCM:aRSA+AESGCM:ECDH:DH:aRSA:HIGH:!MEDIUM:!aNULL:!NULL:!LOW:!3DES:!DSS:!EXP:!PSK:!SRP
- ssl_honor_cipher_order
- (boolean) Enable server cipher suite preference.
- True
- ssl_key
- (string) SSL key in base64
- ssl_protocol
- (string) SSL Protocols to enable.
- ALL -SSLv2 -SSLv3
- trace_enabled
- (string) Security setting. Set to one of On Off extended
- Off