apache2 subordinate ^#1

Supports: xenial bionic trusty

Description

Apache2 subordinate charm

Tags:
app-servers ›

Juju apache2-subordinate charm

The apache2-subordinate charm relates to a primary web service charm
and exposes its code or content to the world over HTTP/HTTPS.
This means that your site is the primary service,
and other Web server subordinates can be substituted for this one
if they use the same relation data.

How to deploy the charm

Assuming you have a copy of the apache2-subordinate charm
in ./charms/$distrocodename/apache2-subordinate,
and that you want to use it to expose a wordpress service:

juju deploy --repository=charms local:apache2-subordinate
juju add-relation wordpress apache2-subordinate

Using the webservice relation

The primary relation used by the apache2-subordinate charm
is the webservice relation.
The charm requires the services variable to be set in the relation data.
The services variable must be a list of dictionaries,
each describing the parameters for a virtual host.

Please note that all data in these dictionaries
will be passed as strings by juju,
and the apache2-subordinate charm will decode the data into python objects.

Vhost definition dictionary supports the following keys:

url - scheme://hostname:port

For example: http://myblog.me.com:80.

If https is used the charm will either deploy SSL certificates or if they are not available it will create self signed keypair. Currently only http and https are supported.
type - vhost type.

Currently only php is supported.
document_root
extra_packages (optional)

List of extra packages the vhost requires.

For example: ["php5_mysql", "php5_curl"]
webserver_options (optional)

List of options specific to the web server subordinate.

For example: ["mod_rewrite", "-serve-cgi-bin.conf", "+mod_status"]

redirects (optional)

List of redirects.

For example:

[
    {"match": "/wp-admin",
     "target": "https://mysite.example.com/wp-admin"},
    {"match": "/wp-login.php",
     "target": "https://mysite.example.com/wp-login.php"}
]

redirect_match (optional)

List of redirect match entries.

For example:

[
    {"match": "(.*).gif$",
     "target": "https://mysite.example.com$1.jpg",
     "type": "permanent"}
]

proxy (optional)

List of proxy urls and targets.

For example:

[
    {"match": "/media/",
     "proxy_target": "http://media.example.com/"},
]

vhost_options (optional)

List of dictionary mapping Apache directives to their parameters.
This is intended as a bit of a back channel for charms that explicitly know their Web server subordinate is Apache.

For example:
```
[{'Header': 'append Vary "Cookie"'}]
```

Example Relation Data

Putting all the pieces together,
a Wordpress installation might look something like the following:

[
    {
        "url": "http://mysite.example.com:8080",
        "type": "php",
        "document_root": "/srv/mysite.example.com",
        "extra_packages": ["php_mysql"],
        "redirects": [
            {"match": "/wp-admin", "target": "https://mysite.example.com/wp-admin"},
            {"match": "/wp-login.php", "target": "https://mysite.example.com/wp-login.php"}
        ],
        "proxy": [
            {"match": "/media/", "proxy_target": "http://media.example.com/"}
        ],
        "webserver_options": ["mod_rewrite", "mod_headers"],
        "vhost_options": [{'Header': 'append Vary "Cookie"'}],
    },
    {
        "url": "https://mysite.example.com:443",
        "type": "php",
        "document_root": "/srv/mysite.example.com",
        "extra_packages": ["php_mysql"],
        "webserver_options": ["mod_headers"],
        "vhost_options": [{'Header': 'append Vary "Cookie"'}],
    }
]

TODO

Add support for wsgi vhosts
- Use document_root to specify wsgi script, or a new path variable?
Improve support for static content vhosts?
- What's missing, currently?

Configuration

logrotate_dateext: (boolean) If set to True (default) logrotate will append date to each rotated file; True
logrotate_retention: (int) Number of (daily rotated) logs to keep on disk; 60
mpm_auto_tuning: (boolean) Automatically tune mpm per host CPU & RAM; True
mpm_max_clients: (int) Used by prefork and worker. Ignored if mpm_auto_tuning is True.; 2048
mpm_max_requests_per_child: (int) Used by prefork and worker. Ignored if mpm_auto_tuning is True.
mpm_max_spare_servers: (int) Maximum number of server processes which are kept spare. Used by prefork only. Ignored if mpm_auto_tuning is True.; 10
mpm_max_spare_threads: (int) Maximum number of worker threads which are kept spare. Used by worker only. Ignored if mpm_auto_tuning is True.; 75
mpm_min_spare_servers: (int) Minimum number of server processes which are kept spare. Used by prefork only. Ignored if mpm_auto_tuning is True.; 5
mpm_min_spare_threads: (int) Minimum number of worker threads which are kept spare. Used by worker only. Ignored if mpm_auto_tuning is True.; 25
mpm_server_limit: (int) Upper limit on configurable number of processes. Used by prefork only. Ignored if mpm_auto_tuning is True.; 128
mpm_start_servers: (int) Number of server processes to start. Used by prefork and worker. Ignored if mpm_auto_tuning is True.; 5
mpm_thread_limit: (int) Sets the upper limit on the configurable number of threads per child process. Used by worker only. Ignored if mpm_auto_tuning is True.; 64
mpm_threads_per_child: (int) Constant number of worker threads in each server process. Used by worker only. Ignored if mpm_auto_tuning is True.; 64
mpm_type: (string) The name of the apache-mpm-* package to install. Note that if the relation type of the primary charm is PHP, prefork will be used no matter what this is set to.; worker
server_signature: (string) Security setting. Set to one of On Off EMail; On
server_tokens: (string) Controls how the server product name is announced. Set to one of - Full OS Minimal Minor Major ProductOnly; OS
ssl_certificate: (string) SSL certificate in base64
ssl_chain: (string) SSL chain bundle in bas64
ssl_cipher_suite: (string) List of server cipher suites.; EECDH+AESGCM+AES128:EDH+AESGCM+AES128:EECDH+AES128:EDH+AES128:ECDH+AESGCM+AES128:aRSA+AESGCM+AES128:ECDH+AES128:DH+AES128:aRSA+AES128:EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:ECDH+AESGCM:aRSA+AESGCM:ECDH:DH:aRSA:HIGH:!MEDIUM:!aNULL:!NULL:!LOW:!3DES:!DSS:!EXP:!PSK:!SRP
ssl_honor_cipher_order: (boolean) Enable server cipher suite preference.; True
ssl_key: (string) SSL key in base64
ssl_protocol: (string) SSL Protocols to enable.; ALL -SSLv2 -SSLv3
trace_enabled: (string) Security setting. Set to one of On Off extended; Off