content cache #22

Supports: bionic

Add to new model

Description

Installs Nginx and HAProxy as a highly available web accelerator
with TLS support. Useful for providing local mirrors of HTTP servers
and building content delivery networks (CDN).


Overview

Deploy your own content distribution network (CDN).

Usage

TODO

  • add nagios check / monitoring for configurable percentage of backends down
  • e.g. 80% critical, 50% warning
  • add removal of NRPE checks for sites that no longer exists.
  • add unconfigure_nagios() for when NRPE relation is destroyed/removed.
  • add code to juju open-port / close-port per site
  • update cipher suites HAProxy disabling DHE - 'ECDH+AESGCM:ECDH+AES256:ECDH+AES128:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS'
  • update SSL/TLS support in HAProxy disabling TLS 1.0 and TLS1.1
  • update to enable HAProxy monitoring status/admin and ensure IP restricted
  • make some things such as cache max_size and proxy_cache_min_uses tunable (charm options).

Configuration

extra_packages
(string) Space separated list of extra deb packages to install.
install_keys
(string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
install_sources
(string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
nagios_context
(string) This string is prefixed to the hostname when writing exported nagios config fragments.
juju
nagios_servicegroups
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
package_status
(string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
install
sites
(string) YAML-formatted virtual hosts/sites. e.g. site1.local: backends: - 91.189.88.149:80 - 91.189.88.152:80 origin-headers: - X-Origin-Key: ${secret} local-content: my-local-content: root-path: /var/www/html
sites_secrets
(string) YAML-formatted dictionary of secrets/keys. e.g. site1.local: origin-headers: X-Origin-Key: my-origin-secret-key signed-url-hmac-key: my-signed-url-secret-key