content cache ^#3

By nick-moffitt
stable

Supports: bionic

Description

Installs Nginx and HAProxy as a highly available web accelerator with TLS support. Useful for providing local mirrors of HTTP servers and building content delivery networks (CDN).

Overview

Deploy your own content distribution network (CDN).

Usage

To deploy the charm:

juju deploy cs:content-cache

Set juju config for the site option as required. For example:

# Site with some public, some authenticated content, using another site
# with two IPs for authentication. In this case, 10.1.1.2 and 10.1.1.3
# would need to listen on 443 for auth.example1.com and process
# authentication requests.
example1.com:
  tls-cert-bundle-path: /var/lib/haproxy
  locations:
    '/':
      extra-config:
        - root /srv/example1.com/content/
        - autoindex on
    '/auth':
      modifier: '='
      backends:
        - 10.1.1.2:443
        - 10.1.1.3:443
      backend-check-path: /status
      backend-path: /auth-check/
      backend-tls: True
      cache-validity: '200 401 1h'
      origin-headers:
        - Original-URI: $request_uri
        - Resource-Name: example1
      extra-config:
        - internal
        - proxy_cache_key $http_authorization
      site-name: auth.example1.com
    '/status':
      extra-config:
        - stub_status on
    '/private/content/':
      extra-config:
        - root /srv/example1.com/content/
        - autoindex on
        - auth_request /auth
      nagios-expect: 401 Unauthorized

To get metrics:

juju deploy cs:telegraf
juju add-relation telegraf:haproxy content-cache:haproxy-statistics

You can then query the telegraf endpoint to get HAProxy metrics from the content-cache charm.

Configuration

extra_packages: (string) Space separated list of extra deb packages to install.
install_keys: (string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
install_sources: (string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
nagios_context: (string) This string is prefixed to the hostname when writing exported nagios config fragments.; juju
nagios_servicegroups: (string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
package_status: (string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".; install
sites: (string) YAML-formatted virtual hosts/sites. See the README.md for more details and examples.
sites_secrets: (string) YAML-formatted dictionary of secrets/keys. e.g. site1.local: origin-headers: X-Origin-Key: my-origin-secret-key signed-url-hmac-key: my-signed-url-secret-key