apache-frontend: Small clean up on template for default virtual host

57427cf6 · Rafael Monnerat · 7e7ade50 · 57427cf6 · 57427cf6
Commit 57427cf6 authored Nov 17, 2016 by Rafael Monnerat
Showing with 29 additions and 40 deletions

software/apache-frontend/common.cfg software/apache-frontend/common.cfg +1 -1

software/apache-frontend/templates/default-virtualhost.conf.in ...are/apache-frontend/templates/default-virtualhost.conf.in +28 -39

No files found.
--- a/software/apache-frontend/common.cfg
+++ b/software/apache-frontend/common.cfg
@@ -121,7 +121,7 @@ mode = 640
 [template-default-slave-virtualhost]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
-md5sum = 8975fd41fae2dcac92e18df3c6375f9a 
+md5sum = e5ed71c5e22ab91e33a71bd09879e23c 
 mode = 640

 [template-cached-slave-virtualhost]

--- a/software/apache-frontend/templates/default-virtualhost.conf.in
+++ b/software/apache-frontend/templates/default-virtualhost.conf.in
-{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
-{% set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%}
-{% set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
+{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
+{%- set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%}
+{%- set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
 {%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
- 
+{%- set server_alias_list =  slave_parameter.get('server-alias', '').split() -%}
+{%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
+{%- set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() -%}
+{%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
+{%- set slave_type = slave_parameter.get('type', '') -%}
+{%- set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
+                                 ('SSLCertificateKeyFile', 'path_to_ssl_key'),
+                                 ('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
+                                 ('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
+
 <VirtualHost *:{{ https_port }}>
  ServerName {{ slave_parameter.get('custom_domain') }}
  ServerAlias {{ slave_parameter.get('custom_domain') }}

-{%- if 'server-alias' in slave_parameter -%}
-  {% set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
-  {%- for server_alias in server_alias_list %}
+{%- for server_alias in server_alias_list %}
  ServerAlias {{ server_alias }}
-  {% endfor %}
-{%- endif %}
+{% endfor %}

  SSLEngine on
  SSLProxyEngine on
-{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
 {% if ssl_proxy_verify -%}
 {%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
  SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
@@ -29,18 +34,12 @@
  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
  SSLHonorCipherOrder on

-{% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
-       			      	 ('SSLCertificateKeyFile', 'path_to_ssl_key'),
-                                 ('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
-                                 ('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
-
 {% for key, value in ssl_configuration_list -%}
 {%   if value in slave_parameter -%}
 {{ '  %s' % key }} {{ slave_parameter.get(value) }}
 {% endif -%}
 {% endfor -%}

-
  # One Slave two logs
  ErrorLog "{{ slave_parameter.get('error_log') }}"
  LogLevel info
@@ -50,28 +49,26 @@
  # Rewrite part
  ProxyPreserveHost On
  ProxyTimeout 600
+  RewriteEngine On
+
 {% if disable_via_header %}
  Header unset Via
 {% endif -%}
-  RewriteEngine On

 {% if disable_no_cache_header %}
  RequestHeader unset Cache-Control
  RequestHeader unset Pragma
 {% endif -%}

-{% if 'disabled-cookie-list' in slave_parameter -%}
-  {% set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() %}
-  {%- for disabled_cookie in disabled_cookie_list %}
+{%- for disabled_cookie in disabled_cookie_list %}
 {{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
-  {% endfor -%}
-{% endif %}
+{% endfor -%}

 {%- if prefer_gzip %}
  RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
 {% endif %}

-{% if slave_parameter.get('type', '') ==  'zope' -%}
+{% if slave_type ==  'zope' -%}
  {% if 'default-path' in slave_parameter %}
  RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
  {% endif -%}
@@ -79,8 +76,8 @@
  # If so, let's use Virtual Host Monster rewrite
  # We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
  RewriteRule ^/(.*)$ {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }}/VirtualHostBase/https//%{SERVER_NAME}:443/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
-{% elif slave_parameter.get('type', '') ==  'redirect' -%}
-  RewriteRule     (.*)  {{ slave_parameter.get('https-url', slave_parameter.get('url', ''))}}$1 [R,L]
+{% elif slave_type ==  'redirect' -%}
+  RewriteRule  (.*)  {{ slave_parameter.get('https-url', slave_parameter.get('url', ''))}}$1 [R,L]
 {% else -%}
  {% if 'default-path' in slave_parameter %}
  RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
@@ -93,15 +90,11 @@
  ServerName {{ slave_parameter.get('custom_domain') }}
  ServerAlias {{ slave_parameter.get('custom_domain') }}

-{%- if 'server-alias' in slave_parameter %}
-  {% set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
-  {%- for server_alias in server_alias_list %}
+{%-  for server_alias in server_alias_list %}
  ServerAlias {{ server_alias }}
-  {% endfor -%}
-{% endif %}
+{% endfor -%}

  SSLProxyEngine on
-{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
 {% if ssl_proxy_verify -%}
 {%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
  SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
@@ -132,28 +125,24 @@
  RequestHeader unset Pragma
 {% endif -%}

-{% if 'disabled-cookie-list' in slave_parameter -%}
-  {% set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() %}
-  {%- for disabled_cookie in disabled_cookie_list %}
+{%- for disabled_cookie in disabled_cookie_list %}
 {{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
-  {% endfor -%}
-{% endif %}
+{% endfor -%}

 {%- if prefer_gzip %}
  RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
 {% endif %}

 # Next line is forbidden and people who copy it will be hanged short
-{% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
 {% if https_only -%}
  # Not using HTTPS? Ask that guy over there.
  # Dummy redirection to https. Note: will work only if https listens
  # on standard port (443).
  RewriteCond     %{SERVER_PORT}  !^{{ https_port }}$
  RewriteRule     ^/(.*)          https://%{SERVER_NAME}/$1 [NC,R,L]
-{% elif slave_parameter.get('type', '') ==  'redirect' -%}
+{% elif slave_type ==  'redirect' -%}
  RewriteRule     (.*)  {{slave_parameter.get('url', '')}}$1 [R,L]
-{% elif slave_parameter.get('type', '') ==  'zope' -%}
+{% elif slave_type ==  'zope' -%}
  {% if 'default-path' in slave_parameter %}
  RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
  {% endif -%}