Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Guillaume Hervier
slapos
Commits
70b997b5
Commit
70b997b5
authored
May 11, 2012
by
Cédric de Saint Martin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Frontend: Improve Apache configuration, inspired by octopus conf
parent
00a8845f
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
42 additions
and
3 deletions
+42
-3
slapos/recipe/apache_frontend/__init__.py
slapos/recipe/apache_frontend/__init__.py
+12
-1
slapos/recipe/apache_frontend/template/apache.conf.in
slapos/recipe/apache_frontend/template/apache.conf.in
+18
-1
slapos/recipe/apache_frontend/template/apache.ssl-snippet.conf.in
...ecipe/apache_frontend/template/apache.ssl-snippet.conf.in
+12
-1
No files found.
slapos/recipe/apache_frontend/__init__.py
View file @
70b997b5
...
@@ -463,6 +463,13 @@ class Recipe(BaseSlapRecipe):
...
@@ -463,6 +463,13 @@ class Recipe(BaseSlapRecipe):
notfound_file_content
=
open
(
notfound_template_file_location
,
'r'
).
read
()
notfound_file_content
=
open
(
notfound_template_file_location
,
'r'
).
read
()
self
.
_writeFile
(
notfound_file_location
,
notfound_file_content
)
self
.
_writeFile
(
notfound_file_location
,
notfound_file_content
)
# Create mod_ssl cache directory
cache_directory_location
=
os
.
path
.
join
(
self
.
var_directory
,
'cache'
)
mod_ssl_cache_location
=
os
.
path
.
join
(
cache_directory_location
,
'httpd_mod_ssl'
)
self
.
_createDirectory
(
cache_directory_location
)
self
.
_createDirectory
(
mod_ssl_cache_location
)
# Create configuration file and rewritemaps
# Create configuration file and rewritemaps
apachemap_name
=
"apachemap.txt"
apachemap_name
=
"apachemap.txt"
apachemapzope_name
=
"apachemapzope.txt"
apachemapzope_name
=
"apachemapzope.txt"
...
@@ -472,7 +479,11 @@ class Recipe(BaseSlapRecipe):
...
@@ -472,7 +479,11 @@ class Recipe(BaseSlapRecipe):
apache_conf
=
self
.
_getApacheConfigurationDict
(
name
,
ip_list
,
port
)
apache_conf
=
self
.
_getApacheConfigurationDict
(
name
,
ip_list
,
port
)
apache_conf
[
'ssl_snippet'
]
=
self
.
substituteTemplate
(
apache_conf
[
'ssl_snippet'
]
=
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'apache.ssl-snippet.conf.in'
),
self
.
getTemplateFilename
(
'apache.ssl-snippet.conf.in'
),
dict
(
login_certificate
=
certificate
,
login_key
=
key
))
dict
(
login_certificate
=
certificate
,
login_key
=
key
,
httpd_mod_ssl_cache_directory
=
mod_ssl_cache_location
,
)
)
apache_conf
[
"listen"
]
=
"
\
n
"
.
join
([
"Listen %s:%s"
%
(
ip
,
port
)
for
ip
in
ip_list
])
apache_conf
[
"listen"
]
=
"
\
n
"
.
join
([
"Listen %s:%s"
%
(
ip
,
port
)
for
ip
in
ip_list
])
...
...
slapos/recipe/apache_frontend/template/apache.conf.in
View file @
70b997b5
...
@@ -70,6 +70,7 @@ LoadModule negotiation_module modules/mod_negotiation.so
...
@@ -70,6 +70,7 @@ LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule headers_module modules/mod_headers.so
LoadModule cache_module modules/mod_cache.so
LoadModule cache_module modules/mod_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule antiloris_module modules/mod_antiloris.so
LoadModule antiloris_module modules/mod_antiloris.so
CacheDefaultExpire 3600
CacheDefaultExpire 3600
...
@@ -77,7 +78,8 @@ CacheDefaultExpire 3600
...
@@ -77,7 +78,8 @@ CacheDefaultExpire 3600
# The following directives modify normal HTTP response behavior to
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
# handle known problems with browser implementations.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
...
@@ -93,3 +95,18 @@ BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
...
@@ -93,3 +95,18 @@ BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
# Cache directives
CacheEnable mem /
MCacheSize 8192
MCacheMaxObjectCount 1000
MCacheMaxObjectSize 8192
MCacheRemovalAlgorithm LRU
# Deflate
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent
slapos/recipe/apache_frontend/template/apache.ssl-snippet.conf.in
View file @
70b997b5
...
@@ -4,5 +4,16 @@ SSLCertificateFile %(login_certificate)s
...
@@ -4,5 +4,16 @@ SSLCertificateFile %(login_certificate)s
SSLCertificateKeyFile %(login_key)s
SSLCertificateKeyFile %(login_key)s
SSLRandomSeed startup builtin
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed connect builtin
SSLSessionCache shmcb:/%(httpd_mod_ssl_cache_directory)s/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
# Accept proxy to sites using self-signed SSL certificates
SSLProxyCheckPeerCN off
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLProxyCheckPeerExpire off
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment