Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jean-Paul Smets
slapos
Commits
57427cf6
Commit
57427cf6
authored
Nov 17, 2016
by
Rafael Monnerat
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
apache-frontend: Small clean up on template for default virtual host
parent
7e7ade50
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
29 additions
and
40 deletions
+29
-40
software/apache-frontend/common.cfg
software/apache-frontend/common.cfg
+1
-1
software/apache-frontend/templates/default-virtualhost.conf.in
...are/apache-frontend/templates/default-virtualhost.conf.in
+28
-39
No files found.
software/apache-frontend/common.cfg
View file @
57427cf6
...
@@ -121,7 +121,7 @@ mode = 640
...
@@ -121,7 +121,7 @@ mode = 640
[template-default-slave-virtualhost]
[template-default-slave-virtualhost]
recipe = slapos.recipe.build:download
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
md5sum =
8975fd41fae2dcac92e18df3c6375f9a
md5sum =
e5ed71c5e22ab91e33a71bd09879e23c
mode = 640
mode = 640
[template-cached-slave-virtualhost]
[template-cached-slave-virtualhost]
...
...
software/apache-frontend/templates/default-virtualhost.conf.in
View file @
57427cf6
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%
-
set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{% set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%}
{%
-
set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%}
{% set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
{%
-
set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
{%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
{%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
{%- set server_alias_list = slave_parameter.get('server-alias', '').split() -%}
{%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
{%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() -%}
{%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
{%- set slave_type = slave_parameter.get('type', '') -%}
{%- set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
('SSLCertificateKeyFile', 'path_to_ssl_key'),
('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
<VirtualHost *:{{ https_port }}>
<VirtualHost *:{{ https_port }}>
ServerName {{ slave_parameter.get('custom_domain') }}
ServerName {{ slave_parameter.get('custom_domain') }}
ServerAlias {{ slave_parameter.get('custom_domain') }}
ServerAlias {{ slave_parameter.get('custom_domain') }}
{%- if 'server-alias' in slave_parameter -%}
{%- for server_alias in server_alias_list %}
{% set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{%- for server_alias in server_alias_list %}
ServerAlias {{ server_alias }}
ServerAlias {{ server_alias }}
{% endfor %}
{% endfor %}
{%- endif %}
SSLEngine on
SSLEngine on
SSLProxyEngine on
SSLProxyEngine on
{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
{% if ssl_proxy_verify -%}
{% if ssl_proxy_verify -%}
{% if 'ssl_proxy_ca_crt' in slave_parameter -%}
{% if 'ssl_proxy_ca_crt' in slave_parameter -%}
SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
...
@@ -29,18 +34,12 @@
...
@@ -29,18 +34,12 @@
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLHonorCipherOrder on
{% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
('SSLCertificateKeyFile', 'path_to_ssl_key'),
('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
{% for key, value in ssl_configuration_list -%}
{% for key, value in ssl_configuration_list -%}
{% if value in slave_parameter -%}
{% if value in slave_parameter -%}
{{ ' %s' % key }} {{ slave_parameter.get(value) }}
{{ ' %s' % key }} {{ slave_parameter.get(value) }}
{% endif -%}
{% endif -%}
{% endfor -%}
{% endfor -%}
# One Slave two logs
# One Slave two logs
ErrorLog "{{ slave_parameter.get('error_log') }}"
ErrorLog "{{ slave_parameter.get('error_log') }}"
LogLevel info
LogLevel info
...
@@ -50,28 +49,26 @@
...
@@ -50,28 +49,26 @@
# Rewrite part
# Rewrite part
ProxyPreserveHost On
ProxyPreserveHost On
ProxyTimeout 600
ProxyTimeout 600
RewriteEngine On
{% if disable_via_header %}
{% if disable_via_header %}
Header unset Via
Header unset Via
{% endif -%}
{% endif -%}
RewriteEngine On
{% if disable_no_cache_header %}
{% if disable_no_cache_header %}
RequestHeader unset Cache-Control
RequestHeader unset Cache-Control
RequestHeader unset Pragma
RequestHeader unset Pragma
{% endif -%}
{% endif -%}
{% if 'disabled-cookie-list' in slave_parameter -%}
{%- for disabled_cookie in disabled_cookie_list %}
{% set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %}
{%- for disabled_cookie in disabled_cookie_list %}
{{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{% endfor -%}
{% endfor -%}
{% endif %}
{%- if prefer_gzip %}
{%- if prefer_gzip %}
RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
{% endif %}
{% endif %}
{% if slave_
parameter.get('type', '')
== 'zope' -%}
{% if slave_
type
== 'zope' -%}
{% if 'default-path' in slave_parameter %}
{% if 'default-path' in slave_parameter %}
RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
{% endif -%}
{% endif -%}
...
@@ -79,7 +76,7 @@
...
@@ -79,7 +76,7 @@
# If so, let's use Virtual Host Monster rewrite
# If so, let's use Virtual Host Monster rewrite
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }}/VirtualHostBase/https//%{SERVER_NAME}:443/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
RewriteRule ^/(.*)$ {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }}/VirtualHostBase/https//%{SERVER_NAME}:443/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
{% elif slave_
parameter.get('type', '')
== 'redirect' -%}
{% elif slave_
type
== 'redirect' -%}
RewriteRule (.*) {{ slave_parameter.get('https-url', slave_parameter.get('url', ''))}}$1 [R,L]
RewriteRule (.*) {{ slave_parameter.get('https-url', slave_parameter.get('url', ''))}}$1 [R,L]
{% else -%}
{% else -%}
{% if 'default-path' in slave_parameter %}
{% if 'default-path' in slave_parameter %}
...
@@ -93,15 +90,11 @@
...
@@ -93,15 +90,11 @@
ServerName {{ slave_parameter.get('custom_domain') }}
ServerName {{ slave_parameter.get('custom_domain') }}
ServerAlias {{ slave_parameter.get('custom_domain') }}
ServerAlias {{ slave_parameter.get('custom_domain') }}
{%- if 'server-alias' in slave_parameter %}
{%- for server_alias in server_alias_list %}
{% set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{%- for server_alias in server_alias_list %}
ServerAlias {{ server_alias }}
ServerAlias {{ server_alias }}
{% endfor -%}
{% endfor -%}
{% endif %}
SSLProxyEngine on
SSLProxyEngine on
{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
{% if ssl_proxy_verify -%}
{% if ssl_proxy_verify -%}
{% if 'ssl_proxy_ca_crt' in slave_parameter -%}
{% if 'ssl_proxy_ca_crt' in slave_parameter -%}
SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
...
@@ -132,28 +125,24 @@
...
@@ -132,28 +125,24 @@
RequestHeader unset Pragma
RequestHeader unset Pragma
{% endif -%}
{% endif -%}
{% if 'disabled-cookie-list' in slave_parameter -%}
{%- for disabled_cookie in disabled_cookie_list %}
{% set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %}
{%- for disabled_cookie in disabled_cookie_list %}
{{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{% endfor -%}
{% endfor -%}
{% endif %}
{%- if prefer_gzip %}
{%- if prefer_gzip %}
RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
{% endif %}
{% endif %}
# Next line is forbidden and people who copy it will be hanged short
# Next line is forbidden and people who copy it will be hanged short
{% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
{% if https_only -%}
{% if https_only -%}
# Not using HTTPS? Ask that guy over there.
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
# on standard port (443).
RewriteCond %{SERVER_PORT} !^{{ https_port }}$
RewriteCond %{SERVER_PORT} !^{{ https_port }}$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
{% elif slave_
parameter.get('type', '')
== 'redirect' -%}
{% elif slave_
type
== 'redirect' -%}
RewriteRule (.*) {{slave_parameter.get('url', '')}}$1 [R,L]
RewriteRule (.*) {{slave_parameter.get('url', '')}}$1 [R,L]
{% elif slave_
parameter.get('type', '')
== 'zope' -%}
{% elif slave_
type
== 'zope' -%}
{% if 'default-path' in slave_parameter %}
{% if 'default-path' in slave_parameter %}
RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
{% endif -%}
{% endif -%}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment