4.08 KB
PidFile "{{ parameters.path_pid }}"
ServerAdmin someone@email

<IfDefine !HTTPDPort>
  Listen [{{ parameters.global_ip }}]:{{ parameters.global_port }}
  Define HTTPDPort

LoadModule unixd_module modules/
LoadModule access_compat_module modules/
LoadModule auth_basic_module modules/
LoadModule authz_core_module modules/
LoadModule authz_user_module modules/
LoadModule authz_host_module modules/
LoadModule authn_core_module modules/
LoadModule authn_file_module modules/
LoadModule mime_module modules/
#LoadModule cgid_module modules/
LoadModule ssl_module modules/
LoadModule alias_module modules/
LoadModule env_module modules/
LoadModule rewrite_module modules/
LoadModule headers_module modules/
LoadModule log_config_module modules/
LoadModule dav_module modules/
LoadModule dav_fs_module modules/
LoadModule cache_module modules/
LoadModule file_cache_module modules/
LoadModule setenvif_module modules/
LoadModule dir_module modules/
LoadModule cgid_module modules/
LoadModule autoindex_module modules/

ErrorLog "{{ parameters.path_error_log }}"
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "{{ parameters.path_access_log }}" common

# SSL Configuration
Define SSLConfigured
SSLCertificateFile {{ parameters.cert_file }}
SSLCertificateKeyFile {{ parameters.key_file }}
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLEngine   On

Include {{ parameters.httpd_cors_file }}

DocumentRoot {{ parameters.runner_home }}/public

# Directory protection
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Require all denied

Alias /public {{ parameters.runner_home }}/public
<Directory {{ parameters.runner_home }}/public>
      Order Allow,Deny
      Allow from all
      AllowOverride All
      Satisfy Any
      Options Indexes FollowSymLinks
      DirectoryIndex index.html
    <Files .htaccess>
        order allow,deny
        deny from all

DavLockDB {{ parameters.dav_lock }}
Alias /share {{ parameters.runner_home }}
<Directory {{ parameters.runner_home }}>
    DirectoryIndex disabled
    DAV On
    Options Indexes FollowSymLinks
    AuthType Basic
    AuthName "Webrunner Dav"
    AuthUserFile "{{ parameters.htpasswd_file }}"

    # Prevent using the web browser cache if requesting  the same document
    # from different domains or with different users
    Header set Cache-Control "private, max-age=0, must-revalidate"
    Header set Vary "Origin,Cookie,Authorization"

    <LimitExcept OPTIONS>
        Require valid-user

ScriptSock {{ parameters.cgid_sock }}
ScriptAlias /git/ {{ parameters.git_http_backend }}/
ScriptAlias /git-public/ {{ parameters.git_http_backend }}/

RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
RewriteCond %{REQUEST_URI} /git-receive-pack$

<LocationMatch "^/git/">
        SetEnv GIT_PROJECT_ROOT {{ parameters.project_private_folder }}
        Order Deny,Allow
        Deny from env=AUTHREQUIRED

        AuthType Basic
        AuthName "Git Access"
        AuthUserFile "{{ parameters.htpasswd_file }}"
        Require valid-user

<LocationMatch "^/git-public/">
        SetEnv GIT_PROJECT_ROOT {{ parameters.project_public_folder }}
        Order Deny,Allow
        Deny from env=AUTHREQUIRED

        AuthType Basic
        AuthName "Git Access"
        AuthUserFile "{{ parameters.htpasswd_file }}"
        Require valid-user
        Satisfy any