Commit 270cf177 authored by Romain Courteaud's avatar Romain Courteaud

Require apache scheme.

This allow to generate non SSL configuration
parent 82f81443
...@@ -33,10 +33,25 @@ class Recipe(GenericBaseRecipe): ...@@ -33,10 +33,25 @@ class Recipe(GenericBaseRecipe):
ip = self.options['ip'] ip = self.options['ip']
port = self.options['port'] port = self.options['port']
backend = self.options['backend'] backend = self.options['backend']
apache_conf = dict()
scheme = self.options['scheme']
if scheme == 'http':
required_path_list = []
apache_conf['ssl_snippet'] = ''
elif scheme == 'https':
key = self.options['key-file'] key = self.options['key-file']
certificate = self.options['cert-file'] certificate = self.options['cert-file']
required_path_list = [key, certificate]
apache_conf['key'] = key
apache_conf['certificate'] = certificate
apache_conf['ssl_snippet'] = pkg_resources.resource_string(__name__,
'template/snippet.ssl.in') % apache_conf
else:
raise ValueError, "Unsupported scheme %s" % scheme
access_control_string = self.options['access-control-string'] access_control_string = self.options['access-control-string']
apache_conf = dict()
apache_conf['pid_file'] = self.options['pid-file'] apache_conf['pid_file'] = self.options['pid-file']
apache_conf['lock_file'] = self.options['lock-file'] apache_conf['lock_file'] = self.options['lock-file']
apache_conf['ip'] = ip apache_conf['ip'] = ip
...@@ -45,8 +60,6 @@ class Recipe(GenericBaseRecipe): ...@@ -45,8 +60,6 @@ class Recipe(GenericBaseRecipe):
apache_conf['error_log'] = self.options['error-log'] apache_conf['error_log'] = self.options['error-log']
apache_conf['access_log'] = self.options['access-log'] apache_conf['access_log'] = self.options['access-log']
apache_conf['server_name'] = '%s' % apache_conf['ip'] apache_conf['server_name'] = '%s' % apache_conf['ip']
apache_conf['certificate'] = certificate
apache_conf['key'] = key
apache_conf['path'] = '/' apache_conf['path'] = '/'
apache_conf['access_control_string'] = access_control_string apache_conf['access_control_string'] = access_control_string
apache_conf['rewrite_rule'] = "RewriteRule (.*) %s$1 [L,P]" % backend apache_conf['rewrite_rule'] = "RewriteRule (.*) %s$1 [L,P]" % backend
...@@ -58,7 +71,7 @@ class Recipe(GenericBaseRecipe): ...@@ -58,7 +71,7 @@ class Recipe(GenericBaseRecipe):
wrapper = self.createPythonScript(self.options['wrapper'], __name__ + wrapper = self.createPythonScript(self.options['wrapper'], __name__ +
'.apache.runApache', [ '.apache.runApache', [
dict( dict(
required_path_list=[key, certificate], required_path_list=required_path_list,
binary=self.options['apache-binary'], binary=self.options['apache-binary'],
config=apache_config_file config=apache_config_file
) )
......
...@@ -32,16 +32,7 @@ TraceEnable Off ...@@ -32,16 +32,7 @@ TraceEnable Off
# As backend is trusting REMOTE_USER header unset it always # As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER RequestHeader unset REMOTE_USER
# SSL Configuration %(ssl_snippet)s
SSLEngine on
SSLCertificateFile %(certificate)s
SSLCertificateKeyFile %(key)s
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SSLProxyEngine On
# Log configuration # Log configuration
ErrorLog "%(error_log)s" ErrorLog "%(error_log)s"
......
# SSL Configuration
SSLEngine on
SSLCertificateFile %(certificate)s
SSLCertificateKeyFile %(key)s
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SSLProxyEngine On
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment