Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Aurélien Vermylen
slapos
Commits
57427cf6
Commit
57427cf6
authored
Nov 17, 2016
by
Rafael Monnerat
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
apache-frontend: Small clean up on template for default virtual host
parent
7e7ade50
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
29 additions
and
40 deletions
+29
-40
software/apache-frontend/common.cfg
software/apache-frontend/common.cfg
+1
-1
software/apache-frontend/templates/default-virtualhost.conf.in
...are/apache-frontend/templates/default-virtualhost.conf.in
+28
-39
No files found.
software/apache-frontend/common.cfg
View file @
57427cf6
...
@@ -121,7 +121,7 @@ mode = 640
...
@@ -121,7 +121,7 @@ mode = 640
[template-default-slave-virtualhost]
[template-default-slave-virtualhost]
recipe = slapos.recipe.build:download
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
md5sum =
8975fd41fae2dcac92e18df3c6375f9a
md5sum =
e5ed71c5e22ab91e33a71bd09879e23c
mode = 640
mode = 640
[template-cached-slave-virtualhost]
[template-cached-slave-virtualhost]
...
...
software/apache-frontend/templates/default-virtualhost.conf.in
View file @
57427cf6
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%
-
set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{% set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%}
{%
-
set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%}
{% set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
{%
-
set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
{%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
{%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
{%- set server_alias_list = slave_parameter.get('server-alias', '').split() -%}
{%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
{%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() -%}
{%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
{%- set slave_type = slave_parameter.get('type', '') -%}
{%- set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
('SSLCertificateKeyFile', 'path_to_ssl_key'),
('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
<VirtualHost *:{{ https_port }}>
<VirtualHost *:{{ https_port }}>
ServerName {{ slave_parameter.get('custom_domain') }}
ServerName {{ slave_parameter.get('custom_domain') }}
ServerAlias {{ slave_parameter.get('custom_domain') }}
ServerAlias {{ slave_parameter.get('custom_domain') }}
{%- if 'server-alias' in slave_parameter -%}
{%- for server_alias in server_alias_list %}
{% set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{%- for server_alias in server_alias_list %}
ServerAlias {{ server_alias }}
ServerAlias {{ server_alias }}
{% endfor %}
{% endfor %}
{%- endif %}
SSLEngine on
SSLEngine on
SSLProxyEngine on
SSLProxyEngine on
{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
{% if ssl_proxy_verify -%}
{% if ssl_proxy_verify -%}
{% if 'ssl_proxy_ca_crt' in slave_parameter -%}
{% if 'ssl_proxy_ca_crt' in slave_parameter -%}
SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
...
@@ -29,18 +34,12 @@
...
@@ -29,18 +34,12 @@
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLHonorCipherOrder on
{% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
('SSLCertificateKeyFile', 'path_to_ssl_key'),
('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
{% for key, value in ssl_configuration_list -%}
{% for key, value in ssl_configuration_list -%}
{% if value in slave_parameter -%}
{% if value in slave_parameter -%}
{{ ' %s' % key }} {{ slave_parameter.get(value) }}
{{ ' %s' % key }} {{ slave_parameter.get(value) }}
{% endif -%}
{% endif -%}
{% endfor -%}
{% endfor -%}
# One Slave two logs
# One Slave two logs
ErrorLog "{{ slave_parameter.get('error_log') }}"
ErrorLog "{{ slave_parameter.get('error_log') }}"
LogLevel info
LogLevel info
...
@@ -50,28 +49,26 @@
...
@@ -50,28 +49,26 @@
# Rewrite part
# Rewrite part
ProxyPreserveHost On
ProxyPreserveHost On
ProxyTimeout 600
ProxyTimeout 600
RewriteEngine On
{% if disable_via_header %}
{% if disable_via_header %}
Header unset Via
Header unset Via
{% endif -%}
{% endif -%}
RewriteEngine On
{% if disable_no_cache_header %}
{% if disable_no_cache_header %}
RequestHeader unset Cache-Control
RequestHeader unset Cache-Control
RequestHeader unset Pragma
RequestHeader unset Pragma
{% endif -%}
{% endif -%}
{% if 'disabled-cookie-list' in slave_parameter -%}
{%- for disabled_cookie in disabled_cookie_list %}
{% set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %}
{%- for disabled_cookie in disabled_cookie_list %}
{{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{% endfor -%}
{% endfor -%}
{% endif %}
{%- if prefer_gzip %}
{%- if prefer_gzip %}
RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
{% endif %}
{% endif %}
{% if slave_
parameter.get('type', '')
== 'zope' -%}
{% if slave_
type
== 'zope' -%}
{% if 'default-path' in slave_parameter %}
{% if 'default-path' in slave_parameter %}
RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
{% endif -%}
{% endif -%}
...
@@ -79,8 +76,8 @@
...
@@ -79,8 +76,8 @@
# If so, let's use Virtual Host Monster rewrite
# If so, let's use Virtual Host Monster rewrite
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
# We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }}/VirtualHostBase/https//%{SERVER_NAME}:443/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
RewriteRule ^/(.*)$ {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }}/VirtualHostBase/https//%{SERVER_NAME}:443/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
{% elif slave_
parameter.get('type', '')
== 'redirect' -%}
{% elif slave_
type
== 'redirect' -%}
RewriteRule
(.*) {{ slave_parameter.get('https-url', slave_parameter.get('url', ''))}}$1 [R,L]
RewriteRule (.*) {{ slave_parameter.get('https-url', slave_parameter.get('url', ''))}}$1 [R,L]
{% else -%}
{% else -%}
{% if 'default-path' in slave_parameter %}
{% if 'default-path' in slave_parameter %}
RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
...
@@ -93,15 +90,11 @@
...
@@ -93,15 +90,11 @@
ServerName {{ slave_parameter.get('custom_domain') }}
ServerName {{ slave_parameter.get('custom_domain') }}
ServerAlias {{ slave_parameter.get('custom_domain') }}
ServerAlias {{ slave_parameter.get('custom_domain') }}
{%- if 'server-alias' in slave_parameter %}
{%- for server_alias in server_alias_list %}
{% set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{%- for server_alias in server_alias_list %}
ServerAlias {{ server_alias }}
ServerAlias {{ server_alias }}
{% endfor -%}
{% endfor -%}
{% endif %}
SSLProxyEngine on
SSLProxyEngine on
{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
{% if ssl_proxy_verify -%}
{% if ssl_proxy_verify -%}
{% if 'ssl_proxy_ca_crt' in slave_parameter -%}
{% if 'ssl_proxy_ca_crt' in slave_parameter -%}
SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
...
@@ -132,28 +125,24 @@
...
@@ -132,28 +125,24 @@
RequestHeader unset Pragma
RequestHeader unset Pragma
{% endif -%}
{% endif -%}
{% if 'disabled-cookie-list' in slave_parameter -%}
{%- for disabled_cookie in disabled_cookie_list %}
{% set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %}
{%- for disabled_cookie in disabled_cookie_list %}
{{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{% endfor -%}
{% endfor -%}
{% endif %}
{%- if prefer_gzip %}
{%- if prefer_gzip %}
RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
{% endif %}
{% endif %}
# Next line is forbidden and people who copy it will be hanged short
# Next line is forbidden and people who copy it will be hanged short
{% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
{% if https_only -%}
{% if https_only -%}
# Not using HTTPS? Ask that guy over there.
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
# on standard port (443).
RewriteCond %{SERVER_PORT} !^{{ https_port }}$
RewriteCond %{SERVER_PORT} !^{{ https_port }}$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
{% elif slave_
parameter.get('type', '')
== 'redirect' -%}
{% elif slave_
type
== 'redirect' -%}
RewriteRule (.*) {{slave_parameter.get('url', '')}}$1 [R,L]
RewriteRule (.*) {{slave_parameter.get('url', '')}}$1 [R,L]
{% elif slave_
parameter.get('type', '')
== 'zope' -%}
{% elif slave_
type
== 'zope' -%}
{% if 'default-path' in slave_parameter %}
{% if 'default-path' in slave_parameter %}
RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
{% endif -%}
{% endif -%}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment