Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jean-Paul Smets
slapos
Commits
ecd0a327
Commit
ecd0a327
authored
May 27, 2013
by
Cédric Le Ninivin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
apache-frontend: Add Custom SSL posibility for default mode, fix various problems
parent
2586f0e2
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
63 additions
and
24 deletions
+63
-24
software/apache-frontend/apache-yakari.cfg.in
software/apache-frontend/apache-yakari.cfg.in
+20
-0
software/apache-frontend/default-virtualhost.conf.in
software/apache-frontend/default-virtualhost.conf.in
+43
-24
No files found.
software/apache-frontend/apache-yakari.cfg.in
View file @
ecd0a327
...
@@ -51,6 +51,26 @@ extra-context =
...
@@ -51,6 +51,26 @@ extra-context =
raw error_log {{ error_log }}
raw error_log {{ error_log }}
{{ '\n' }}
{{ '\n' }}
# Set ssl certificates for each slave
{% for cert_name in ('ssl_key', 'ssl_crt', 'ssl_ca_crt', 'ssl_csr')-%}
{% if cert_name in slave_instance -%}
{% set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) -%}
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%}
{% do part_list.append(cert_title) -%}
{% do slave_instance.__setitem__('path_to_' ~ cert_name, cert_file) -%}
# Store certificates on fs
[{{ cert_title }}]
< = jinja2-template-base
template = {{ empty_template }}
rendered = {{ cert_file }}
extra-context =
key content {{ cert_title + '-config:value' }}
# Store certificate in config
[{{ cert_title + '-config' }}]
value = {{ dumps(slave_instance.get(cert_name)) }}
{% endif -%}
{% endfor -%}
# Set apache configuration for slave
# Set apache configuration for slave
[{{ ('slave-instance-%s-configuration' % slave_reference) }}]
[{{ ('slave-instance-%s-configuration' % slave_reference) }}]
{% for key, value in slave_instance.iteritems() -%}
{% for key, value in slave_instance.iteritems() -%}
...
...
software/apache-frontend/default-virtualhost.conf.in
View file @
ecd0a327
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
<VirtualHost *:{{ http_port }}>
<VirtualHost *:{{ https_port }}>
ServerName {{ slave_parameter.get('domain') }}
ServerName {{ slave_parameter.get('domain') }}
ServerAlias {{ slave_parameter.get('domain') }}
ServerAlias {{ slave_parameter.get('domain') }}
SSLEngine on
SSLEngine on
SSLProxyEngine on
SSLProxyEngine on
# Rewrite part
SSLProtocol -ALL +SSLv3 +TLSv1
ProxyVia On
SSLHonorCipherOrder On
ProxyPreserveHost On
SSLCipherSuite RC4-SHA:HIGH:!ADH
ProxyTimeout 600
RewriteEngine On
{% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
('SSLCertificateKeyFile', 'path_to_ssl_key'),
('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
{% for key, value in ssl_configuration_list -%}
{% if value in slave_parameter -%}
{{ ' %s' % key }} {{ slave_parameter.get(value) }}
{% endif -%}
{% endfor -%}
# One Slave two logs
# One Slave two logs
ErrorLog "{{ error_log }}"
ErrorLog "{{ error_log }}"
...
@@ -16,30 +28,26 @@
...
@@ -16,30 +28,26 @@
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
CustomLog "{{ access_log }}" combined
CustomLog "{{ access_log }}" combined
# Next line is forbidden and people who copy it will be hanged short
# Rewrite part
{% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
ProxyVia On
{% if https_only in slave_parameter -%}
ProxyPreserveHost On
# Not using HTTPS? Ask that guy over there.
ProxyTimeout 600
# Dummy redirection to https. Note: will work only if https listens
RewriteEngine On
# on standard port (443).
RewriteRule ^/(.*)$ https://%{DOMAIN}%{REQUEST_URI}
{% if slave_parameter.get('type', '') == 'zope' -%}
{% elif slave_parameter.get('type', '') == 'zope' -%}
# First, we check if we have a zope backend server
# First, we check if we have a zope backend server
# If so, let's use Virtual Host Daemon rewrite
# If so, let's use Virtual Host Daemon rewrite
# We suppose that Apache listens to
80
(even indirectly thanks to things like iptables)
# We suppose that Apache listens to
443
(even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http
/{{ slave_parameter.get('domain', '') }}:80
/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http
s/{{ slave_parameter.get('domain', '') }}:443
/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
{% else -%}
{% else -%}
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
{% endif -%}
{% endif -%}
# If nothing exist : put a nice error
# ErrorDocument 404 /notfound.html
# Dadiboom
</VirtualHost>
</VirtualHost>
<VirtualHost *:{{ http
s
_port }}>
<VirtualHost *:{{ http_port }}>
ServerName {{ slave_parameter.get('domain') }}
ServerName {{ slave_parameter.get('domain') }}
ServerAlias {{ slave_parameter.get('domain') }}
ServerAlias {{ slave_parameter.get('domain') }}
SSLEngine on
SSLProxyEngine on
SSLProxyEngine on
# Rewrite part
# Rewrite part
ProxyVia On
ProxyVia On
...
@@ -56,12 +64,23 @@
...
@@ -56,12 +64,23 @@
# Remove "Secure" from cookies, as backend may be https
# Remove "Secure" from cookies, as backend may be https
Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
{% if slave_parameter.get('type', '') == 'zope' -%}
# Next line is forbidden and people who copy it will be hanged short
{% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
{% if https_only in slave_parameter -%}
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
RewriteRule ^/(.*)$ https://%{DOMAIN}%{REQUEST_URI}
{% elif slave_parameter.get('type', '') == 'zope' -%}
# First, we check if we have a zope backend server
# First, we check if we have a zope backend server
# If so, let's use Virtual Host Daemon rewrite
# If so, let's use Virtual Host Daemon rewrite
# We suppose that Apache listens to
443
(even indirectly thanks to things like iptables)
# We suppose that Apache listens to
80
(even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http
s/{{ slave_parameter.get('domain', '') }}:443
/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http
/{{ slave_parameter.get('domain', '') }}:80
/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
{% else -%}
{% else -%}
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
{% endif -%}
{% endif -%}
# If nothing exist : put a nice error
# ErrorDocument 404 /notfound.html
# Dadiboom
</VirtualHost>
</VirtualHost>
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment