Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
103
Merge Requests
103
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
nexedi
slapos
Commits
ecd0a327
Commit
ecd0a327
authored
May 27, 2013
by
Cédric Le Ninivin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
apache-frontend: Add Custom SSL posibility for default mode, fix various problems
parent
2586f0e2
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
63 additions
and
24 deletions
+63
-24
software/apache-frontend/apache-yakari.cfg.in
software/apache-frontend/apache-yakari.cfg.in
+20
-0
software/apache-frontend/default-virtualhost.conf.in
software/apache-frontend/default-virtualhost.conf.in
+43
-24
No files found.
software/apache-frontend/apache-yakari.cfg.in
View file @
ecd0a327
...
@@ -51,6 +51,26 @@ extra-context =
...
@@ -51,6 +51,26 @@ extra-context =
raw error_log {{ error_log }}
raw error_log {{ error_log }}
{{ '\n' }}
{{ '\n' }}
# Set ssl certificates for each slave
{% for cert_name in ('ssl_key', 'ssl_crt', 'ssl_ca_crt', 'ssl_csr')-%}
{% if cert_name in slave_instance -%}
{% set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) -%}
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%}
{% do part_list.append(cert_title) -%}
{% do slave_instance.__setitem__('path_to_' ~ cert_name, cert_file) -%}
# Store certificates on fs
[{{ cert_title }}]
< = jinja2-template-base
template = {{ empty_template }}
rendered = {{ cert_file }}
extra-context =
key content {{ cert_title + '-config:value' }}
# Store certificate in config
[{{ cert_title + '-config' }}]
value = {{ dumps(slave_instance.get(cert_name)) }}
{% endif -%}
{% endfor -%}
# Set apache configuration for slave
# Set apache configuration for slave
[{{ ('slave-instance-%s-configuration' % slave_reference) }}]
[{{ ('slave-instance-%s-configuration' % slave_reference) }}]
{% for key, value in slave_instance.iteritems() -%}
{% for key, value in slave_instance.iteritems() -%}
...
...
software/apache-frontend/default-virtualhost.conf.in
View file @
ecd0a327
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
<VirtualHost *:{{ http_port }}>
<VirtualHost *:{{ https_port }}>
ServerName {{ slave_parameter.get('domain') }}
ServerName {{ slave_parameter.get('domain') }}
ServerAlias {{ slave_parameter.get('domain') }}
ServerAlias {{ slave_parameter.get('domain') }}
SSLEngine on
SSLEngine on
SSLProxyEngine on
SSLProxyEngine on
# Rewrite part
SSLProtocol -ALL +SSLv3 +TLSv1
ProxyVia On
SSLHonorCipherOrder On
ProxyPreserveHost On
SSLCipherSuite RC4-SHA:HIGH:!ADH
ProxyTimeout 600
RewriteEngine On
{% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
('SSLCertificateKeyFile', 'path_to_ssl_key'),
('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
{% for key, value in ssl_configuration_list -%}
{% if value in slave_parameter -%}
{{ ' %s' % key }} {{ slave_parameter.get(value) }}
{% endif -%}
{% endfor -%}
# One Slave two logs
# One Slave two logs
ErrorLog "{{ error_log }}"
ErrorLog "{{ error_log }}"
...
@@ -16,30 +28,26 @@
...
@@ -16,30 +28,26 @@
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
CustomLog "{{ access_log }}" combined
CustomLog "{{ access_log }}" combined
# Next line is forbidden and people who copy it will be hanged short
# Rewrite part
{% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
ProxyVia On
{% if https_only in slave_parameter -%}
ProxyPreserveHost On
# Not using HTTPS? Ask that guy over there.
ProxyTimeout 600
# Dummy redirection to https. Note: will work only if https listens
RewriteEngine On
# on standard port (443).
RewriteRule ^/(.*)$ https://%{DOMAIN}%{REQUEST_URI}
{% if slave_parameter.get('type', '') == 'zope' -%}
{% elif slave_parameter.get('type', '') == 'zope' -%}
# First, we check if we have a zope backend server
# First, we check if we have a zope backend server
# If so, let's use Virtual Host Daemon rewrite
# If so, let's use Virtual Host Daemon rewrite
# We suppose that Apache listens to
80
(even indirectly thanks to things like iptables)
# We suppose that Apache listens to
443
(even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http
/{{ slave_parameter.get('domain', '') }}:80
/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http
s/{{ slave_parameter.get('domain', '') }}:443
/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
{% else -%}
{% else -%}
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
{% endif -%}
{% endif -%}
# If nothing exist : put a nice error
# ErrorDocument 404 /notfound.html
# Dadiboom
</VirtualHost>
</VirtualHost>
<VirtualHost *:{{ http
s
_port }}>
<VirtualHost *:{{ http_port }}>
ServerName {{ slave_parameter.get('domain') }}
ServerName {{ slave_parameter.get('domain') }}
ServerAlias {{ slave_parameter.get('domain') }}
ServerAlias {{ slave_parameter.get('domain') }}
SSLEngine on
SSLProxyEngine on
SSLProxyEngine on
# Rewrite part
# Rewrite part
ProxyVia On
ProxyVia On
...
@@ -56,12 +64,23 @@
...
@@ -56,12 +64,23 @@
# Remove "Secure" from cookies, as backend may be https
# Remove "Secure" from cookies, as backend may be https
Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
{% if slave_parameter.get('type', '') == 'zope' -%}
# Next line is forbidden and people who copy it will be hanged short
{% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
{% if https_only in slave_parameter -%}
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
RewriteRule ^/(.*)$ https://%{DOMAIN}%{REQUEST_URI}
{% elif slave_parameter.get('type', '') == 'zope' -%}
# First, we check if we have a zope backend server
# First, we check if we have a zope backend server
# If so, let's use Virtual Host Daemon rewrite
# If so, let's use Virtual Host Daemon rewrite
# We suppose that Apache listens to
443
(even indirectly thanks to things like iptables)
# We suppose that Apache listens to
80
(even indirectly thanks to things like iptables)
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http
s/{{ slave_parameter.get('domain', '') }}:443
/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http
/{{ slave_parameter.get('domain', '') }}:80
/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
{% else -%}
{% else -%}
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P]
{% endif -%}
{% endif -%}
# If nothing exist : put a nice error
# ErrorDocument 404 /notfound.html
# Dadiboom
</VirtualHost>
</VirtualHost>
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment