diff options
author | Micah Anderson <micah@leap.se> | 2014-04-04 10:37:09 -0400 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2014-04-04 10:37:09 -0400 |
commit | 6af957a1c20f75a827655a3cd75e40a03cffe7c4 (patch) | |
tree | e5995b0c4b53583fd9d16857f66f81137dccbf73 /puppet/modules/site_static/templates | |
parent | 7451213d5e0772d0d6cba4613bf66792da495909 (diff) | |
parent | 1551f785c5c7c515781995928eec7659365d8988 (diff) |
Merge branch '0.5' into develop
Conflicts:
provider_base/services/tor.json
Change-Id: I826579945a0d93c43384f0fd12c9833762b084cf
Diffstat (limited to 'puppet/modules/site_static/templates')
-rw-r--r-- | puppet/modules/site_static/templates/apache.conf.erb | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb new file mode 100644 index 00000000..76534911 --- /dev/null +++ b/puppet/modules/site_static/templates/apache.conf.erb @@ -0,0 +1,109 @@ +<%- + ## + ## An apache config for static websites. + ## + def location_directory(name, location) + if location['format'] == 'amber' + File.join(@base_dir, name, 'public') + else + File.join(@base_dir, name) + end + end + document_root = '/var/www' + @locations.each do |name, location| + if location['path'] == '/' + document_root = location_directory(name, location) + end + end +-%> + +<VirtualHost *:80> + ServerName <%= @domain %> + ServerAlias www.<%= @domain %> + RewriteEngine On + RewriteRule ^.*$ https://<%= @domain -%>%{REQUEST_URI} [R=permanent,L] +</VirtualHost> + +<VirtualHost *:443> + ServerName <%= @domain %> + ServerAlias www.<%= @domain %> + + #RewriteLog "/var/log/apache2/rewrite.log" + #RewriteLogLevel 3 + + SSLEngine on + SSLProtocol -all +SSLv3 +TLSv1 + SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH + SSLHonorCipherOrder on + + Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" + Header set X-Frame-Options "deny" + + SSLCertificateKeyFile /etc/x509/keys/<%= @domain %>.key + SSLCertificateFile /etc/x509/certs/<%= @domain %>.crt + SSLCertificateChainFile /etc/ssl/certs/<%= @domain %>_ca.pem + + RequestHeader set X_FORWARDED_PROTO 'https' + + DocumentRoot <%= document_root %> + +<%- @locations.each do |name, location| -%> + ## + ## <%= name %> + ## + <%- if location['path'] == '/' -%> + # Location / + <%- else -%> + Alias <%= location['path'] %> <%= location_directory(name, location) %> + <Location <%= location['path'] %>> + <%- end -%> + # remove trailing slashes + RewriteEngine On + RewriteRule ^(.+)/$ /$1 [R=301,L] + + # e.g. /de/blah => /blah/index.de.html + RewriteCond %{DOCUMENT_ROOT}/$2/index.$1.html -f + RewriteRule ^/([a-z]{2})/(.*) /$2/index.$1.html [L] + + # e.g. /de/foo/bar => /foo/bar.de.html + RewriteCond %{DOCUMENT_ROOT}/$2.$1.html -f + RewriteRule ^/([a-z]{2})/(.*) /$2.$1.html [L] + + # e.g. /de => /index.de.html + RewriteCond %{DOCUMENT_ROOT}/index.$1.html -f + RewriteRule ^/([a-z]{2})$ /index.$1.html [L] + + # e.g. /de/img.png => /img.png + RewriteCond %{DOCUMENT_ROOT}/$2 -f + RewriteRule ^/([a-z]{2})/(.*) /$2 [L] + + # Simulate "DirectorySlash On" + # e.g. /foo/bar => /foo/bar/ (so that MultiViews will negotiate correct locale file) + RewriteCond %{DOCUMENT_ROOT}/$1 -d + RewriteRule ^/(.*[^/])$ /$1/ [PT] + <%- if location['path'] == '/' -%> + # end Location / + <%- else -%> + </Location> + <%- end -%> + <Directory <%= location_directory(name, location) %>> + ## + ## PERMISSIONS + ## + AllowOverride None + Order deny,allow + Allow from all + + ## + ## LOCALE SUPPORT (e.g. index.en.html) + ## + LanguagePriority en + ForceLanguagePriority Prefer Fallback + DirectoryIndex index + DirectorySlash Off + Options +MultiViews + </Directory> + +<%- end -%> + +</VirtualHost> |