summaryrefslogtreecommitdiff
path: root/puppet/modules/site_static/templates
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2014-04-04 10:37:09 -0400
committerMicah Anderson <micah@leap.se>2014-04-04 10:37:09 -0400
commit6af957a1c20f75a827655a3cd75e40a03cffe7c4 (patch)
treee5995b0c4b53583fd9d16857f66f81137dccbf73 /puppet/modules/site_static/templates
parent7451213d5e0772d0d6cba4613bf66792da495909 (diff)
parent1551f785c5c7c515781995928eec7659365d8988 (diff)
Merge branch '0.5' into develop
Conflicts: provider_base/services/tor.json Change-Id: I826579945a0d93c43384f0fd12c9833762b084cf
Diffstat (limited to 'puppet/modules/site_static/templates')
-rw-r--r--puppet/modules/site_static/templates/apache.conf.erb109
1 files changed, 109 insertions, 0 deletions
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb
new file mode 100644
index 00000000..76534911
--- /dev/null
+++ b/puppet/modules/site_static/templates/apache.conf.erb
@@ -0,0 +1,109 @@
+<%-
+ ##
+ ## An apache config for static websites.
+ ##
+ def location_directory(name, location)
+ if location['format'] == 'amber'
+ File.join(@base_dir, name, 'public')
+ else
+ File.join(@base_dir, name)
+ end
+ end
+ document_root = '/var/www'
+ @locations.each do |name, location|
+ if location['path'] == '/'
+ document_root = location_directory(name, location)
+ end
+ end
+-%>
+
+<VirtualHost *:80>
+ ServerName <%= @domain %>
+ ServerAlias www.<%= @domain %>
+ RewriteEngine On
+ RewriteRule ^.*$ https://<%= @domain -%>%{REQUEST_URI} [R=permanent,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName <%= @domain %>
+ ServerAlias www.<%= @domain %>
+
+ #RewriteLog "/var/log/apache2/rewrite.log"
+ #RewriteLogLevel 3
+
+ SSLEngine on
+ SSLProtocol -all +SSLv3 +TLSv1
+ SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
+ SSLHonorCipherOrder on
+
+ Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+ Header set X-Frame-Options "deny"
+
+ SSLCertificateKeyFile /etc/x509/keys/<%= @domain %>.key
+ SSLCertificateFile /etc/x509/certs/<%= @domain %>.crt
+ SSLCertificateChainFile /etc/ssl/certs/<%= @domain %>_ca.pem
+
+ RequestHeader set X_FORWARDED_PROTO 'https'
+
+ DocumentRoot <%= document_root %>
+
+<%- @locations.each do |name, location| -%>
+ ##
+ ## <%= name %>
+ ##
+ <%- if location['path'] == '/' -%>
+ # Location /
+ <%- else -%>
+ Alias <%= location['path'] %> <%= location_directory(name, location) %>
+ <Location <%= location['path'] %>>
+ <%- end -%>
+ # remove trailing slashes
+ RewriteEngine On
+ RewriteRule ^(.+)/$ /$1 [R=301,L]
+
+ # e.g. /de/blah => /blah/index.de.html
+ RewriteCond %{DOCUMENT_ROOT}/$2/index.$1.html -f
+ RewriteRule ^/([a-z]{2})/(.*) /$2/index.$1.html [L]
+
+ # e.g. /de/foo/bar => /foo/bar.de.html
+ RewriteCond %{DOCUMENT_ROOT}/$2.$1.html -f
+ RewriteRule ^/([a-z]{2})/(.*) /$2.$1.html [L]
+
+ # e.g. /de => /index.de.html
+ RewriteCond %{DOCUMENT_ROOT}/index.$1.html -f
+ RewriteRule ^/([a-z]{2})$ /index.$1.html [L]
+
+ # e.g. /de/img.png => /img.png
+ RewriteCond %{DOCUMENT_ROOT}/$2 -f
+ RewriteRule ^/([a-z]{2})/(.*) /$2 [L]
+
+ # Simulate "DirectorySlash On"
+ # e.g. /foo/bar => /foo/bar/ (so that MultiViews will negotiate correct locale file)
+ RewriteCond %{DOCUMENT_ROOT}/$1 -d
+ RewriteRule ^/(.*[^/])$ /$1/ [PT]
+ <%- if location['path'] == '/' -%>
+ # end Location /
+ <%- else -%>
+ </Location>
+ <%- end -%>
+ <Directory <%= location_directory(name, location) %>>
+ ##
+ ## PERMISSIONS
+ ##
+ AllowOverride None
+ Order deny,allow
+ Allow from all
+
+ ##
+ ## LOCALE SUPPORT (e.g. index.en.html)
+ ##
+ LanguagePriority en
+ ForceLanguagePriority Prefer Fallback
+ DirectoryIndex index
+ DirectorySlash Off
+ Options +MultiViews
+ </Directory>
+
+<%- end -%>
+
+</VirtualHost>