diff options
| author | Micah Anderson <micah@leap.se> | 2014-04-22 14:13:46 -0400 |
|---|---|---|
| committer | Micah Anderson <micah@leap.se> | 2014-04-22 14:13:46 -0400 |
| commit | 327d5c934e408f90011d7949b89ab01fed88998e (patch) | |
| tree | 77cfefffc8f9ffe160c4413b26dd5ca5cdd6f1e8 /puppet/modules/site_static/templates | |
| parent | ca11482dd7cd4ea8ffa69407ee2fd5b5e1b7981b (diff) | |
| parent | 4295f334ea4f92d7fb47f7121a42633630c368d1 (diff) | |
Merge branch 'develop' (0.5.0)
Conflicts:
.gitignore
Change-Id: I778f3e1f1f4832f5894bc149ead67e9a4becf304
Diffstat (limited to 'puppet/modules/site_static/templates')
| -rw-r--r-- | puppet/modules/site_static/templates/apache.conf.erb | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb new file mode 100644 index 00000000..2abe1a98 --- /dev/null +++ b/puppet/modules/site_static/templates/apache.conf.erb @@ -0,0 +1,77 @@ +<%- + ## + ## An apache config for static websites. + ## + def location_directory(name, location) + if location['format'] == 'amber' + File.join(@base_dir, name, 'public') + else + File.join(@base_dir, name) + end + end + document_root = '/var/www' + @locations.each do |name, location| + if location['path'] == '/' + document_root = location_directory(name, location) + end + end + document_root = document_root.gsub(%r{^/|/$}, '') +-%> + +<VirtualHost *:80> + ServerName <%= @domain %> + ServerAlias www.<%= @domain %> + RewriteEngine On + RewriteRule ^.*$ https://<%= @domain -%>%{REQUEST_URI} [R=permanent,L] +</VirtualHost> + +<VirtualHost *:443> + ServerName <%= @domain %> + ServerAlias www.<%= @domain %> + + #RewriteLog "/var/log/apache2/rewrite.log" + #RewriteLogLevel 3 + + SSLEngine on + SSLProtocol all -SSLv2 + SSLHonorCipherOrder on + SSLCompression off + SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK" + + Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" + Header set X-Frame-Options "deny" + + SSLCertificateKeyFile /etc/x509/keys/<%= @domain %>.key + SSLCertificateFile /etc/x509/certs/<%= @domain %>.crt + SSLCertificateChainFile /etc/ssl/certs/<%= @domain %>_ca.pem + + RequestHeader set X_FORWARDED_PROTO 'https' + + DocumentRoot "/<%= document_root %>/" + AccessFileName .htaccess + +<%- @locations.each do |name, location| -%> + <%- path = location['path'].gsub(%r{^/|/$}, '') -%> + <%- directory = location_directory(name, location) -%> + ## + ## <%= name %> + ## + <%- if path == '' -%> + <Directory "/<%= document_root %>/"> + AllowOverride FileInfo Indexes Options=All,MultiViews + Order deny,allow + Allow from all + </Directory> + <%- else -%> + AliasMatch ^/[a-z]{2}/<%=path%>(/.+|/|)$ "/<%=directory%>/$1" + Alias /<%=path%> "/<%=directory%>/" + <Directory "/<%=directory%>/"> + AllowOverride FileInfo Indexes Options=All,MultiViews + Order deny,allow + Allow from all + </Directory> + <%- end -%> + +<%- end -%> + +</VirtualHost> |