From 4e3d168d103fea6476694997275c4df4821535f3 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 30 May 2014 14:52:26 -0700 Subject: static site: added rack support, added custom apache config --- .../modules/site_static/templates/apache.conf.erb | 60 +++++++++++----------- 1 file changed, 30 insertions(+), 30 deletions(-) (limited to 'puppet/modules/site_static/templates/apache.conf.erb') diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb index b694d44c..b23c1bf9 100644 --- a/puppet/modules/site_static/templates/apache.conf.erb +++ b/puppet/modules/site_static/templates/apache.conf.erb @@ -2,20 +2,23 @@ ## ## An apache config for static websites. ## + def location_directory(name, location) - if location['format'] == 'amber' + if ['amber', 'rack'].include?(location['format']) File.join(@base_dir, name, 'public') else File.join(@base_dir, name) end end - document_root = '/var/www' - @locations.each do |name, location| - if location['path'] == '/' - document_root = location_directory(name, location) + + @document_root = begin + root = '/var/www' + @locations && @locations.each do |name, location| + root = location_directory(name, location) if location['path'] == '/' end + root.gsub(%r{^/|/$}, '') end - document_root = document_root.gsub(%r{^/|/$}, '') + bootstrap_domain = scope.lookupvar('site_static::bootstrap_domain') bootstrap_client = scope.lookupvar('site_static::bootstrap_client') -%> @@ -26,8 +29,10 @@ <%- @aliases && @aliases.each do |domain_alias| -%> ServerAlias <%= domain_alias %> <%- end -%> +<%- if @tls_only -%> RewriteEngine On RewriteRule ^.*$ https://<%= @domain -%>%{REQUEST_URI} [R=permanent,L] +<%- end -%> @@ -46,8 +51,12 @@ SSLCompression off SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK" +<%- if @tls_only -%> Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" +<%- end -%> Header set X-Frame-Options "deny" + Header always unset X-Powered-By + Header always unset X-Runtime SSLCertificateKeyFile /etc/x509/keys/<%= @domain %>.key SSLCertificateFile /etc/x509/certs/<%= @domain %>.crt @@ -55,37 +64,28 @@ RequestHeader set X_FORWARDED_PROTO 'https' - DocumentRoot "/<%= document_root %>/" + DocumentRoot "/<%= @document_root %>/" AccessFileName .htaccess -<%- @locations.each do |name, location| -%> - <%- path = location['path'].gsub(%r{^/|/$}, '') -%> - <%- directory = location_directory(name, location) -%> - ## - ## <%= name %> - ## - <%- if path == '' -%> - /"> - AllowOverride FileInfo Indexes Options=All,MultiViews - Order deny,allow - Allow from all - - <%- if ([@aliases]+[@domain]).flatten.include?(bootstrap_domain) -%> +<%- if ([@aliases]+[@domain]).flatten.include?(bootstrap_domain) -%> Alias /provider.json /srv/leap/provider.json Header set X-Minimum-Client-Version <%= bootstrap_client['min'] %> - <%- end -%> - <%- else -%> - AliasMatch ^/[a-z]{2}/<%=path%>(/.+|/|)$ "/<%=directory%>/$1" - Alias /<%=path%> "/<%=directory%>/" - /"> - AllowOverride FileInfo Indexes Options=All,MultiViews - Order deny,allow - Allow from all - - <%- end -%> +<%- end -%> + +<%- if @apache_config -%> +<%= @apache_config %> +<%- end -%> +<%- @locations && @locations.each do |name, location| -%> +<%- location_path = location['path'].gsub(%r{^/|/$}, '') -%> +<%- directory = location_directory(name, location) -%> +<%- local_vars = {'location_path'=>location_path, 'directory'=>directory, 'location'=>location, 'name'=>name} -%> + ## + ## <%= name %> (<%= location['format'] %>) + ## +<%= scope.function_templatewlv([File.join(File.dirname(__FILE__), location['format']) + '.erb', local_vars]) %> <%- end -%> -- cgit v1.2.3