From 91c638f7d30243f0c5c079659bd3bd1d32a7cc7c Mon Sep 17 00:00:00 2001 From: Micah Date: Mon, 19 Oct 2015 20:57:07 -0400 Subject: change apache header set for HSTS to be always, otherwise it wont be set for redirects (#7540) Change-Id: Ic77c64c03a99dad951f42633de04c352bed17c1e --- puppet/modules/site_static/templates/apache.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_static/templates') diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb index 4d61cc08..2853c5c7 100644 --- a/puppet/modules/site_static/templates/apache.conf.erb +++ b/puppet/modules/site_static/templates/apache.conf.erb @@ -48,7 +48,7 @@ Include include.d/ssl_common.inc <%- if @tls_only -%> - Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" + Header always set Strict-Transport-Security: "max-age=15768000;includeSubdomains" <%- end -%> Header set X-Frame-Options "deny" Header always unset X-Powered-By -- cgit v1.2.3 From 33cf7e313cf9dfa2e5ac0e8eeb91cacb016ebe62 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 27 Jan 2016 21:03:58 +0100 Subject: [refactor] Optimize static apache vhost templates - Related: #7853 --- puppet/modules/site_static/templates/amber.erb | 10 ++-------- puppet/modules/site_static/templates/rack.erb | 10 ++-------- 2 files changed, 4 insertions(+), 16 deletions(-) (limited to 'puppet/modules/site_static/templates') diff --git a/puppet/modules/site_static/templates/amber.erb b/puppet/modules/site_static/templates/amber.erb index 17dc2ad6..48df555e 100644 --- a/puppet/modules/site_static/templates/amber.erb +++ b/puppet/modules/site_static/templates/amber.erb @@ -1,15 +1,9 @@ -<%- if @location_path == '' -%> - /"> - AllowOverride FileInfo Indexes Options=All,MultiViews - Order deny,allow - Allow from all - -<%- else -%> +<%- if @location_path != '' -%> AliasMatch ^/[a-z]{2}/<%=@location_path%>(/.+|/|)$ "<%=@directory%>/$1" Alias /<%=@location_path%> "<%=@directory%>/" +<%- end -%> /"> AllowOverride FileInfo Indexes Options=All,MultiViews Order deny,allow Allow from all -<%- end -%> diff --git a/puppet/modules/site_static/templates/rack.erb b/puppet/modules/site_static/templates/rack.erb index aae91f1c..d70d3ddb 100644 --- a/puppet/modules/site_static/templates/rack.erb +++ b/puppet/modules/site_static/templates/rack.erb @@ -1,21 +1,15 @@ #PassengerLogLevel 1 #PassengerAppEnv production #PassengerFriendlyErrorPages on -<%- if @location_path == '' -%> - "> - Order deny,allow - Allow from all - Options -MultiViews - -<%- else -%> +<%- if @location_path != '' -%> Alias /<%=@location_path%> "<%=@directory%>" > PassengerBaseURI /<%=@location_path%> PassengerAppRoot "<%=File.dirname(@directory)%>" +<%- end -%> "> Order deny,allow Allow from all Options -MultiViews -<%- end -%> -- cgit v1.2.3 From 8effa368557761c23f5496d4a26554b9cec6036c Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 27 Jan 2016 21:12:07 +0100 Subject: [bug] [jessie] Fix apache 2.4 auth directives - Resolves: #7853 --- puppet/modules/site_static/templates/amber.erb | 4 ++++ puppet/modules/site_static/templates/rack.erb | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_static/templates') diff --git a/puppet/modules/site_static/templates/amber.erb b/puppet/modules/site_static/templates/amber.erb index 48df555e..694f1136 100644 --- a/puppet/modules/site_static/templates/amber.erb +++ b/puppet/modules/site_static/templates/amber.erb @@ -4,6 +4,10 @@ <%- end -%> /"> AllowOverride FileInfo Indexes Options=All,MultiViews +<% if scope.function_guess_apache_version([]) == '2.4' %> + Require all granted +<% else %> Order deny,allow Allow from all +<% end %> diff --git a/puppet/modules/site_static/templates/rack.erb b/puppet/modules/site_static/templates/rack.erb index d70d3ddb..431778bb 100644 --- a/puppet/modules/site_static/templates/rack.erb +++ b/puppet/modules/site_static/templates/rack.erb @@ -9,7 +9,11 @@ <%- end -%> "> + Options -MultiViews +<% if scope.function_guess_apache_version([]) == '2.4' %> + Require all granted +<% else %> Order deny,allow Allow from all - Options -MultiViews +<% end %> -- cgit v1.2.3 From 3b5ce74f81bb56af0b94a119a85649446a3d6e19 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 3 May 2016 13:21:17 -0400 Subject: migrate from obsolete SSLCertificateChainFile apache option (#8055) Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb --- puppet/modules/site_static/templates/apache.conf.erb | 1 - 1 file changed, 1 deletion(-) (limited to 'puppet/modules/site_static/templates') diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb index 2853c5c7..6b969d1c 100644 --- a/puppet/modules/site_static/templates/apache.conf.erb +++ b/puppet/modules/site_static/templates/apache.conf.erb @@ -56,7 +56,6 @@ SSLCertificateKeyFile /etc/x509/keys/<%= @domain %>.key SSLCertificateFile /etc/x509/certs/<%= @domain %>.crt - SSLCertificateChainFile /etc/ssl/certs/<%= @domain %>_ca.pem RequestHeader set X_FORWARDED_PROTO 'https' -- cgit v1.2.3