%-
##
## An apache config for static websites.
##
def location_directory(name, location)
if ['amber', 'rack'].include?(location['format'])
File.join(@base_dir, name, 'public')
else
File.join(@base_dir, name)
end
end
@document_root = begin
root = '/var/www'
@locations && @locations.each do |name, location|
root = location_directory(name, location) if location['path'] == '/'
end
root.gsub(%r{^/|/$}, '')
end
bootstrap_domain = scope.lookupvar('site_static::bootstrap_domain')
bootstrap_client = scope.lookupvar('site_static::bootstrap_client')
-%>
ServerName <%= @domain %>
ServerAlias www.<%= @domain %>
<%- @aliases && @aliases.each do |domain_alias| -%>
ServerAlias <%= domain_alias %>
<%- end -%>
<%- if @tls_only -%>
RewriteEngine On
RewriteRule ^.*$ https://<%= @domain -%>%{REQUEST_URI} [R=permanent,L]
<%- end -%>
ServerName <%= @domain %>
ServerAlias www.<%= @domain %>
<%- @aliases && @aliases.each do |domain_alias| -%>
ServerAlias <%= domain_alias %>
<%- end -%>
#RewriteLog "/var/log/apache2/rewrite.log"
#RewriteLogLevel 3
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression off
SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK"
<%- if @tls_only -%>
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
<%- end -%>
Header set X-Frame-Options "deny"
Header always unset X-Powered-By
Header always unset X-Runtime
SSLCertificateKeyFile /etc/x509/keys/<%= @domain %>.key
SSLCertificateFile /etc/x509/certs/<%= @domain %>.crt
SSLCertificateChainFile /etc/ssl/certs/<%= @domain %>_ca.pem
RequestHeader set X_FORWARDED_PROTO 'https'
DocumentRoot "/<%= @document_root %>/"
AccessFileName .htaccess
<%- if ([@aliases]+[@domain]).flatten.include?(bootstrap_domain) -%>
Alias /provider.json /srv/leap/provider.json
Header set X-Minimum-Client-Version <%= bootstrap_client['min'] %>
<%- end -%>
<%- if @apache_config -%>
<%= @apache_config.gsub(':percent:','%') %>
<%- end -%>
<%- @locations && @locations.each do |name, location| -%>
<%- location_path = location['path'].gsub(%r{^/|/$}, '') -%>
<%- directory = location_directory(name, location) -%>
<%- local_vars = {'location_path'=>location_path, 'directory'=>directory, 'location'=>location, 'name'=>name} -%>
<%- template_path = File.join(File.dirname(__FILE__), location['format']) + '.erb' -%>
<%- break unless File.exists?(template_path) -%>
##
## <%= name %> (<%= location['format'] %>)
##
<%= scope.function_templatewlv([template_path, local_vars]) %>
<%- end -%>