%-
##
## An apache config for static websites.
##
def location_directory(name, location)
if ['amber', 'rack'].include?(location['format'])
File.join(@base_dir, name, 'public')
else
File.join(@base_dir, name)
end
end
#
# document root
#
@document_root = begin
root = '/var/www'
@locations && @locations.each do |name, location|
root = location_directory(name, location) if location['path'] == '/'
end
root.gsub(%r{^/|/$}, '')
end
#
# provider.json
#
# if the domain is a bootstrap domain, we need to expose
# a /provider.json file.
#
bootstrap_domain = scope.lookupvar('site_static::bootstrap_domain')
bootstrap_client = scope.lookupvar('site_static::bootstrap_client')
if ([@aliases]+[@domain]).flatten.include?(bootstrap_domain)
provider_json = \
%(
Alias /provider.json /srv/static/public/provider.json
Header set X-Minimum-Client-Version #{bootstrap_client['min']}
)
else
provider_json = ""
end
#
# locations
#
locations = ""
@locations && @locations.each do |name, location|
location_path = location['path'].gsub(%r{^/|/$}, '')
directory = location_directory(name, location)
local_vars = {'location_path'=>location_path, 'directory'=>directory, 'location'=>location, 'name'=>name}
template_path = File.join(File.dirname(__FILE__), location['format']) + '.erb'
break unless File.exists?(template_path)
locations += \
%(
#
# #{name} (#{location['format']})
#
#{scope.function_templatewlv([template_path, local_vars])}
)
end
#
# allow custom apache config
#
custom_apache_config = if @apache_config
@apache_config.gsub(':percent:','%')
end
-%>
Require all granted
<%- if @tor && (@always_use_hidden_service || @use_hidden_service) -%>
##
## Tor
##
ServerName <%= @tor_domain %>
<%- if @www_alias -%>
ServerAlias www.<%= @tor_domain %>
<%- end -%>
Header set X-Frame-Options "deny"
Header always unset X-Powered-By
Header always unset X-Runtime
DocumentRoot "/<%= @document_root %>/"
AccessFileName .htaccess
<%= provider_json %>
<%= custom_apache_config %>
<%= locations %>
<%- end -%>
##
## HTTP
##
ServerName <%= @domain %>
<%- if @www_alias -%>
ServerAlias www.<%= @tor_domain %>
<%- end -%>
<%- @aliases && @aliases.each do |domain_alias| -%>
ServerAlias <%= domain_alias %>
<%- end -%>
<%- if @tls_only -%>
RewriteEngine On
RewriteRule ^.*$ https://<%= @domain -%>%{REQUEST_URI} [R=permanent,L]
<%- else -%>
<%= provider_json %>
<%= custom_apache_config %>
<%= locations %>
<%- end -%>
##
## HTTPS
##
ServerName <%= @domain %>
<%- if @www_alias -%>
ServerAlias www.<%= @tor_domain %>
<%- end -%>
<%- @aliases && @aliases.each do |domain_alias| -%>
ServerAlias <%= domain_alias %>
<%- end -%>
#RewriteLog "/var/log/apache2/rewrite.log"
#RewriteLogLevel 3
Include include.d/ssl_common.inc
<%- if @tls_only -%>
Header always set Strict-Transport-Security: "max-age=15768000;includeSubdomains"
<%- end -%>
Header set X-Frame-Options "deny"
Header always unset X-Powered-By
Header always unset X-Runtime
SSLCertificateKeyFile /etc/x509/keys/<%= @domain %>.key
SSLCertificateFile /etc/x509/certs/<%= @domain %>.crt
RequestHeader set X_FORWARDED_PROTO 'https'
DocumentRoot "/<%= @document_root %>/"
AccessFileName .htaccess
<%= provider_json %>
<%= custom_apache_config %>
<%= locations %>