From df43214cdce1f474fa11ab1c1752fdd28a2ae19e Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 14 Apr 2014 22:53:49 +0200 Subject: an initial https connection might still end up as http on the backend. in that case we don't want to redirect --- templates/vhosts/default.erb | 13 ++++++------- templates/vhosts/gitweb/partial.erb | 6 ++---- templates/vhosts/php_silverstripe/partial.erb | 9 +++++---- 3 files changed, 13 insertions(+), 15 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 5201406..2eab3d7 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -11,12 +11,12 @@ vhost_parts.each do |vhost_part| -%> <%= scope.function_template(['apache/vhosts/partials/logs.erb']) %> - <% if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> +<% if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> - <% elsif run_mode.to_s == 'fcgid' && !(ssl_mode == 'force' && vhost_part == :normal) -%> +<% elsif run_mode.to_s == 'fcgid' && !(ssl_mode == 'force' && vhost_part == :normal) -%> SuexecUserGroup <%= run_uid+" "+run_gid %> FcgidMaxRequestsPerProcess 5000 @@ -24,16 +24,15 @@ vhost_parts.each do |vhost_part| -%> AddHandler fcgid-script .<%= passing_extension %> - <% end -%> - <% if ssl_mode == 'force' && vhost_part == :normal -%> +<% end -%> +<% if ssl_mode == 'force' && vhost_part == :normal -%> RewriteEngine On RewriteCond %{HTTPS} !=on RewriteCond %{HTTP:X-Forwarded-Proto} !=https RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <% else -%> +<% end -%> <%= scope.function_templatewlv([template_partial, {'vhost_part' => vhost_part } ]) %> - <% end -%> -<%- unless template_partial == 'apache/vhosts/itk_plus/partial.erb' -%> +<% unless template_partial == 'apache/vhosts/itk_plus/partial.erb' -%> <%= scope.function_template(['apache/vhosts/partials/mod_security.erb']) %> <% end -%> <% unless additional_options.to_s == 'absent' -%> diff --git a/templates/vhosts/gitweb/partial.erb b/templates/vhosts/gitweb/partial.erb index 7238ebe..c04f1c3 100644 --- a/templates/vhosts/gitweb/partial.erb +++ b/templates/vhosts/gitweb/partial.erb @@ -1,10 +1,9 @@ - <% unless ssl_mode.to_s == 'force' -%> SetEnv GITWEB_CONFIG <%= gitweb_config %> DirectoryIndex gitweb.cgi /"> - <% if options.to_s != 'absent' or do_includes.to_s == 'true'-%> +<% if options.to_s != 'absent' || do_includes.to_s == 'true'-%> Options <% unless options.to_s == 'absent' -%><%= options %><% end -%><% if do_includes.to_s == 'true' && !options.include?('+Includes') -%> +Includes<% end -%><% unless options.include?('+ExecCGI') -%> +ExecCGI<% end -%> - <% end -%> +<% end -%> AddHandler cgi-script .cgi @@ -16,4 +15,3 @@ <%= scope.function_template(['apache/vhosts/partials/authentication.erb']) %> - <% end -%> diff --git a/templates/vhosts/php_silverstripe/partial.erb b/templates/vhosts/php_silverstripe/partial.erb index 89a6052..9ff32db 100644 --- a/templates/vhosts/php_silverstripe/partial.erb +++ b/templates/vhosts/php_silverstripe/partial.erb @@ -1,9 +1,10 @@ -<% if vhost_part != :ssl && ![false,'false'].include?(ssl_mode) -%> # silverstripe - RedirectMatch /admin(.*) https://<%= servername %>/admin$1 - RedirectMatch /Security(.*) https://<%= servername %>/Security$1 + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteCond %{HTTP:X-Forwarded-Proto} !=https + RewriteRule /admin(.*) https://<%= servername %>/admin$1 [L,R,NE] + RewriteRule /Security(.*) https://<%= servername %>/Security$1 [L,R,NE] -<% end -%> /"> <%= scope.function_template(['apache/vhosts/partials/std_override_options.erb']) %> -- cgit v1.2.3