opendev/puppet-jenkins
Code Issues Proposed changes
puppet-jenkins/templates/jenkins.vhost.erb
Evgeny Antyshev cfe2a52c1a Make Jenkins vhost a host-based 
Currently, when Apache2 is deciding on which vhost to service the requests,
it first looks for the VirtualHost that has the same IP and port as in the request.
(http://httpd.apache.org/docs/current/vhosts/details.html)
This means, providing "jenkins::master::vhost_name" is resolved on host,
and the host has only one IP address, that all requests match this vhost.

This prevents from hosting Jenkins on CI host together with zuul and logserver.

Change-Id: Idf16c2925ab700107a6fd311e276dc1cdb8ad44d
2015-11-19 12:24:07 +00:00

46 lines
2.0 KiB
Plaintext
Raw Blame History

<VirtualHost *:80>
ServerName <%= scope.lookupvar("::jenkins::master::vhost_name") %>
ServerAdmin <%= scope.lookupvar("::jenkins::master::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-access.log combined
Redirect / https://<%= scope.lookupvar("::jenkins::master::vhost_name") %>/
</VirtualHost>
<VirtualHost <%= scope.lookupvar("::jenkins::master::vhost_name") %>:443>
ServerName <%= scope.lookupvar("::jenkins::master::vhost_name") %>
ServerAdmin <%= scope.lookupvar("::jenkins::master::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile <%= scope.lookupvar("::jenkins::master::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("::jenkins::master::ssl_key_file") %>
<% if scope.lookupvar("::jenkins::master::ssl_chain_file") != "" %>
SSLCertificateChainFile <%= scope.lookupvar("::jenkins::master::ssl_chain_file") %>
<% end %>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
AllowEncodedSlashes NoDecode
ProxyPass / http://127.0.0.1:8080/ retry=0 nocanon
ProxyPassReverse / http://127.0.0.1:8080/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
</VirtualHost>
View Git Blame Copy Permalink