762bed13d4
On systems where the site FQDN is mapped to the loopback interface in /etc/hosts, Apache doesn't apply the vhost configuration on incoming connections to other addresses/interfaces. Apache recommends wildcarding VirtualHost directives these days, and it's something we already hard-code in other modules (e.g. puppet-zuul). This _could_ conceivably cause complication for anyone trying to coinstall this module on a server hosting other sites without name-based hosting configured correctly, but that should be an increasingly unusual configuration. Change-Id: I11f5b586c4f7b42017c2eb78af4be87211343381
67 lines
2.4 KiB
Plaintext
67 lines
2.4 KiB
Plaintext
<VirtualHost *:80>
|
|
<% if scope.lookupvar("storyboard::application::server_admin") != :undef %>
|
|
ServerAdmin <%= scope.lookupvar("storyboard::application::server_admin") %>
|
|
<% end %>
|
|
ServerName <%= scope.lookupvar("storyboard::application::hostname") %>
|
|
|
|
DocumentRoot <%= scope.lookupvar("storyboard::application::www_root") %>
|
|
|
|
Redirect / https://<%= scope.lookupvar("storyboard::application::hostname") %>/
|
|
|
|
LogLevel warn
|
|
ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined
|
|
|
|
</VirtualHost>
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
<% if scope.lookupvar("storyboard::application::server_admin") != :undef %>
|
|
ServerAdmin <%= scope.lookupvar("storyboard::application::server_admin") %>
|
|
<% end %>
|
|
ServerName <%= scope.lookupvar("storyboard::application::hostname") %>
|
|
|
|
LogLevel warn
|
|
ErrorLog ${APACHE_LOG_DIR}/storyboard-ssl-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/storyboard-ssl-access.log combined
|
|
|
|
SSLEngine on
|
|
|
|
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
|
|
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
|
|
|
|
SSLCertificateFile <%= scope.lookupvar("storyboard::cert::ssl_cert") %>
|
|
SSLCertificateKeyFile <%= scope.lookupvar("storyboard::cert::ssl_key") %>
|
|
<% if scope.lookupvar("storyboard::cert::resolved_ssl_ca") != :undef %>
|
|
SSLCertificateChainFile <%= scope.lookupvar("storyboard::cert::resolved_ssl_ca") %>
|
|
<% end %>
|
|
|
|
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
|
SSLOptions +StdEnvVars
|
|
</FilesMatch>
|
|
<Directory /usr/lib/cgi-bin>
|
|
SSLOptions +StdEnvVars
|
|
</Directory>
|
|
|
|
BrowserMatch "MSIE [2-6]" \
|
|
nokeepalive ssl-unclean-shutdown \
|
|
downgrade-1.0 force-response-1.0
|
|
# MSIE 7 and newer should be able to use keepalive
|
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
|
|
|
DocumentRoot <%= scope.lookupvar("storyboard::application::www_root") %>
|
|
|
|
WSGIDaemonProcess storyboard user=<%= scope.lookupvar("storyboard::params::user") %> group=<%= scope.lookupvar("storyboard::params::group") %> threads=5 python-path=/usr/local/lib/python2.7/dist-packages
|
|
WSGIScriptAlias /api /var/lib/storyboard/storyboard.wsgi
|
|
WSGIPassAuthorization On
|
|
|
|
<Directory "<%= scope.lookupvar("storyboard::application::install_root") %>">
|
|
<% if @new_vhost_perms %>
|
|
Require all granted
|
|
<% else %>
|
|
Order allow,deny
|
|
Allow from all
|
|
<% end %>
|
|
</Directory>
|
|
</VirtualHost>
|
|
</IfModule>
|