8cb968cea0
* manifests/cert.pp: This adds the flexibility to depend on existing files even if they're created as part of the storyboard dependency chain, though with the loss of some error handling if a deployer neglects to ensure the file itself exists before starting the apache daemon. Change-Id: I62d0bc7899703d7cc17f402cf34bd92357f44b58
64 lines
2.5 KiB
Plaintext
64 lines
2.5 KiB
Plaintext
<VirtualHost <%= scope.lookupvar("storyboard::application::hostname") %>:80>
|
|
<% if scope.lookupvar("storyboard::application::server_admin") != :undef %>
|
|
ServerAdmin <%= scope.lookupvar("storyboard::application::server_admin") %>
|
|
<% end %>
|
|
ServerName <%= scope.lookupvar("storyboard::application::hostname") %>
|
|
|
|
DocumentRoot <%= scope.lookupvar("storyboard::application::www_root") %>
|
|
|
|
Redirect / https://<%= scope.lookupvar("storyboard::application::hostname") %>/
|
|
|
|
LogLevel warn
|
|
ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined
|
|
|
|
</VirtualHost>
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost <%= scope.lookupvar("storyboard::application::hostname") %>:443>
|
|
<% if scope.lookupvar("storyboard::application::server_admin") != :undef %>
|
|
ServerAdmin <%= scope.lookupvar("storyboard::application::server_admin") %>
|
|
<% end %>
|
|
ServerName <%= scope.lookupvar("storyboard::application::hostname") %>
|
|
|
|
LogLevel warn
|
|
ErrorLog ${APACHE_LOG_DIR}/storyboard-ssl-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/storyboard-ssl-access.log combined
|
|
|
|
SSLEngine on
|
|
|
|
SSLCertificateFile <%= scope.lookupvar("storyboard::cert::ssl_cert") %>
|
|
SSLCertificateKeyFile <%= scope.lookupvar("storyboard::cert::ssl_key") %>
|
|
<% if scope.lookupvar("storyboard::cert::resolved_ssl_ca") != :undef %>
|
|
SSLCertificateChainFile <%= scope.lookupvar("storyboard::cert::resolved_ssl_ca") %>
|
|
<% end %>
|
|
|
|
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
|
SSLOptions +StdEnvVars
|
|
</FilesMatch>
|
|
<Directory /usr/lib/cgi-bin>
|
|
SSLOptions +StdEnvVars
|
|
</Directory>
|
|
|
|
BrowserMatch "MSIE [2-6]" \
|
|
nokeepalive ssl-unclean-shutdown \
|
|
downgrade-1.0 force-response-1.0
|
|
# MSIE 7 and newer should be able to use keepalive
|
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
|
|
|
DocumentRoot <%= scope.lookupvar("storyboard::application::www_root") %>
|
|
|
|
WSGIDaemonProcess storyboard user=<%= scope.lookupvar("storyboard::params::user") %> group=<%= scope.lookupvar("storyboard::params::group") %> threads=5 python-path=/usr/local/lib/python2.7/dist-packages
|
|
WSGIScriptAlias /api /var/lib/storyboard/storyboard.wsgi
|
|
WSGIPassAuthorization On
|
|
|
|
<Directory "<%= scope.lookupvar("storyboard::application::install_root") %>">
|
|
<% if @new_vhost_perms %>
|
|
Require all granted
|
|
<% else %>
|
|
Order allow,deny
|
|
Allow from all
|
|
<% end %>
|
|
</Directory>
|
|
</VirtualHost>
|
|
</IfModule>
|