opendev
/
puppet-nodepool
Code Issues Proposed changes
puppet-nodepool/templates/nodepool-builder.ssl.vhost.erb

63 lines
2.0 KiB
Plaintext
Raw Blame History

<VirtualHost *:80>
ServerName <%= scope.lookupvar("nodepool::builder::vhost_name") %>
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/nodepool_error.log
LogLevel warn
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/nodepool_access.log combined
ServerSignature Off
Redirect / https://<%= scope.lookupvar("nodepool::builder::vhost_name") %>/
</VirtualHost>
<VirtualHost *:443>
ServerName <%= scope.lookupvar("nodepool::builder::vhost_name") %>
SSLEngine on
SSLCertificateFile <%= @ssl_cert_file %>
SSLCertificateKeyFile <%= @ssl_key_file %>
<%# The original default was '' -%>
<%# scope.lookupvar returns nil for an undefined variable in puppet 4 -%>
<%# scope.lookupvar returns :undef for an undefined variable in puppet 3 -%>
<% unless ['', nil, :undef].include?@ssl_chain_file %>
SSLCertificateChainFile <%= @ssl_chain_file %>
<% end %>
DocumentRoot <%= scope.lookupvar("nodepool::builder::build_log_document_root") %>
<Directory <%= scope.lookupvar("nodepool::builder::build_log_document_root") %>>
Options <%= scope.lookupvar("httpd::params::options") %>
AllowOverride None
Require all granted
</Directory>
# Allow access to image files
Alias /images /opt/nodepool_dib
<Directory /opt/nodepool_dib>
Options <%= scope.lookupvar("httpd::params::options") %>
AllowOverride None
Require all granted
# Only allow access to the qcow2 files as they are smallest
<FilesMatch ".+\.(vhd|raw)(\.(md5|sha256))?$">
Require all denied
</FilesMatch>
</Directory>
# Exclude the dib build dir as well.
<Directory /opt/nodepool_dib/*.d/>
Require all denied
</Directory>
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/nodepool_error.log
LogLevel warn
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/nodepool_access.log combined
ServerSignature Off
AddType text/plain .log
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>
</VirtualHost>
View Git Blame Copy Permalink