80 lines
2.7 KiB
Plaintext
80 lines
2.7 KiB
Plaintext
<% if @ssl -%>
|
|
<IfModule mod_ssl.c>
|
|
<% end -%>
|
|
<VirtualHost *:<%= @port %>>
|
|
|
|
<% if @ssl -%>
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
SSLCertificateFile /etc/ssl/certs/<%= @vhost_name %>.pem
|
|
SSLCertificateKeyFile /etc/ssl/private/<%= @vhost_name %>.key
|
|
<% if scope.lookupvar('::zuul::web::ssl_chain_file_contents') != '' -%>
|
|
SSLCertificateChainFile /etc/ssl/certs/<%= @vhost_name %>_intermediate.pem
|
|
<% end -%>
|
|
<% end -%>
|
|
|
|
ServerName <%= @vhost_name %>
|
|
ServerAdmin <%= scope.lookupvar('::zuul::web::serveradmin') %>
|
|
|
|
DocumentRoot <%= @docroot %>
|
|
<Directory <%= @docroot %>>
|
|
<IfVersion >= 2.4>
|
|
Require all granted
|
|
</IfVersion>
|
|
<IfVersion < 2.4>
|
|
Order deny,allow
|
|
Allow from all
|
|
</IfVersion>
|
|
</Directory>
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/<%= @vhost_name %>-error.log
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/<%= @vhost_name %>-access.log combined
|
|
|
|
RewriteEngine on
|
|
<% scope.lookupvar('::zuul::web::block_referers').each do |referer| -%>
|
|
RewriteCond %{HTTP_REFERER} =<%= referer %>
|
|
RewriteRule ^/status - [F]
|
|
<% end -%>
|
|
|
|
<% if scope.lookupvar('::zuul::web::tenant_name') != '' -%>
|
|
RewriteRule ^/$ /status.html [L]
|
|
# Backwards compat for old status urls. Should be removed in a few weeks.
|
|
RewriteRule ^/status$ <%= scope.lookupvar('::zuul::web::web_url') %>/api/tenant/<%= scope.lookupvar('::zuul::web::tenant_name') %>/status [P]
|
|
RewriteRule ^/api/connection/(.*)$ <%= scope.lookupvar('::zuul::web::web_url') %>/api/connection/$1 [P]
|
|
RewriteRule ^/api/console-stream <%= scope.lookupvar('::zuul::web::websocket_url') %>/api/tenant/<%= scope.lookupvar('::zuul::web::tenant_name') %>/console-stream [P]
|
|
RewriteRule ^/api/(.*)$ <%= scope.lookupvar('::zuul::web::web_url') %>/api/tenant/<%= scope.lookupvar('::zuul::web::tenant_name') %>/$1 [P]
|
|
<% else -%>
|
|
RewriteRule ^/$ /tenants.html [L]
|
|
RewriteRule ^/t/(.*) /$1 [L]
|
|
RewriteRule ^/api/tenant/(.*)/console-stream <%= scope.lookupvar('::zuul::web::websocket_url') %>/api/tenant/$1/console-stream [P]
|
|
RewriteRule ^/api/(.*)$ <%= scope.lookupvar('::zuul::web::web_url') %>/api/$1 [P]
|
|
<% end -%>
|
|
|
|
AddOutputFilterByType DEFLATE application/json
|
|
|
|
<IfModule mod_cache.c>
|
|
CacheDefaultExpire 5
|
|
<IfModule mod_mem_cache.c>
|
|
# TODO: Should we cache the rest of the API too?
|
|
CacheEnable mem /api/status
|
|
# 12MByte total cache size.
|
|
MCacheSize 12288
|
|
MCacheMaxObjectCount 10
|
|
MCacheMinObjectSize 1
|
|
# 8MByte max size per cache entry
|
|
MCacheMaxObjectSize 8388608
|
|
MCacheMaxStreamingBuffer 8388608
|
|
</IfModule>
|
|
<IfModule mod_cache_disk.c>
|
|
CacheEnable disk /api/status
|
|
CacheRoot /var/cache/apache2/mod_cache_disk
|
|
</IfModule>
|
|
</IfModule>
|
|
</VirtualHost>
|
|
<% if @ssl -%>
|
|
</IfModule>
|
|
<% end -%>
|