<% if @ssl -%> <% end -%> > <% if @ssl -%> SSLEngine on SSLProtocol All -SSLv2 -SSLv3 <% if ! [false, '', nil].include?(scope.lookupvar('::zuul::web::vhosts_flags_int')[@vhost_name]['use_le']) -%> SSLCertificateFile /etc/letsencrypt-certs/<%= @vhost_name %>/<%= @vhost_name %>.cer SSLCertificateKeyFile /etc/letsencrypt-certs/<%= @vhost_name %>/<%= @vhost_name %>.key SSLCertificateChainFile /etc/letsencrypt-certs/<%= @vhost_name %>/ca.cer <% else -%> SSLCertificateFile /etc/ssl/certs/<%= @vhost_name %>.pem SSLCertificateKeyFile /etc/ssl/private/<%= @vhost_name %>.key <% if scope.lookupvar('::zuul::web::vhosts_ssl_int')[@vhost_name]['ssl_chain_file_contents'] != '' -%> SSLCertificateChainFile /etc/ssl/certs/<%= @vhost_name %>_intermediate.pem <% end -%> <% end -%> <% end -%> ServerName <%= @vhost_name %> ServerAdmin <%= scope.lookupvar('::zuul::web::serveradmin') %> DocumentRoot <%= @docroot %> > DirectoryIndex index.html = 2.4> Require all granted Order deny,allow Allow from all ErrorLog ${APACHE_LOG_DIR}/<%= @vhost_name %>-error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/<%= @vhost_name %>-access.log combined RewriteEngine on <% scope.lookupvar('::zuul::web::block_referers').each do |referer| -%> RewriteCond %{HTTP_REFERER} =<%= referer %> RewriteRule ^/status - [F] <% end -%> <% if scope.lookupvar('::zuul::web::vhosts_flags_int')[@vhost_name]['tenant_name'] != '' -%> RewriteRule ^/api/connection/(.*)$ <%= scope.lookupvar('::zuul::web::web_url') %>/api/connection/$1 [P,L] RewriteRule ^/api/console-stream <%= scope.lookupvar('::zuul::web::websocket_url') %>/api/tenant/<%= scope.lookupvar('::zuul::web::vhosts_flags_int')[@vhost_name]['tenant_name'] %>/console-stream [P,L] RewriteRule ^/api/(.*)$ <%= scope.lookupvar('::zuul::web::web_url') %>/api/tenant/<%= scope.lookupvar('::zuul::web::vhosts_flags_int')[@vhost_name]['tenant_name'] %>/$1 [P,L] <% else -%> RewriteRule ^/api/tenant/(.*)/console-stream <%= scope.lookupvar('::zuul::web::websocket_url') %>/api/tenant/$1/console-stream [P,L] RewriteRule ^/api/(.*)$ <%= scope.lookupvar('::zuul::web::web_url') %>/api/$1 [P,L] <% end -%> # Rewrite HTML5 route to index.html RewriteCond <%= @docroot %>/%{REQUEST_URI} !-f RewriteCond <%= @docroot %>/%{REQUEST_URI} !-d RewriteRule ^.*$ /index.html [L] AddOutputFilterByType DEFLATE application/json CacheDefaultExpire 5 # TODO: Should we cache the rest of the API too? CacheEnable mem /api/status # 12MByte total cache size. MCacheSize 12288 MCacheMaxObjectCount 10 MCacheMinObjectSize 1 # 8MByte max size per cache entry MCacheMaxObjectSize 8388608 MCacheMaxStreamingBuffer 8388608 CacheEnable disk /api/status CacheRoot /var/cache/apache2/mod_cache_disk CacheMaxFileSize 10000000 <% if @ssl -%> <% end -%>