opendev
/
puppet-zuul
Code Issues Proposed changes
puppet-zuul/templates/zuulv3.vhost.erb

88 lines
3.2 KiB
Plaintext
Raw Blame History

<% if @ssl -%>
<IfModule mod_ssl.c>
<% end -%>
<VirtualHost *:<%= @port %>>
<% if @ssl -%>
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
<% if ! [false, '', nil].include?(scope.lookupvar('::zuul::web::vhosts_flags_int')[@vhost_name]['use_le']) -%>
SSLCertificateFile /etc/letsencrypt-certs/<%= @vhost_name %>/<%= @vhost_name %>.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/<%= @vhost_name %>/<%= @vhost_name %>.key
SSLCertificateChainFile /etc/letsencrypt-certs/<%= @vhost_name %>/ca.cer
<% else -%>
SSLCertificateFile /etc/ssl/certs/<%= @vhost_name %>.pem
SSLCertificateKeyFile /etc/ssl/private/<%= @vhost_name %>.key
<% if scope.lookupvar('::zuul::web::vhosts_ssl_int')[@vhost_name]['ssl_chain_file_contents'] != '' -%>
SSLCertificateChainFile /etc/ssl/certs/<%= @vhost_name %>_intermediate.pem
<% end -%>
<% end -%>
<% end -%>
ServerName <%= @vhost_name %>
ServerAdmin <%= scope.lookupvar('::zuul::web::serveradmin') %>
DocumentRoot <%= @docroot %>
<Directory <%= @docroot %>>
DirectoryIndex index.html
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order deny,allow
Allow from all
</IfVersion>
</Directory>
ErrorLog ${APACHE_LOG_DIR}/<%= @vhost_name %>-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/<%= @vhost_name %>-access.log combined
RewriteEngine on
<% scope.lookupvar('::zuul::web::block_referers').each do |referer| -%>
RewriteCond %{HTTP_REFERER} =<%= referer %>
RewriteRule ^/status - [F]
<% end -%>
<% if scope.lookupvar('::zuul::web::vhosts_flags_int')[@vhost_name]['tenant_name'] != '' -%>
RewriteRule ^/api/connection/(.*)$ <%= scope.lookupvar('::zuul::web::web_url') %>/api/connection/$1 [P,L]
RewriteRule ^/api/console-stream <%= scope.lookupvar('::zuul::web::websocket_url') %>/api/tenant/<%= scope.lookupvar('::zuul::web::vhosts_flags_int')[@vhost_name]['tenant_name'] %>/console-stream [P,L]
RewriteRule ^/api/(.*)$ <%= scope.lookupvar('::zuul::web::web_url') %>/api/tenant/<%= scope.lookupvar('::zuul::web::vhosts_flags_int')[@vhost_name]['tenant_name'] %>/$1 [P,L]
<% else -%>
RewriteRule ^/api/tenant/(.*)/console-stream <%= scope.lookupvar('::zuul::web::websocket_url') %>/api/tenant/$1/console-stream [P,L]
RewriteRule ^/api/(.*)$ <%= scope.lookupvar('::zuul::web::web_url') %>/api/$1 [P,L]
<% end -%>
# Rewrite HTML5 route to index.html
RewriteCond <%= @docroot %>/%{REQUEST_URI} !-f
RewriteCond <%= @docroot %>/%{REQUEST_URI} !-d
RewriteRule ^.*$ /index.html [L]
AddOutputFilterByType DEFLATE application/json
<IfModule mod_cache.c>
CacheDefaultExpire 5
<IfModule mod_mem_cache.c>
# TODO: Should we cache the rest of the API too?
CacheEnable mem /api/status
# 12MByte total cache size.
MCacheSize 12288
MCacheMaxObjectCount 10
MCacheMinObjectSize 1
# 8MByte max size per cache entry
MCacheMaxObjectSize 8388608
MCacheMaxStreamingBuffer 8388608
</IfModule>
<IfModule mod_cache_disk.c>
CacheEnable disk /api/status
CacheRoot /var/cache/apache2/mod_cache_disk
CacheMaxFileSize 10000000
</IfModule>
</IfModule>
</VirtualHost>
<% if @ssl -%>
</IfModule>
<% end -%>
View Git Blame Copy Permalink