opendev/puppet-openstackid
Code Issues Proposed changes
5eb035b196
puppet-openstackid/templates/vhost.erb
Sebastian Marcet 5efa3a5928 Fix on vhost config 
added rewrite rule to pass the HTTP auth header to web app

Change-Id: I62f367f55aecf35eccbf2e10f7626f06843efc69
2016-04-05 14:23:36 -03:00

65 lines
2.3 KiB
Plaintext
Raw Blame History

<VirtualHost *:80>
ServerName <%= scope.lookupvar("openstackid::vhost_name") %>
ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/openstackid-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/openstackid-access.log combined
Redirect / https://<%= scope.lookupvar("openstackid::vhost_name") %>/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName <%= scope.lookupvar("openstackid::vhost_name") %>
ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/openstackid-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Once the machine is using something to terminate TLS that supports ECDHE
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
# only is guarenteed.
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %>
<% if scope.lookupvar("openstackid::ssl_chain_file") != "" %>
SSLCertificateChainFile <%= scope.lookupvar("openstackid::ssl_chain_file") %>
<% end %>
RewriteEngine on
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("openstackid::vhost_name") %>
RewriteRule ^.*$ <%= scope.lookupvar("openstackid::canonicalweburl") %>
# send basic auth header
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
DocumentRoot <%= @docroot %>
<Directory <%= @docroot %>/>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
</Directory>
<IfModule mod_proxy_fcgi.c>
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000<%= @docroot %>/$1
</IfModule>
<IfModule mod_fastcgi.c>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -host 127.0.0.1:9000 -pass-header Authorization
<Directory /usr/lib/cgi-bin>
Options ExecCGI FollowSymLinks
SetHandler fastcgi-script
Require all granted
</Directory>
</IfModule>
</VirtualHost>
</IfModule>
View Git Blame Copy Permalink