1c9408780e
As part of allowing projects to establish redirects when they move documentation pages around, we need to let them use .htaccess files. We only want to allow Redirect and RedirectMatch directives, though. This change restricts the directives on docs.o.o and adds them on the static servers used for drafts published during a build (to allow testing of the redirects). See http://lists.openstack.org/pipermail/openstack-dev/2017-July/120240.html for more details. Change-Id: I236b7b0a9aae065167bd0aef316603d258e4c3c6 Signed-off-by: Doug Hellmann <doug@doughellmann.com>
61 lines
2.2 KiB
Plaintext
61 lines
2.2 KiB
Plaintext
# ************************************
|
|
# Managed by Puppet
|
|
# ************************************
|
|
|
|
<VirtualHost *:80>
|
|
ServerName <%= @srvname %>
|
|
<% if @serveraliases.is_a? Array -%>
|
|
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
|
<% elsif @serveraliases != nil -%>
|
|
<%= " ServerAlias #{@serveraliases}" -%>
|
|
<% end -%>
|
|
|
|
RewriteEngine on
|
|
RewriteRule ^/(.*) https://<%= @srvname %>/$1 [last,redirect=permanent]
|
|
|
|
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
|
|
LogLevel warn
|
|
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName <%= @srvname %>
|
|
<% if @serveraliases.is_a? Array -%>
|
|
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
|
<% elsif @serveraliases != nil -%>
|
|
<%= " ServerAlias #{@serveraliases}" -%>
|
|
<% end -%>
|
|
|
|
RewriteEngine on
|
|
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Once the machine is using something to terminate TLS that supports ECDHE
|
|
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
|
# only is guarenteed.
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
SSLCertificateFile /etc/ssl/certs/docs.openstack.org.pem
|
|
SSLCertificateKeyFile /etc/ssl/private/docs.openstack.org.key
|
|
SSLCertificateChainFile /etc/ssl/certs/docs.openstack.org_intermediate.pem
|
|
|
|
DocumentRoot <%= @docroot %>
|
|
<Directory <%= @docroot %>>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
Satisfy any
|
|
Require all granted
|
|
AllowOverride None
|
|
# Allow mod_rewrite rules
|
|
AllowOverrideList Redirect RedirectMatch
|
|
ErrorDocument 404 /errorpage.html
|
|
</Directory>
|
|
|
|
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
|
|
LogLevel warn
|
|
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
</IfModule>
|