1c9408780e
As part of allowing projects to establish redirects when they move documentation pages around, we need to let them use .htaccess files. We only want to allow Redirect and RedirectMatch directives, though. This change restricts the directives on docs.o.o and adds them on the static servers used for drafts published during a build (to allow testing of the redirects). See http://lists.openstack.org/pipermail/openstack-dev/2017-July/120240.html for more details. Change-Id: I236b7b0a9aae065167bd0aef316603d258e4c3c6 Signed-off-by: Doug Hellmann <doug@doughellmann.com>
59 lines
2.1 KiB
Plaintext
59 lines
2.1 KiB
Plaintext
# ************************************
|
|
# Managed by Puppet
|
|
# ************************************
|
|
|
|
<VirtualHost *:80>
|
|
ServerName <%= @vhost_name %>
|
|
<% if @serveraliases.is_a? Array -%>
|
|
# Permanently redirect these ServerAlias entries to ServerName
|
|
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
|
<% elsif @serveraliases != '' -%>
|
|
<%= " ServerAlias #{@serveraliases}" %>
|
|
RewriteEngine On
|
|
RewriteCond %{HTTP_HOST} !<%= @vhost_name %>$ [NC]
|
|
RewriteRule ^/(.*)$ http://<%= @vhost_name %>/$1 [L,R=301]
|
|
<% end -%>
|
|
DocumentRoot <%= @docroot %>
|
|
<Directory <%= @docroot %>>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverride None
|
|
AllowOverrideList Redirect RedirectMatch
|
|
Satisfy Any
|
|
Require all granted
|
|
</Directory>
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName <%= @vhost_name %>
|
|
DocumentRoot <%= @docroot %>
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Once the machine is using something to terminate TLS that supports ECDHE
|
|
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
|
# only is guarenteed.
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %>
|
|
SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %>
|
|
<% if scope['openstack_project::static::chain_file'] != '' %>
|
|
SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %>
|
|
<% end %>
|
|
<Directory <%= @docroot %>>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverride None
|
|
AllowOverrideList Redirect RedirectMatch
|
|
Satisfy Any
|
|
Require all granted
|
|
</Directory>
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
</IfModule>
|