system-config/modules/openstack_project/templates/docs.vhost.erb
Doug Hellmann 1c9408780e allow redirects in .htaccess files on the static web servers
As part of allowing projects to establish redirects when they move
documentation pages around, we need to let them use .htaccess
files. We only want to allow Redirect and RedirectMatch directives,
though. This change restricts the directives on docs.o.o and adds them
on the static servers used for drafts published during a build (to
allow testing of the redirects).

See
http://lists.openstack.org/pipermail/openstack-dev/2017-July/120240.html
for more details.

Change-Id: I236b7b0a9aae065167bd0aef316603d258e4c3c6
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
2017-07-27 16:51:02 -04:00

61 lines
2.2 KiB
Plaintext

# ************************************
# Managed by Puppet
# ************************************
<VirtualHost *:80>
ServerName <%= @srvname %>
<% if @serveraliases.is_a? Array -%>
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
<% elsif @serveraliases != nil -%>
<%= " ServerAlias #{@serveraliases}" -%>
<% end -%>
RewriteEngine on
RewriteRule ^/(.*) https://<%= @srvname %>/$1 [last,redirect=permanent]
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
LogLevel warn
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
ServerSignature Off
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName <%= @srvname %>
<% if @serveraliases.is_a? Array -%>
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
<% elsif @serveraliases != nil -%>
<%= " ServerAlias #{@serveraliases}" -%>
<% end -%>
RewriteEngine on
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Once the machine is using something to terminate TLS that supports ECDHE
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
# only is guarenteed.
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/ssl/certs/docs.openstack.org.pem
SSLCertificateKeyFile /etc/ssl/private/docs.openstack.org.key
SSLCertificateChainFile /etc/ssl/certs/docs.openstack.org_intermediate.pem
DocumentRoot <%= @docroot %>
<Directory <%= @docroot %>>
Options Indexes FollowSymLinks MultiViews
Satisfy any
Require all granted
AllowOverride None
# Allow mod_rewrite rules
AllowOverrideList Redirect RedirectMatch
ErrorDocument 404 /errorpage.html
</Directory>
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
LogLevel warn
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
ServerSignature Off
</VirtualHost>
</IfModule>