9108e18c5f
As not to affect rewrite rules for our AFS mirrors, move caching to port 8080. Also means we can more easily identify traffic. Add missing setting for SSL support and http proxy. Note, mod ssl is already enabled by puppet-httpd. Change-Id: I4b3a13ff3ec2e1045ade18fc21741cba9e28f117 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
128 lines
4.5 KiB
Plaintext
128 lines
4.5 KiB
Plaintext
# ************************************
|
|
# Managed by Puppet
|
|
# ************************************
|
|
|
|
NameVirtualHost <%= @vhost_name %>:<%= @port %>
|
|
|
|
# Dedicated port for proxy caching, as not to affect afs mirrors.
|
|
Listen 8080
|
|
NameVirtualHost <%= @vhost_name %>:8080
|
|
|
|
<VirtualHost <%= @vhost_name %>:<%= @port %>>
|
|
ServerName <%= @srvname %>
|
|
<% if @serveraliases.is_a? Array -%>
|
|
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
|
<% elsif @serveraliases != nil -%>
|
|
<%= " ServerAlias #{@serveraliases}" -%>
|
|
<% end -%>
|
|
DocumentRoot <%= @docroot %>
|
|
<Directory <%= @docroot %>>
|
|
Options <%= @options %>
|
|
AllowOverride None
|
|
Order allow,deny
|
|
allow from all
|
|
Satisfy any
|
|
<IfVersion >= 2.4>
|
|
Require all granted
|
|
</IfVersion>
|
|
</Directory>
|
|
|
|
RewriteEngine On
|
|
|
|
# Pypi's bandersnatch URL's are:
|
|
# /pypi/simple/index.html
|
|
# /pypi/simple/a/a/(index.html)?
|
|
# /pypi/simple/a/a/a-etc.whl
|
|
# /pypi/simple/a/abcd/(index.html)?
|
|
# /pypi/simple/a/abcd/abcd-etc.whl
|
|
RewriteCond %{REQUEST_URI} ^/pypi/simple/([^/])([^/]*)
|
|
RewriteCond %{DOCUMENT_ROOT}/pypi/simple/$1/$1$2 -d
|
|
RewriteRule ^/pypi/simple/([^/])([^/]*)(/.*)?$ /pypi/simple/$1/$1$2$3 [L]
|
|
|
|
# Wheel URL's are:
|
|
# /wheel/{distro}-{distro-version}/a/a/a-etc.whl
|
|
# /wheel/{distro}-{distro-version}/a/abcd/abcd-etc.whl
|
|
# /wheel/{distro}-{distro-version}/a/abcde/abcde-etc.whl
|
|
RewriteCond %{REQUEST_URI} ^/wheel/([^/]+)/([^/])([^/]*)
|
|
RewriteCond %{DOCUMENT_ROOT}/wheel/$1/$2/$2$3 -d
|
|
RewriteRule ^/wheel/([^/]+)/([^/])([^/]*)(/.*)?$ /wheel/$1/$2/$2$3$4 [L]
|
|
|
|
# npm's URL's are:
|
|
# /npm/-/index.json
|
|
# /npm/a/aabc/index.json
|
|
# /npm/a/aabc/latest/index.json
|
|
# /npm/a/aabc/-/aabc-0.0.0.tgz
|
|
RewriteCond %{REQUEST_URI} ^/npm/([^/])([^/]*)
|
|
RewriteCond %{DOCUMENT_ROOT}/npm/$1/$1$2 -d
|
|
RewriteRule ^/npm/([^/])([^/]*)(/.*)?$ /npm/$1/$1$2$3 [L]
|
|
|
|
# TODO(jhesketh): Remove this after bandersnatch implements pep503
|
|
# https://bitbucket.org/pypa/bandersnatch/pull-requests/20/fully-implement-pep-503-normalization/diff
|
|
|
|
# Special cases for openstack.nose_plugin & backports.*
|
|
RewriteRule ^(.*)/openstack-nose-plugin(.*)$ $1/openstack.nose_plugin$2
|
|
RewriteRule ^(.*)/backports-(.*)$ $1/backports.$2
|
|
|
|
RewriteCond %{REQUEST_URI} ^/pypi/simple/([^/])([^/]*)
|
|
RewriteCond %{DOCUMENT_ROOT}/pypi/simple/$1/$1$2 -d
|
|
RewriteRule ^/pypi/simple/([^/])([^/]*)(/.*)?$ /pypi/simple/$1/$1$2$3 [L]
|
|
|
|
# Try again but replacing -'s with .'s
|
|
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
|
|
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-d
|
|
RewriteRule (.*)-(.*) $1.$2 [N]
|
|
|
|
RewriteCond %{REQUEST_URI} ^/pypi/simple/([^/])([^/]*)
|
|
RewriteCond %{DOCUMENT_ROOT}/pypi/simple/$1/$1$2 -d
|
|
RewriteRule ^/pypi/simple/([^/])([^/]*)(/.*)?$ /pypi/simple/$1/$1$2$3 [L]
|
|
|
|
<DirectoryMatch "<%= @docroot %>\/npm\/[^/]+\/.*">
|
|
DirectoryIndex index.json
|
|
AddOutputFilterByType SUBSTITUTE application/json
|
|
Substitute "s|http://localhost|http://<%= @srvname %>/npm|ni"
|
|
</DirectoryMatch>
|
|
|
|
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
|
|
LogLevel warn
|
|
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<VirtualHost <%= @vhost_name %>:8080>
|
|
ServerName <%= @srvname %>:8080
|
|
|
|
# Disable directory listing by default.
|
|
<Directory />
|
|
Order Deny,Allow
|
|
Deny from all
|
|
Options None
|
|
AllowOverride None
|
|
</Directory>
|
|
|
|
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_proxy_error.log
|
|
LogLevel warn
|
|
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_proxy_access.log combined
|
|
ServerSignature Off
|
|
|
|
# Caching reverse proxy for things that don't make sense in AFS
|
|
#
|
|
# General cache rules
|
|
CacheRoot "/opt/apache_cache"
|
|
CacheDirLevels 5
|
|
CacheDirLength 3
|
|
# SSL support
|
|
SSLProxyEngine on
|
|
# Prevent thundering herds.
|
|
CacheLock on
|
|
CacheLockPath "/tmp/mod_cache-lock"
|
|
CacheLockMaxAge 5
|
|
# 100MB
|
|
CacheMaxFileSize 104857600
|
|
|
|
# Per site caching reverse proxy rules
|
|
# Only cache specific backends, rely on afs cache otherwise.
|
|
CacheEnable disk "/rdo"
|
|
ProxyPass "/rdo" "https://trunk.rdoproject.org/"
|
|
ProxyPassReverse "/rdo" "https://trunk.rdoproject.org/"
|
|
</VirtualHost>
|