opendev/system-config
Code Issues Proposed changes
ac55e08d05
system-config/playbooks/roles/zuul-web/templates/openstack.vhost.j2
Ian Wienand 10f5a23e4b zuul-web: fix zuul.openstack.org location match 
In I4e5f803b9d4fb6c2351cf151a085b93a7fd20f60 I put the wrong thing in
the zuul.openstack.org config; for that site we want to cache
/api/status; not the tenant path.

Change-Id: Iffbd870aeff496b9c259206f866af3a90a4349db
2020-09-15 08:34:10 +10:00

73 lines
2.1 KiB
Django/Jinja
Raw Blame History

<VirtualHost *:80>
ServerName zuul.openstack.org
ServerAdmin webmaster@openstack.org
ErrorLog ${APACHE_LOG_DIR}/zuul-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/zuul-access.log combined-cache
Redirect / https://zuul.openstack.org/
</VirtualHost>
<VirtualHost *:443>
ServerName zuul.openstack.org
ServerAdmin webmaster@openstack.org
AllowEncodedSlashes On
ErrorLog ${APACHE_LOG_DIR}/zuul-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/zuul-ssl-access.log combined-cache
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt-certs/zuul.opendev.org/zuul.opendev.org.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/zuul.opendev.org/zuul.opendev.org.key
SSLCertificateChainFile /etc/letsencrypt-certs/zuul.opendev.org/ca.cer
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
RewriteEngine on
RewriteRule ^/api/connection/(.*)$ http://127.0.0.1:9000/api/connection/$1 [P,L]
RewriteRule ^/api/console-stream ws://127.0.0.1:9000/api/tenant/openstack/console-stream [P,L]
RewriteRule ^/api/(.*)$ http://127.0.0.1:9000/api/tenant/openstack/$1 [P,L]
RewriteRule ^/(.*)$ http://127.0.0.1:9000/$1 [P,L]
AddOutputFilterByType DEFLATE application/json text/css text/javascript application/javascript
# Enable SHM backend for socache
CacheSocache shmcb
# Anything bigger should fall through to disk
CacheSocacheMaxSize 102400
# This is required to match on rewrites correctly
CacheQuickHandler off
# Disk cache settings
CacheRoot /var/cache/apache2/mod_cache_disk
CacheMaxFileSize 10000000
<LocationMatch "^/api/status">
CacheEnable socache
CacheEnable disk
</LocationMatch>
<Location "/static">
CacheEnable socache
CacheEnable disk
</Location>
</VirtualHost>
View Git Blame Copy Permalink