opendev/system-config
Code Issues Proposed changes
e9854d8bdc
system-config/playbooks/roles/zuul-web/templates/openstack.vhost.j2
Clark Boylan 6bc23598d3 Improve zuul-web apache config 
Compress css and javascript content as they can be quite large for zuul.

Also, cache status json results when using the non whitelabeled api
paths for zuul.opendev.org. This should improve performance for those
status files.

Change-Id: I7b965b27a88d5fda4d43be31c39989994334989c
2020-04-27 15:08:08 -07:00

74 lines
2.2 KiB
Django/Jinja
Raw Blame History

<VirtualHost *:80>
ServerName zuul.openstack.org
ServerAdmin webmaster@openstack.org
ErrorLog ${APACHE_LOG_DIR}/zuul-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/zuul-access.log combined
Redirect / https://zuul.openstack.org/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName zuul.openstack.org
ServerAdmin webmaster@openstack.org
AllowEncodedSlashes On
ErrorLog ${APACHE_LOG_DIR}/zuul-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/zuul-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt-certs/zuul.opendev.org/zuul.opendev.org.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/zuul.opendev.org/zuul.opendev.org.key
SSLCertificateChainFile /etc/letsencrypt-certs/zuul.opendev.org/ca.cer
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
RewriteEngine on
RewriteRule ^/api/connection/(.*)$ http://127.0.0.1:9000/api/connection/$1 [P,L]
RewriteRule ^/api/console-stream ws://127.0.0.1:9000/api/tenant/openstack/console-stream [P,L]
RewriteRule ^/api/(.*)$ http://127.0.0.1:9000/api/tenant/openstack/$1 [P,L]
RewriteRule ^/(.*)$ http://127.0.0.1:9000/$1 [P,L]
AddOutputFilterByType DEFLATE application/json text/css text/javascript application/javascript
<IfModule mod_cache.c>
CacheDefaultExpire 5
<IfModule mod_mem_cache.c>
# TODO: Should we cache the rest of the API too?
CacheEnable mem /api/status
# 12MByte total cache size.
MCacheSize 12288
MCacheMaxObjectCount 10
MCacheMinObjectSize 1
# 8MByte max size per cache entry
MCacheMaxObjectSize 8388608
MCacheMaxStreamingBuffer 8388608
</IfModule>
<IfModule mod_cache_disk.c>
CacheEnable disk /api/status
CacheRoot /var/cache/apache2/mod_cache_disk
CacheMaxFileSize 10000000
</IfModule>
</IfModule>
</VirtualHost>
</IfModule>
View Git Blame Copy Permalink