[2912] | 1 | ### Master template |
---|
| 2 | <%! |
---|
| 3 | from invirt.config import structs as cfg |
---|
| 4 | from invirt.config import safestructs as safecfg |
---|
| 5 | %> |
---|
| 6 | <%def name="invirt_ssl()"> |
---|
| 7 | DocumentRoot /var/www/invirt-web |
---|
| 8 | <Directory /var/www/invirt-web> |
---|
| 9 | Options Indexes FollowSymLinks MultiViews ExecCGI |
---|
| 10 | AllowOverride None |
---|
| 11 | Order allow,deny |
---|
| 12 | allow from all |
---|
| 13 | </Directory> |
---|
| 14 | <Location /> |
---|
| 15 | ${caller.body()} |
---|
| 16 | </Location> |
---|
| 17 | |
---|
| 18 | RewriteEngine On |
---|
| 19 | RewriteRule ^/favicon.ico - [L] |
---|
| 20 | RewriteRule ^/static(.*) - [L] |
---|
| 21 | RewriteRule ^/overlord/static(.*) /static/$1 [L] |
---|
| 22 | RewriteRule ^/admin/static(.*) /static/$1 [L] |
---|
| 23 | |
---|
| 24 | % for rewrite in safecfg.web.ssl.rewriterules: |
---|
| 25 | RewriteRule ^/${rewrite.rule} ${rewrite.target} [${rewrite.type}] |
---|
| 26 | % endfor |
---|
| 27 | RewriteRule ^/(.*) /var/www/invirt-web/auth.fcgi/$1 [L] |
---|
| 28 | |
---|
| 29 | RewriteLog /var/log/apache2/rewrite.log |
---|
| 30 | RewriteLogLevel 0 |
---|
| 31 | |
---|
| 32 | ErrorLog /var/log/apache2/error.log |
---|
| 33 | |
---|
| 34 | # Possible values include: debug, info, notice, warn, error, crit, |
---|
| 35 | # alert, emerg. |
---|
| 36 | LogLevel warn |
---|
| 37 | |
---|
| 38 | CustomLog /var/log/apache2/ssl_access.log combined |
---|
| 39 | ServerSignature On |
---|
| 40 | |
---|
| 41 | SSLEngine on |
---|
| 42 | |
---|
| 43 | SSLCertificateFile ${cfg.web.ssl.cert} |
---|
| 44 | SSLCertificateKeyFile ${cfg.web.ssl.key} |
---|
| 45 | |
---|
| 46 | SSLCACertificateFile ${cfg.web.ssl.ca} |
---|
| 47 | SSLVerifyDepth 10 |
---|
| 48 | |
---|
| 49 | SSLOptions +StdEnvVars |
---|
| 50 | |
---|
| 51 | SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 |
---|
| 52 | % for redirect in safecfg.web.ssl.redirects: |
---|
| 53 | Redirect /${redirect.rule} ${redirect.target} |
---|
| 54 | % endfor |
---|
| 55 | </%def> |
---|
| 56 | |
---|
| 57 | % for site in cfg.web.sites: |
---|
| 58 | <%include file="../conf.invirt/${site}.mako" args="cfg=cfg, invirt_ssl=invirt_ssl" /> |
---|
| 59 | % endfor |
---|