8aab93a4d6
We are running zuul-web out of a container now which is forcing all http requests through to cherrypy (eg we no longer serve static resources from apache directly). Alleviate some of the pressure on cherrypy by caching static resources in apache. Change-Id: I77d0df4b4853e4dff3177862a248cdf4efa33765
74 lines
2.2 KiB
Django/Jinja
74 lines
2.2 KiB
Django/Jinja
<VirtualHost *:80>
|
|
ServerName zuul.opendev.org
|
|
ServerAdmin webmaster@openstack.org
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/zuul-error.log
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/zuul-access.log combined
|
|
|
|
Redirect / https://zuul.opendev.org/
|
|
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName zuul.opendev.org
|
|
ServerAdmin webmaster@openstack.org
|
|
|
|
AllowEncodedSlashes On
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/zuul-ssl-error.log
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/zuul-ssl-access.log combined
|
|
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Note: this list should ensure ciphers that provide forward secrecy
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
|
|
SSLCertificateFile /etc/letsencrypt-certs/zuul.opendev.org/zuul.opendev.org.cer
|
|
SSLCertificateKeyFile /etc/letsencrypt-certs/zuul.opendev.org/zuul.opendev.org.key
|
|
SSLCertificateChainFile /etc/letsencrypt-certs/zuul.opendev.org/ca.cer
|
|
|
|
BrowserMatch "MSIE [2-6]" \
|
|
nokeepalive ssl-unclean-shutdown \
|
|
downgrade-1.0 force-response-1.0
|
|
# MSIE 7 and newer should be able to use keepalive
|
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
|
|
|
RewriteEngine on
|
|
|
|
RewriteRule ^/api/tenant/(.*)/console-stream ws://127.0.0.1:9000/api/tenant/$1/console-stream [P,L]
|
|
RewriteRule ^/(.*)$ http://127.0.0.1:9000/$1 [P,L]
|
|
|
|
AddOutputFilterByType DEFLATE application/json text/css text/javascript application/javascript
|
|
|
|
<IfModule mod_cache.c>
|
|
CacheDefaultExpire 5
|
|
<IfModule mod_mem_cache.c>
|
|
# TODO: Should we cache the rest of the API too?
|
|
CacheEnable mem /api/tenant/.*/status
|
|
CacheEnable mem /static/.*
|
|
# 80MB max cache size. 10 objects at 8MB max each.
|
|
MCacheSize 81920
|
|
MCacheMaxObjectCount 10
|
|
MCacheMinObjectSize 1
|
|
# 8MByte max size per cache entry
|
|
MCacheMaxObjectSize 8388608
|
|
MCacheMaxStreamingBuffer 8388608
|
|
</IfModule>
|
|
<IfModule mod_cache_disk.c>
|
|
CacheEnable disk /api/tenant/.*/status
|
|
CacheEnable disk /static/.*
|
|
CacheRoot /var/cache/apache2/mod_cache_disk
|
|
CacheMaxFileSize 10000000
|
|
</IfModule>
|
|
</IfModule>
|
|
</VirtualHost>
|
|
</IfModule>
|