opendev/system-config
Code Issues Proposed changes
5fc5646cdd
system-config/modules/storyboard/templates/storyboard.vhost.erb
Monty Taylor fa3b8f4869 Make storyboard run over ssl 
We're doing auth now, so we should really do it over SSL.

The cert contents are already in hiera.

Change-Id: Ia939e228785168705840acd6d377e6c25ba3370d
2014-03-09 16:01:09 -07:00

63 lines
2.0 KiB
Plaintext
Raw Blame History

<VirtualHost <%= scope.lookupvar("storyboard::vhost_name") %>:80>
ServerAdmin <%= scope.lookupvar("storyboard::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined
Redirect / https://<%= scope.lookupvar("storyboard::vhost_name") %>/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost <%= scope.lookupvar("storyboard::vhost_name") %>:443>
ServerName <%= scope.lookupvar("storyboard::vhost_name") %>
ServerAdmin <%= scope.lookupvar("storyboard::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/storyboard-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/storyboard-ssl-access.log combined
SSLEngine on
SSLCertificateFile <%= scope.lookupvar("storyboard::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("storyboard::ssl_key_file") %>
<% if scope.lookupvar("storyboard::ssl_chain_file") != "" %>
SSLCertificateChainFile <%= scope.lookupvar("storyboard::ssl_chain_file") %>
<% end %>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
DocumentRoot /var/lib/storyboard/www
WSGIDaemonProcess storyboard user=storyboard group=storyboard threads=5 python-path=/usr/local/lib/python2.7/dist-packages
WSGIScriptAlias /api /usr/local/lib/python2.7/dist-packages/storyboard/api/app.wsgi
WSGIPassAuthorization On
# The app.wsgi file has to be accessible by apache. It won't
# be visible to clients because of the DocumentRoot though.
<Directory /usr/local/lib/python2.7/dist-packages/storyboard/>
WSGIProcessGroup storyboard
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
</IfModule>
View Git Blame Copy Permalink