opendev/system-config
Code Issues Proposed changes
e69e25dc5d
system-config/playbooks/roles/refstack/templates/refstack.vhost.j2
Martin Kopec 834e39fc7e refstack: Edit URL of public RefStackAPI 
The previous refstack server had 'api' in the endpoint
addresses of API calls. Let's try to set it in the new
instance as well to keep the same interface.

Also, fix the typo in the testinfra host match and in
the test name.

Change-Id: I7319990144396b3a753678975a09b0add3ac4465
2021-03-10 14:09:20 +11:00

67 lines
2.2 KiB
Django/Jinja
Raw Blame History

<VirtualHost *:80>
ServerName {{ inventory_hostname }}
ServerAdmin infra-root@openstack.org
ErrorLog ${APACHE_LOG_DIR}/refstack-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/refstack-access.log combined
Redirect / https://refstack.openstack.org/
</VirtualHost>
<VirtualHost *:443>
ServerName {{ inventory_hostname }}
ServerAdmin webmaster@openstack.org
RewriteCond %{HTTP_HOST} !^refstack\.openstack\.org [nocase]
RewriteRule ^/(.*) https://refstack.openstack.org/$1 [last,redirect=permanent]
AllowEncodedSlashes On
ErrorLog ${APACHE_LOG_DIR}/refstack-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/refstack-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer
ProxyPass / http://localhost:8000/ retry=0
ProxyPassReverse / http://localhost:8000/
# Redirect all /api requests to the internal server's address for backward
# compatibility - previously the vhost configuration redirected all /api
# requests to a wsgi app which executed refstack to handle the request.
# Now the refstack server is containerized and the server is served by pecan
# where 'pecan serve' does the same as the wsgi app before plus it also
# serves the UI interface. This has caused that the resources previously
# found under /api/ are one level higher (omitting the /api part of the
# URLs).
# Example: <hostname>/api/v1/results is now at <hostname>/v1/results
<Location "/api/">
ProxyPass "http://localhost:8000/"
</Location>
<Location "/robots.txt">
ProxyPass !
</Location>
<Directory "/var/lib/refstack/www">
Require all granted
</Directory>
Alias /robots.txt /var/lib/refstack/www/robots.txt
</VirtualHost>
View Git Blame Copy Permalink