Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jean-Paul Smets
slapos
Commits
4323f30f
Commit
4323f30f
authored
May 11, 2012
by
Cédric de Saint Martin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Frontend: Improve Apache configuration, inspired by octopus conf
parent
7863491e
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
42 additions
and
3 deletions
+42
-3
slapos/recipe/apache_frontend/__init__.py
slapos/recipe/apache_frontend/__init__.py
+12
-1
slapos/recipe/apache_frontend/template/apache.conf.in
slapos/recipe/apache_frontend/template/apache.conf.in
+18
-1
slapos/recipe/apache_frontend/template/apache.ssl-snippet.conf.in
...ecipe/apache_frontend/template/apache.ssl-snippet.conf.in
+12
-1
No files found.
slapos/recipe/apache_frontend/__init__.py
View file @
4323f30f
...
...
@@ -463,6 +463,13 @@ class Recipe(BaseSlapRecipe):
notfound_file_content
=
open
(
notfound_template_file_location
,
'r'
).
read
()
self
.
_writeFile
(
notfound_file_location
,
notfound_file_content
)
# Create mod_ssl cache directory
cache_directory_location
=
os
.
path
.
join
(
self
.
var_directory
,
'cache'
)
mod_ssl_cache_location
=
os
.
path
.
join
(
cache_directory_location
,
'httpd_mod_ssl'
)
self
.
_createDirectory
(
cache_directory_location
)
self
.
_createDirectory
(
mod_ssl_cache_location
)
# Create configuration file and rewritemaps
apachemap_name
=
"apachemap.txt"
apachemapzope_name
=
"apachemapzope.txt"
...
...
@@ -472,7 +479,11 @@ class Recipe(BaseSlapRecipe):
apache_conf
=
self
.
_getApacheConfigurationDict
(
name
,
ip_list
,
port
)
apache_conf
[
'ssl_snippet'
]
=
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'apache.ssl-snippet.conf.in'
),
dict
(
login_certificate
=
certificate
,
login_key
=
key
))
dict
(
login_certificate
=
certificate
,
login_key
=
key
,
httpd_mod_ssl_cache_directory
=
mod_ssl_cache_location
,
)
)
apache_conf
[
"listen"
]
=
"
\
n
"
.
join
([
"Listen %s:%s"
%
(
ip
,
port
)
for
ip
in
ip_list
])
...
...
slapos/recipe/apache_frontend/template/apache.conf.in
View file @
4323f30f
...
...
@@ -70,6 +70,7 @@ LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule cache_module modules/mod_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule antiloris_module modules/mod_antiloris.so
CacheDefaultExpire 3600
...
...
@@ -77,7 +78,8 @@ CacheDefaultExpire 3600
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
...
...
@@ -93,3 +95,18 @@ BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
# Cache directives
CacheEnable mem /
MCacheSize 8192
MCacheMaxObjectCount 1000
MCacheMaxObjectSize 8192
MCacheRemovalAlgorithm LRU
# Deflate
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent
slapos/recipe/apache_frontend/template/apache.ssl-snippet.conf.in
View file @
4323f30f
...
...
@@ -4,5 +4,16 @@ SSLCertificateFile %(login_certificate)s
SSLCertificateKeyFile %(login_key)s
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache shmcb:/%(httpd_mod_ssl_cache_directory)s/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
# Accept proxy to sites using self-signed SSL certificates
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment