{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {% set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%} {% set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%} {%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%} <VirtualHost *:{{ https_port }}> ServerName {{ slave_parameter.get('custom_domain') }} ServerAlias {{ slave_parameter.get('custom_domain') }} {%- if 'server-alias' in slave_parameter -%} {% set server_alias_list = slave_parameter.get('server-alias', '').split() %} {%- for server_alias in server_alias_list %} ServerAlias {{ server_alias }} {% endfor %} {%- endif %} SSLEngine on SSLProxyEngine on {% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%} {% if ssl_proxy_verify -%} {% if 'ssl_proxy_ca_crt' in slave_parameter -%} SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }} {% endif %} SSLProxyVerify require #SSLProxyCheckPeerCN on SSLProxyCheckPeerExpire on {% endif %} SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5 SSLHonorCipherOrder on {% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'), ('SSLCertificateKeyFile', 'path_to_ssl_key'), ('SSLCACertificateFile', 'path_to_ssl_ca_crt'), ('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%} {% for key, value in ssl_configuration_list -%} {% if value in slave_parameter -%} {{ ' %s' % key }} {{ slave_parameter.get(value) }} {% endif -%} {% endfor -%} # One Slave two logs ErrorLog "{{ slave_parameter.get('error_log') }}" LogLevel info LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined CustomLog "{{ slave_parameter.get('access_log') }}" combined # Rewrite part ProxyPreserveHost On ProxyTimeout 600 {% if disable_via_header %} Header unset Via {% endif -%} RewriteEngine On {% if disable_no_cache_header %} RequestHeader unset Cache-Control RequestHeader unset Pragma {% endif -%} {% if 'disabled-cookie-list' in slave_parameter -%} {% set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %} {%- for disabled_cookie in disabled_cookie_list %} {{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }} {% endfor -%} {% endif %} {%- if prefer_gzip %} RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip" {% endif %} {% if slave_parameter.get('type', '') == 'zope' -%} {% if 'default-path' in slave_parameter %} RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L] {% endif -%} # First, we check if we have a zope backend server # If so, let's use Virtual Host Daemon rewrite # We suppose that Apache listens to 443 (even indirectly thanks to things like iptables) RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/https//%{SERVER_NAME}:443/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P] {% elif slave_parameter.get('type', '') == 'redirect' -%} RewriteRule (.*) {{slave_parameter.get('url', '')}}$1 [R,L] {% else -%} {% if 'default-path' in slave_parameter %} RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L] {% endif -%} RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P] {% endif -%} </VirtualHost> <VirtualHost *:{{ http_port }}> ServerName {{ slave_parameter.get('custom_domain') }} ServerAlias {{ slave_parameter.get('custom_domain') }} {%- if 'server-alias' in slave_parameter %} {% set server_alias_list = slave_parameter.get('server-alias', '').split() %} {%- for server_alias in server_alias_list %} ServerAlias {{ server_alias }} {% endfor -%} {% endif %} SSLProxyEngine on {% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%} {% if ssl_proxy_verify -%} {% if 'ssl_proxy_ca_crt' in slave_parameter -%} SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }} {% endif %} SSLProxyVerify require #SSLProxyCheckPeerCN on SSLProxyCheckPeerExpire on {% endif %} # Rewrite part ProxyPreserveHost On ProxyTimeout 600 {% if disable_via_header %} Header unset Via {% endif -%} RewriteEngine On # One Slave two logs ErrorLog "{{ slave_parameter.get('error_log') }}" LogLevel info LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined CustomLog "{{ slave_parameter.get('access_log') }}" combined # Remove "Secure" from cookies, as backend may be https Header edit Set-Cookie "(?i)^(.+);secure$" "$1" {% if disable_no_cache_header %} RequestHeader unset Cache-Control RequestHeader unset Pragma {% endif -%} {% if 'disabled-cookie-list' in slave_parameter -%} {% set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %} {%- for disabled_cookie in disabled_cookie_list %} {{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }} {% endfor -%} {% endif %} {%- if prefer_gzip %} RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip" {% endif %} # Next line is forbidden and people who copy it will be hanged short {% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%} {% if https_only -%} # Not using HTTPS? Ask that guy over there. # Dummy redirection to https. Note: will work only if https listens # on standard port (443). RewriteCond %{SERVER_PORT} !^{{ https_port }}$ RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L] {% elif slave_parameter.get('type', '') == 'redirect' -%} RewriteRule (.*) {{slave_parameter.get('url', '')}}$1 [R,L] {% elif slave_parameter.get('type', '') == 'zope' -%} {% if 'default-path' in slave_parameter %} RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L] {% endif -%} # First, we check if we have a zope backend server # If so, let's use Virtual Host Daemon rewrite # We suppose that Apache listens to 80 (even indirectly thanks to things like iptables) RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/VirtualHostBase/http/%{SERVER_NAME}:80/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P] {% else -%} {% if 'default-path' in slave_parameter %} RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L] {% endif -%} RewriteRule ^/(.*)$ {{ slave_parameter.get('url', '') }}/$1 [L,P] {% endif -%} # If nothing exist : put a nice error # ErrorDocument 404 /notfound.html # Dadiboom </VirtualHost>