From 57427cf6fddd5d66439f9c3f63349b64fa70e81e Mon Sep 17 00:00:00 2001
From: Rafael Monnerat <rafael@nexedi.com>
Date: Thu, 17 Nov 2016 18:11:36 +0100
Subject: [PATCH] apache-frontend: Small clean up on template for default
 virtual host

---
 software/apache-frontend/common.cfg           |  2 +-
 .../templates/default-virtualhost.conf.in     | 67 ++++++++-----------
 2 files changed, 29 insertions(+), 40 deletions(-)

diff --git a/software/apache-frontend/common.cfg b/software/apache-frontend/common.cfg
index 64f59a89a..9e45f8753 100644
--- a/software/apache-frontend/common.cfg
+++ b/software/apache-frontend/common.cfg
@@ -121,7 +121,7 @@ mode = 640
 [template-default-slave-virtualhost]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
-md5sum = 8975fd41fae2dcac92e18df3c6375f9a 
+md5sum = e5ed71c5e22ab91e33a71bd09879e23c 
 mode = 640
 
 [template-cached-slave-virtualhost]
diff --git a/software/apache-frontend/templates/default-virtualhost.conf.in b/software/apache-frontend/templates/default-virtualhost.conf.in
index cdbf00a29..e0a7dd10b 100644
--- a/software/apache-frontend/templates/default-virtualhost.conf.in
+++ b/software/apache-frontend/templates/default-virtualhost.conf.in
@@ -1,22 +1,27 @@
-{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
-{% set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%}
-{% set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
+{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
+{%- set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%}
+{%- set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
 {%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
- 
+{%- set server_alias_list =  slave_parameter.get('server-alias', '').split() -%}
+{%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
+{%- set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() -%}
+{%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
+{%- set slave_type = slave_parameter.get('type', '') -%}
+{%- set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
+                                 ('SSLCertificateKeyFile', 'path_to_ssl_key'),
+                                 ('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
+                                 ('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
+
 <VirtualHost *:{{ https_port }}>
   ServerName {{ slave_parameter.get('custom_domain') }}
   ServerAlias {{ slave_parameter.get('custom_domain') }}
 
-{%- if 'server-alias' in slave_parameter -%}
-  {% set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
-  {%- for server_alias in server_alias_list %}
+{%- for server_alias in server_alias_list %}
   ServerAlias {{ server_alias }}
-  {% endfor %}
-{%- endif %}
+{% endfor %}
 
   SSLEngine on
   SSLProxyEngine on
-{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
 {% if ssl_proxy_verify -%}
 {%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
@@ -29,18 +34,12 @@
   SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
   SSLHonorCipherOrder on
 
-{% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
-       			      	 ('SSLCertificateKeyFile', 'path_to_ssl_key'),
-                                 ('SSLCACertificateFile', 'path_to_ssl_ca_crt'),
-                                 ('SSLCertificateChainFile', 'path_to_ssl_ca_crt')] -%}
-
 {% for key, value in ssl_configuration_list -%}
 {%   if value in slave_parameter -%}
 {{ '  %s' % key }} {{ slave_parameter.get(value) }}
 {% endif -%}
 {% endfor -%}
 
-
   # One Slave two logs
   ErrorLog "{{ slave_parameter.get('error_log') }}"
   LogLevel info
@@ -50,28 +49,26 @@
   # Rewrite part
   ProxyPreserveHost On
   ProxyTimeout 600
+  RewriteEngine On
+
 {% if disable_via_header %}
   Header unset Via
 {% endif -%}
-  RewriteEngine On
 
 {% if disable_no_cache_header %}
   RequestHeader unset Cache-Control
   RequestHeader unset Pragma
 {% endif -%}
 
-{% if 'disabled-cookie-list' in slave_parameter -%}
-  {% set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() %}
-  {%- for disabled_cookie in disabled_cookie_list %}
+{%- for disabled_cookie in disabled_cookie_list %}
 {{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
-  {% endfor -%}
-{% endif %}
+{% endfor -%}
 
 {%- if prefer_gzip %}
   RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
 {% endif %}
 
-{% if slave_parameter.get('type', '') ==  'zope' -%}
+{% if slave_type ==  'zope' -%}
   {% if 'default-path' in slave_parameter %}
   RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
   {% endif -%}
@@ -79,8 +76,8 @@
   # If so, let's use Virtual Host Monster rewrite
   # We suppose that Apache listens to 443 (even indirectly thanks to things like iptables)
   RewriteRule ^/(.*)$ {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }}/VirtualHostBase/https//%{SERVER_NAME}:443/{{ slave_parameter.get('path', '') }}/VirtualHostRoot/$1 [L,P]
-{% elif slave_parameter.get('type', '') ==  'redirect' -%}
-  RewriteRule     (.*)  {{ slave_parameter.get('https-url', slave_parameter.get('url', ''))}}$1 [R,L]
+{% elif slave_type ==  'redirect' -%}
+  RewriteRule  (.*)  {{ slave_parameter.get('https-url', slave_parameter.get('url', ''))}}$1 [R,L]
 {% else -%}
   {% if 'default-path' in slave_parameter %}
   RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
@@ -93,15 +90,11 @@
   ServerName {{ slave_parameter.get('custom_domain') }}
   ServerAlias {{ slave_parameter.get('custom_domain') }}
 
-{%- if 'server-alias' in slave_parameter %}
-  {% set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
-  {%- for server_alias in server_alias_list %}
+{%-  for server_alias in server_alias_list %}
   ServerAlias {{ server_alias }}
-  {% endfor -%}
-{% endif %}
+{% endfor -%}
 
   SSLProxyEngine on
-{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
 {% if ssl_proxy_verify -%}
 {%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
@@ -132,28 +125,24 @@
   RequestHeader unset Pragma
 {% endif -%}
 
-{% if 'disabled-cookie-list' in slave_parameter -%}
-  {% set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() %}
-  {%- for disabled_cookie in disabled_cookie_list %}
+{%- for disabled_cookie in disabled_cookie_list %}
 {{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
-  {% endfor -%}
-{% endif %}
+{% endfor -%}
 
 {%- if prefer_gzip %}
   RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
 {% endif %}
 
 # Next line is forbidden and people who copy it will be hanged short
-{% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
 {% if https_only -%}
   # Not using HTTPS? Ask that guy over there.
   # Dummy redirection to https. Note: will work only if https listens
   # on standard port (443).
   RewriteCond     %{SERVER_PORT}  !^{{ https_port }}$
   RewriteRule     ^/(.*)          https://%{SERVER_NAME}/$1 [NC,R,L]
-{% elif slave_parameter.get('type', '') ==  'redirect' -%}
+{% elif slave_type ==  'redirect' -%}
   RewriteRule     (.*)  {{slave_parameter.get('url', '')}}$1 [R,L]
-{% elif slave_parameter.get('type', '') ==  'zope' -%}
+{% elif slave_type ==  'zope' -%}
   {% if 'default-path' in slave_parameter %}
   RewriteRule ^/?$ {{ slave_parameter.get('default-path') }} [R=301,L]
   {% endif -%}
-- 
2.30.9