diff options
Diffstat (limited to 'roles/sublab_web/templates')
-rw-r--r-- | roles/sublab_web/templates/dump.conf.j2 | 7 | ||||
-rw-r--r-- | roles/sublab_web/templates/server.conf.j2 | 73 | ||||
-rw-r--r-- | roles/sublab_web/templates/ssl.conf.j2 | 20 | ||||
-rw-r--r-- | roles/sublab_web/templates/subdap-plain.conf.j2 | 1 | ||||
-rw-r--r-- | roles/sublab_web/templates/subdap-ssl.conf.j2 | 13 | ||||
-rw-r--r-- | roles/sublab_web/templates/vhost.conf.j2 | 12 | ||||
-rw-r--r-- | roles/sublab_web/templates/wiki.conf.j2 | 20 |
7 files changed, 146 insertions, 0 deletions
diff --git a/roles/sublab_web/templates/dump.conf.j2 b/roles/sublab_web/templates/dump.conf.j2 new file mode 100644 index 0000000..e0d74f6 --- /dev/null +++ b/roles/sublab_web/templates/dump.conf.j2 @@ -0,0 +1,7 @@ +Alias /dump /var/www/{{ sublab_web_server_name }}/dump +<Directory /var/www/{{ sublab_web_server_name }}/dump> + AllowOverride None + Order allow,deny + Allow from all + Options +FollowSymLinks +</Directory> diff --git a/roles/sublab_web/templates/server.conf.j2 b/roles/sublab_web/templates/server.conf.j2 new file mode 100644 index 0000000..aee5ab4 --- /dev/null +++ b/roles/sublab_web/templates/server.conf.j2 @@ -0,0 +1,73 @@ +ServerAdmin nobody@nowhere.ws +ServerName {{ sublab_web_server_name }} +ServerAlias www.{{ sublab_web_server_name }} + +DocumentRoot /var/www/{{ sublab_web_server_name }}/htdocs/public + +<Directory /var/www/{{ sublab_web_server_name }}/htdocs/public> + AllowOverride None + Require all granted +</Directory> + +RewriteEngine On + +RewriteRule ^/lounge/?$ /sublounge [R=302] +RewriteRule ^/phantomspeisung/?$ /vokue [R=301] +RewriteRule ^/vokue/?$ /wiki/Phantomspeisung/ [R=301] + +RewriteRule ^/cryptocon14(/?|.*)$ https://cryptocon.org/14$1 [R=301,last] +RewriteRule ^/cryptocon15(/?|.*)$ https://cryptocon.org/15$1 [R=301,last] + +# Allow the drop of .html +RewriteRule ^/([^/\.]+)$ /$1.html + +# RewriteLog /tmp/rewrite-log +# RewriteLogLevel 9 + +ErrorDocument 401 /401.html +ErrorDocument 404 /404.html + +<Location /server-status> + SetHandler server-status + Require ip 127.0.0.1 +</Location> +<Location /server-info> + SetHandler server-info + Require ip 127.0.0.1 +</Location> +Redirect 301 /sublab_status.json /status.json +<Location /sublab_status.json> + Header set Access-Control-Allow-Origin * + Header set Cache-Control no-cache +</Location> +<Location /status.json> + Header set Access-Control-Allow-Origin * + Header set Cache-Control no-cache +</Location> +<Location /css/nautilus.status.css> + Header set Cache-Control no-cache +</Location> +<Location /css/sublab.status.css> + Header set Cache-Control no-cache +</Location> +<Location /css/trieste.status.css> + Header set Cache-Control no-cache +</Location> +<Location /css/taifun.status.css> + Header set Cache-Control no-cache +</Location> +<Location /api/status> + Header set Cache-Control no-cache +</Location> +<Location /img/thumb.tempgraph.png> + Header set Cache-Control no-cache +</Location> +<Location /img/thumb.street.webcam.jpg> + Header set Cache-Control no-cache +</Location> +<Location /img/street.webcam.jpg> + Header set Cache-Control no-cache +</Location> +<Location /img/tempgraph.png> + Header set Cache-Control no-cache +</Location> diff --git a/roles/sublab_web/templates/ssl.conf.j2 b/roles/sublab_web/templates/ssl.conf.j2 new file mode 100644 index 0000000..5d02eed --- /dev/null +++ b/roles/sublab_web/templates/ssl.conf.j2 @@ -0,0 +1,20 @@ +SSLEngine On + +SSLCertificateChainFile /etc/apache2/sites/{{ sublab_web_server_name }}/ssl/chain.pem +SSLCertificateFile /etc/apache2/sites/{{ sublab_web_server_name }}/ssl/cert.pem +SSLCertificateKeyFile /etc/apache2/sites/{{ sublab_web_server_name }}/ssl/key.pem + +SSLEngine On +SSLHonorCipherOrder on +SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 -SSLv3 -SSLv2 +SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK +SSLCompression off + +#Header always set Strict-Transport-Security "max-age=15984000" + +SSLOptions StdEnvVars + +BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 +BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown diff --git a/roles/sublab_web/templates/subdap-plain.conf.j2 b/roles/sublab_web/templates/subdap-plain.conf.j2 new file mode 100644 index 0000000..c79370d --- /dev/null +++ b/roles/sublab_web/templates/subdap-plain.conf.j2 @@ -0,0 +1 @@ +RedirectMatch permanent ^/(subdap(/?|/.*))$ https://{{ sublab_web_server_name }}/$1 diff --git a/roles/sublab_web/templates/subdap-ssl.conf.j2 b/roles/sublab_web/templates/subdap-ssl.conf.j2 new file mode 100644 index 0000000..bec8c54 --- /dev/null +++ b/roles/sublab_web/templates/subdap-ssl.conf.j2 @@ -0,0 +1,13 @@ +<Location "/subdap/"> + ProxyPass "http://127.0.0.1:8001/" +</Location> +<Location "/subdap/static"> + ProxyPass "!" +</Location> + +Alias /subdap/static /var/subdap/src/static +<Directory /var/subdap/src/static> + Options -Indexes -ExecCGI + AllowOverride None + Require all granted +</Directory> diff --git a/roles/sublab_web/templates/vhost.conf.j2 b/roles/sublab_web/templates/vhost.conf.j2 new file mode 100644 index 0000000..6c3851d --- /dev/null +++ b/roles/sublab_web/templates/vhost.conf.j2 @@ -0,0 +1,12 @@ +<VirtualHost *:80> + Include sites/{{ sublab_web_server_name }}/subdap-plain.conf + Include sites/{{ sublab_web_server_name }}/server.conf + Include sites/{{ sublab_web_server_name }}/wiki.conf + Include sites/{{ sublab_web_server_name }}/dump.conf +</VirtualHost> +<VirtualHost *:443> + Include sites/{{ sublab_web_server_name }}/ssl.conf + Include sites/{{ sublab_web_server_name }}/subdap-ssl.conf + Include sites/{{ sublab_web_server_name }}/server.conf + Include sites/{{ sublab_web_server_name }}/wiki.conf +</VirtualHost> diff --git a/roles/sublab_web/templates/wiki.conf.j2 b/roles/sublab_web/templates/wiki.conf.j2 new file mode 100644 index 0000000..90a2f1d --- /dev/null +++ b/roles/sublab_web/templates/wiki.conf.j2 @@ -0,0 +1,20 @@ +Alias /wiki/ /home/wiki-{{ sublab_web_server_name }}/wiki-html/ +<Directory /home/wiki-{{ sublab_web_server_name }}/wiki-html> + AllowOverride None + Order allow,deny + allow from all + AddHandler cgi-script .cgi + Options +ExecCGI +</Directory> +<Directory /home/wiki-{{ sublab_web_server_name }}/wiki-html/auth> + AuthType basic + AuthBasicProvider ldap + AuthName "LDAP Login" + AuthLDAPBindDN "cn=apache-{{ ansible_nodename }},ou=service,dc=sublab,dc=org" + AuthLDAPBindPassword "{{ ldap_credentials["apache-" + ansible_nodename] }}" + AuthLDAPURL "{{ ldap_url }}/ou=people,dc=sublab,dc=org" + # AuthzLDAPAuthoritative on + # Require ldap-group cn=members,ou=groups,dc=sublab,dc=org + Require valid-user +</Directory> +LDAPTrustedMode TLS |