Skip to content

Instantly share code, notes, and snippets.

@Zordrak
Created June 23, 2014 10:12
Show Gist options
  • Save Zordrak/78abd2e930a721727795 to your computer and use it in GitHub Desktop.
Save Zordrak/78abd2e930a721727795 to your computer and use it in GitHub Desktop.
<VirtualHost *:<%=@rev_port-%><%#81%>>
<IfModule headers_module>
Header append WebBox "<%=@node_short_name-%><%- if @conf_type == 'ssl_compat' -%>_ssl_compat<%- end -%>"
</IfModule>
ServerName <%=@web_external_url-%>
<%- if defined? @server_alias and @server_alias != "" -%>
<%- if @server_alias.is_a? Array -%>
ServerAlias <%= @server_alias.flatten.join(" ") -%>
<%- else -%>
ServerAlias <%= @server_alias -%>
<%- end -%>
<%- end -%>
<%- if defined? @document_root -%>
DocumentRoot "<%=@document_root-%>"
<%- end -%>
LogLevel <%=@log_level-%><%#warn%>
ErrorLog logs/<%=@error_log-%><%#ec_fake_ssl_error_log%>
TransferLog logs/<%=@transfer_log-%><%#ec_fake_ssl_access_log%>
CustomLog logs/<%=@json_log-%><%#ec_fake_ssl_access_log_json json_log%> json_log
<%- if defined? @ssl_cert and defined? @ssl_key -%>
# SSL
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /etc/pki/tls/certs/<%=@ssl_cert-%>
SSLCertificateKeyFile /etc/pki/tls/private/<%=@ssl_key-%>
<%- if defined? @ssl_chain -%>
SSLCertificateChainFile /etc/pki/tls/certs/<%=@ssl_chain-%>
<%- end -%>
<%- if defined? @ssl_ca -%>
SSLCACertificateFile /etc/pki/tls/certs/<%=@ssl_ca-%>
<%- end -%>
<%- end -%>
<%- unless @conf_type == 'ssl_compat' -%>
<%- if defined? @error_400 -%>
ErrorDocument 400 <%=@error_400-%><%#/error/index.html%>
<%- end -%>
<%- if defined? @error_403 -%>
ErrorDocument 403 <%=@error_403-%><%#/error/index.html OR /error/@type.html%>
<%- end -%>
<%- if defined? @error_404 -%>
ErrorDocument 404 <%=@error_404-%><%#/error/notfound.html%>
<%- end -%>
<%- if defined? @error_500 -%>
ErrorDocument 500 <%=@error_500-%><%#/error/index.html%>
<%- end -%>
<%- if defined? @error_502 -%>
ErrorDocument 502 <%=@error_502-%><%#/error/index.html%>
<%- end %>
ProxyPass /assets !
ProxyPass /error !
ProxyPass /server-status !
ProxyPass /favicon.ico !
ProxyPass /robots.txt !
ProxyPass /apple-touch-icon.png !
ProxyPass /apple-touch-icon-72x72.png !
ProxyPass /apple-touch-icon-114x114.png !
ProxyPass /apple-touch-icon-144x144.png !
Alias /assets <%=@assets_path-%>
<%- end -%>
ProxyPreserveHost <%=@proxy_preserve_host-%>
ProxyErrorOverride <%=@proxy_error_override-%>
<Location />
<%- if @allow_list.is_a? Hash -%>
Order deny,allow
Deny from all
<%- @allow_list.keys.sort.each do |key| -%>
Allow from <%= @allow_list[key] -%><% if @allow_list[key].length < 7 -%> <% elsif @allow_list[key].length < 15 -%> <% else -%> <% end -%># <%= key -%>
<%- end -%>
<%- else %>
Order allow,deny
Allow from all
<%- end %>
<IfModule mod_headers.c>
<%-#RequestHeader set Host <%=@app_server_ip percent>
ProxyPass http://<%=@app_server_ip-%>:<%=@next_port-%><%#8080%>/
ProxyPassReverse http://<%=@app_server_ip-%>:<%=@next_port-%><%#8080%>/
ProxyPassReverse https://<%=@app_server_ip-%>:<%=@rev_port-%><%#81%>/
ProxyPassReverse https://<%=@app_server_ip-%>/
Header edit Location ^http://<%=@web_external_url-%>(.*)$ https://<%=@web_external_url-%>$1
</IfModule>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</Location>
<%- unless @conf_type == 'ssl_compat' -%>
<Location /error>
Allow from all
</Location>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
Header edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
<%- end %>
</VirtualHost>
<VirtualHost *:80>
ServerName <%=@web_external_url-%>
Redirect permanent / https://<%=@web_external_url-%>/
</VirtualHost>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment