Zordrak/gist:78abd2e930a721727795

## gistfile1.rb


<VirtualHost *:<%=@rev_port-%><%#81%>>

    <IfModule headers_module>
    Header append WebBox "<%=@node_short_name-%><%- if @conf_type == 'ssl_compat' -%>_ssl_compat<%- end -%>"
    </IfModule>

    ServerName <%=@web_external_url-%>
    <%- if defined? @server_alias and @server_alias != "" -%>
      <%- if @server_alias.is_a? Array -%>
    ServerAlias <%= @server_alias.flatten.join(" ") -%>
      <%- else -%>
    ServerAlias <%= @server_alias -%>
      <%- end -%>
    <%- end -%>
    <%- if defined? @document_root -%>
    DocumentRoot "<%=@document_root-%>"
    <%- end -%>

    LogLevel <%=@log_level-%><%#warn%>
    ErrorLog logs/<%=@error_log-%><%#ec_fake_ssl_error_log%>
    TransferLog logs/<%=@transfer_log-%><%#ec_fake_ssl_access_log%>
    CustomLog logs/<%=@json_log-%><%#ec_fake_ssl_access_log_json json_log%> json_log

    <%- if defined? @ssl_cert and defined? @ssl_key -%>
    # SSL
    SSLEngine on
    SSLProxyEngine On
    SSLCertificateFile /etc/pki/tls/certs/<%=@ssl_cert-%>
    SSLCertificateKeyFile /etc/pki/tls/private/<%=@ssl_key-%>
      <%- if defined? @ssl_chain -%>
    SSLCertificateChainFile /etc/pki/tls/certs/<%=@ssl_chain-%>
      <%- end -%>
      <%- if defined? @ssl_ca -%>
    SSLCACertificateFile /etc/pki/tls/certs/<%=@ssl_ca-%>
      <%- end -%>
    <%- end -%>
    <%- unless @conf_type == 'ssl_compat' -%>
      <%- if defined? @error_400 -%>
    ErrorDocument 400 <%=@error_400-%><%#/error/index.html%>
      <%- end -%>
      <%- if defined? @error_403 -%>
    ErrorDocument 403 <%=@error_403-%><%#/error/index.html OR /error/@type.html%>
      <%- end -%>
      <%- if defined? @error_404 -%>
    ErrorDocument 404 <%=@error_404-%><%#/error/notfound.html%>
      <%- end -%>
      <%- if defined? @error_500 -%>
    ErrorDocument 500 <%=@error_500-%><%#/error/index.html%>
      <%- end -%>
      <%- if defined? @error_502 -%>
    ErrorDocument 502 <%=@error_502-%><%#/error/index.html%>
      <%- end %>
    ProxyPass /assets !
    ProxyPass /error !
    ProxyPass /server-status !
    ProxyPass /favicon.ico !
    ProxyPass /robots.txt !
    ProxyPass /apple-touch-icon.png !
    ProxyPass /apple-touch-icon-72x72.png !
    ProxyPass /apple-touch-icon-114x114.png !
    ProxyPass /apple-touch-icon-144x144.png !

    Alias /assets <%=@assets_path-%>
    <%- end -%>
    ProxyPreserveHost <%=@proxy_preserve_host-%>
    ProxyErrorOverride <%=@proxy_error_override-%>

    <Location />
      <%- if @allow_list.is_a? Hash -%>
      Order deny,allow
      Deny from all
        <%- @allow_list.keys.sort.each do |key| -%>
      Allow from <%= @allow_list[key] -%><% if @allow_list[key].length < 7 -%>			<% elsif @allow_list[key].length < 15 -%>		<% else -%>	<% end -%># <%= key -%>
        <%- end -%>
      <%- else %>
      Order allow,deny
      Allow from all

      <%- end %>
      <IfModule mod_headers.c>
        <%-#RequestHeader set Host <%=@app_server_ip percent>
        ProxyPass         http://<%=@app_server_ip-%>:<%=@next_port-%><%#8080%>/
        ProxyPassReverse  http://<%=@app_server_ip-%>:<%=@next_port-%><%#8080%>/
        ProxyPassReverse  https://<%=@app_server_ip-%>:<%=@rev_port-%><%#81%>/
        ProxyPassReverse  https://<%=@app_server_ip-%>/

        Header edit Location ^http://<%=@web_external_url-%>(.*)$ https://<%=@web_external_url-%>$1
      </IfModule>

      AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
      BrowserMatch ^Mozilla/4 gzip-only-text/html
      BrowserMatch ^Mozilla/4\.0[678] no-gzip
      BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

    </Location>

    <%- unless @conf_type == 'ssl_compat' -%>
    <Location /error>
      Allow from all
    </Location>

    SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

    Header edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
    <%- end %>
</VirtualHost>

<VirtualHost *:80>
    ServerName <%=@web_external_url-%>
    Redirect permanent / https://<%=@web_external_url-%>/
</VirtualHost>


	<VirtualHost *:<%=@rev_port-%><%#81%>>

	<IfModule headers_module>
	Header append WebBox "<%=@node_short_name-%><%- if @conf_type == 'ssl_compat' -%>_ssl_compat<%- end -%>"
	</IfModule>

	ServerName <%=@web_external_url-%>
	<%- if defined? @server_alias and @server_alias != "" -%>
	<%- if @server_alias.is_a? Array -%>
	ServerAlias <%= @server_alias.flatten.join(" ") -%>
	<%- else -%>
	ServerAlias <%= @server_alias -%>
	<%- end -%>
	<%- end -%>
	<%- if defined? @document_root -%>
	DocumentRoot "<%=@document_root-%>"
	<%- end -%>

	LogLevel <%=@log_level-%><%#warn%>
	ErrorLog logs/<%=@error_log-%><%#ec_fake_ssl_error_log%>
	TransferLog logs/<%=@transfer_log-%><%#ec_fake_ssl_access_log%>
	CustomLog logs/<%=@json_log-%><%#ec_fake_ssl_access_log_json json_log%> json_log

	<%- if defined? @ssl_cert and defined? @ssl_key -%>
	# SSL
	SSLEngine on
	SSLProxyEngine On
	SSLCertificateFile /etc/pki/tls/certs/<%=@ssl_cert-%>
	SSLCertificateKeyFile /etc/pki/tls/private/<%=@ssl_key-%>
	<%- if defined? @ssl_chain -%>
	SSLCertificateChainFile /etc/pki/tls/certs/<%=@ssl_chain-%>
	<%- end -%>
	<%- if defined? @ssl_ca -%>
	SSLCACertificateFile /etc/pki/tls/certs/<%=@ssl_ca-%>
	<%- end -%>
	<%- end -%>
	<%- unless @conf_type == 'ssl_compat' -%>
	<%- if defined? @error_400 -%>
	ErrorDocument 400 <%=@error_400-%><%#/error/index.html%>
	<%- end -%>
	<%- if defined? @error_403 -%>
	ErrorDocument 403 <%=@error_403-%><%#/error/index.html OR /error/@type.html%>
	<%- end -%>
	<%- if defined? @error_404 -%>
	ErrorDocument 404 <%=@error_404-%><%#/error/notfound.html%>
	<%- end -%>
	<%- if defined? @error_500 -%>
	ErrorDocument 500 <%=@error_500-%><%#/error/index.html%>
	<%- end -%>
	<%- if defined? @error_502 -%>
	ErrorDocument 502 <%=@error_502-%><%#/error/index.html%>
	<%- end %>
	ProxyPass /assets !
	ProxyPass /error !
	ProxyPass /server-status !
	ProxyPass /favicon.ico !
	ProxyPass /robots.txt !
	ProxyPass /apple-touch-icon.png !
	ProxyPass /apple-touch-icon-72x72.png !
	ProxyPass /apple-touch-icon-114x114.png !
	ProxyPass /apple-touch-icon-144x144.png !

	Alias /assets <%=@assets_path-%>
	<%- end -%>
	ProxyPreserveHost <%=@proxy_preserve_host-%>
	ProxyErrorOverride <%=@proxy_error_override-%>

	<Location />
	<%- if @allow_list.is_a? Hash -%>
	Order deny,allow
	Deny from all
	<%- @allow_list.keys.sort.each do \|key\| -%>
	Allow from <%= @allow_list[key] -%><% if @allow_list[key].length < 7 -%> <% elsif @allow_list[key].length < 15 -%> <% else -%> <% end -%># <%= key -%>
	<%- end -%>
	<%- else %>
	Order allow,deny
	Allow from all

	<%- end %>
	<IfModule mod_headers.c>
	<%-#RequestHeader set Host <%=@app_server_ip percent>
	ProxyPass http://<%=@app_server_ip-%>:<%=@next_port-%><%#8080%>/
	ProxyPassReverse http://<%=@app_server_ip-%>:<%=@next_port-%><%#8080%>/
	ProxyPassReverse https://<%=@app_server_ip-%>:<%=@rev_port-%><%#81%>/
	ProxyPassReverse https://<%=@app_server_ip-%>/

	Header edit Location ^http://<%=@web_external_url-%>(.*)$ https://<%=@web_external_url-%>$1
	</IfModule>

	AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
	BrowserMatch ^Mozilla/4 gzip-only-text/html
	BrowserMatch ^Mozilla/4\.0[678] no-gzip
	BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

	</Location>

	<%- unless @conf_type == 'ssl_compat' -%>
	<Location /error>
	Allow from all
	</Location>

	SetEnvIf User-Agent ".MSIE." \
	nokeepalive ssl-unclean-shutdown \
	downgrade-1.0 force-response-1.0

	Header edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
	<%- end %>
	</VirtualHost>

	<VirtualHost *:80>
	ServerName <%=@web_external_url-%>
	Redirect permanent / https://<%=@web_external_url-%>/
	</VirtualHost>