SUNET/soc-ops
9
0
Fork 1
Code Activity
soc-ops/global/overlay/etc/puppet/modules/soc/templates/intelmq/intelmq-vhost.conf.erb

125 lines
4.6 KiB
Text
Raw Blame History

<VirtualHost *:80>
ServerName <%= @servername %>
ServerAdmin cert@cert.sunet.se
DocumentRoot /var/www/html
RewriteEngine On
RewriteRule ^(.*)$ https://<%= @servername %>/$1 [R,L]
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName <%= @servername %>
ServerAdmin cert@cert.sunet.se
SSLEngine on
<% if @use_snakeoil -%>
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<% else -%>
SSLCertificateFile <%= @tls_cert %>
SSLCertificateKeyFile <%= @tls_key %>
SSLCertificateChainFile <%= @tls_chain %>
<% end -%>
SSLCACertificatePath /etc/ssl/certs/
SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt
Protocols h2 http/1.1
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
SSLHonorCipherOrder off
SSLSessionTickets off
Header always set Strict-Transport-Security "max-age=63072000"
<Location />
<% if @use_shib -%>
AuthType shibboleth
ShibRequestSetting requireSession On
ShibUseHeaders On
AuthGroupFile /etc/apache2/groups.txt
Require group <%= @apache_group %>
<% else -%>
Require all granted
<% end -%>
</Location>
<IfModule mod_proxy.c>
ProxyRequests Off
<Location "/api">
ProxyPass "http://127.0.0.1:8666/api"
ProxyPassReverse "http://127.0.0.1:8666/api"
Header always set X-DEBUG-PATH "/api"
</Location>
</IfModule>
# RewriteEngine on
# RewriteCond %{REQUEST_URI} !^/(index.html|static|api|intelmq-webinput)
# RewriteRule .* /index.html [PT]
DocumentRoot /opt/intelmq/www/fody
<Directory /opt/intelmq/www/fody>
<IfModule mod_headers.c>
Header set Content-Security-Policy "script-src 'self'"
Header set X-Content-Security-Policy "script-src 'self'"
</IfModule>
Require all granted
Options FollowSymLinks
</Directory>
Alias /intelmq-manager /opt/intelmq/www/intelmq-manager
<Directory /opt/intelmq/www/intelmq-manager>
<% if @use_shib -%>
AuthType shibboleth
ShibRequestSetting requireSession On
ShibUseHeaders On
AuthGroupFile /etc/apache2/groups.txt
Require group <%= @apache_group %>
<% else -%>
Require all granted
<% end -%>
<IfModule mod_headers.c>
Header set Content-Security-Policy "script-src 'self'"
Header set X-Content-Security-Policy "script-src 'self'"
</IfModule>
</Directory>
<Location /intelmq/>
ProxyPass unix:/var/run/intelmq_api.sock|http://127.0.0.1:8081/
ProxyPassReverse unix:/var/run/intelmq_api.sock|http://127.0.0.1:8081/
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Listen 127.0.0.1:8666
<VirtualHost 127.0.0.1:8666>
ServerAdmin cert@cert.sunet.se
DocumentRoot /opt/intelmq/venv/lib/python3.11/site-packages/intelmq_fody_backend
WSGIDaemonProcess www-fody threads=1 maximum-requests=10000 python-home=/opt/intelmq/venv python-path=/opt/intelmq/venv/lib/python3.11/site-packages
WSGIScriptAlias / /opt/intelmq/venv/lib/python3.11/site-packages/intelmq_fody_backend/serve.py
WSGICallableObject __hug_wsgi__
WSGIPassAuthorization On
WSGIApplicationGroup %{GLOBAL}
<Directory /opt/intelmq/venv/lib/python3.11/site-packages/intelmq_fody_backend>
<IfModule mod_headers.c>
Header set Content-Security-Policy "script-src 'self'"
Header set X-Content-Security-Policy "script-src 'self'"
</IfModule>
Require all granted
Options FollowSymLinks
</Directory>
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/fody-backend-error.log
#CustomLog ${APACHE_LOG_DIR}/fody-backend-access.log combined
# combined + logging the time taken to serve the request in microseconds
CustomLog ${APACHE_LOG_DIR}/fody-backend-access.log "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %{ms}T"
</VirtualHost>
View git blame Copy permalink