aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/configure-apache/templates/staging.conf
blob: d7c7507f4efe5eb496911b5c1881e6d362446f09 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

# Managed via ansbile, do not edit!

<VirtualHost *:80>
    ServerName {{ hostname }}
    ServerAdmin webmaster@linaro.org

    CustomLog ${APACHE_LOG_DIR}/{{ hostname }}-access.log combined
    ErrorLog ${APACHE_LOG_DIR}/{{ hostname }}-error.log
    LogLevel info

    DocumentRoot {{ install_base }}/{{ hostname }}

    Alias /bugzilla {{ install_base }}/{{ hostname }}/
    <Directory "{{ install_base }}/{{ hostname }}">
        AddHandler cgi-script cgi
        Options +ExecCGI +FollowSymLinks +Indexes
        DirectoryIndex index.cgi
        AllowOverride Limit FileInfo Indexes Options
        Require all granted
    </Directory>

    ExpiresActive   On
    ExpiresDefault  "access plus 300 seconds"

    ExpiresByType   image/png       "access plus 1 month"
    ExpiresByType   image/jpg       "access plus 1 month"
    ExpiresByType   image/jpeg      "access plus 1 month"
    ExpiresByType   image/x-icon    "access plus 1 month"

    Header append Cache-Control "no-transform"

    <FilesMatch "\.(html|htm)$">
        Header add Cache-Control "must-revalidate"
        SetOutputFilter DEFLATE

        BrowserMatch ^Mozilla/4 gzip-only-text/html
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

        Header append Vary User-Agent env=!dont-vary
    </FilesMatch>

    <FilesMatch "\.(js|css)$">
        Header add Cache-Control "max-age=5356800"
        SetOutputFilter DEFLATE

        BrowserMatch ^Mozilla/4 gzip-only-text/html
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

        Header append Vary User-Agent env=!dont-vary
    </FilesMatch>

    KeepAlive On
    KeepAliveTimeout 9
    MaxKeepAliveRequests 150
</VirtualHost>

<VirtualHost *:443>
    ServerName {{ hostname }}
    ServerAdmin webmaster@linaro.org

    DocumentRoot {{ install_base }}/{{ hostname }}

    <Directory "{{ install_base }}/{{ hostname }}">
        AddHandler cgi-script cgi
        Options +ExecCGI +FollowSymLinks +Indexes
        DirectoryIndex index.cgi index.html
        AllowOverride Limit FileInfo Indexes Options
        Require all granted
    </Directory>

    CustomLog ${APACHE_LOG_DIR}/{{ hostname }}-access.log combined
    ErrorLog ${APACHE_LOG_DIR}/{{ hostname }}-error.log
    LogLevel info

    KeepAlive On
    KeepAliveTimeout 9
    MaxKeepAliveRequests 150

    SSLEngine On
    SSLProtocol All -SSLv2 -SSLv3
    SSLCompression Off
    SSLHonorCipherOrder On
    SSLCipherSuite "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:\
        EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:\
        !aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:\
        CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"

    SSLCertificateFile /etc/ssl/certs/{{ hostname }}.pem
    SSLCertificateKeyFile /etc/ssl/private/{{ hostname }}.key

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "{{ install_base }}/ {{ hostname }}">
        SSLOptions +StdEnvVars 
    </Directory>

    BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown 

    ExpiresActive   On
    ExpiresDefault  "access plus 300 seconds"

    ExpiresByType   image/png       "access plus 1 month"
    ExpiresByType   image/jpg       "access plus 1 month"
    ExpiresByType   image/jpeg      "access plus 1 month"
    ExpiresByType   image/x-icon    "access plus 1 month"

    Header always set Strict-Transport-Security "max-age=63072000"
    Header append Cache-Control "no-transform"

    <FilesMatch "\.(html|htm)$">
        Header add Cache-Control "must-revalidate"
        SetOutputFilter DEFLATE

        BrowserMatch ^Mozilla/4 gzip-only-text/html
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

        Header append Vary User-Agent env=!dont-vary
    </FilesMatch>

    <FilesMatch "\.(js|css)$">
        Header add Cache-Control "max-age=5356800"
        SetOutputFilter DEFLATE

        BrowserMatch ^Mozilla/4 gzip-only-text/html
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

        Header append Vary User-Agent env=!dont-vary
    </FilesMatch>

</VirtualHost>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-10 06:44:49 +0000