blob: 38b267c604b2dccf0832bb4e992fb0b027d15fbc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
WSGIRestrictEmbedded On
WSGILazyInitialization On
<VirtualHost *:80>
ServerName {{ site_name }}
ServerAdmin webmaster@linaro.org
Redirect permanent / https://{{ site_name }}
</VirtualHost>
<VirtualHost *:443>
ServerName {{ site_name }}
ServerAdmin webmaster@linaro.org
CustomLog ${APACHE_LOG_DIR}/{{ site_name }}-access.log combined
ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}-error.log
{% if role == 'staging' %}
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (googlebot|bingbot|Baiduspider) [NC]
RewriteRule .* - [R=403,L]
{% endif %}
KeepAlive On
KeepAliveTimeout 9
MaxKeepAliveRequests 150
SSLEngine On
SSLProtocol All -SSLv2 -SSLv3
SSLCompression Off
SSLHonorCipherOrder On
SSLOptions +StdEnvVars
SSLCipherSuite "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:\
EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:\
!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:\
CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
{% if role == 'staging' %}
SSLCertificateFile /etc/ssl/certs/{{ site_name }}.pem
SSLCertificateKeyFile /etc/ssl/certs/{{ site_name }}.key
{% endif %}
{% if site_function == 'roadmap' %}
SSLCertificateFile /etc/ssl/certs/{{ site_name }}.pem
SSLCertificateKeyFile /etc/ssl/certs/{{ site_name }}.pem
SSLCACertificateFile /etc/ssl/certs/gd_bundle.crt
{% else %}
SSLCertificateFile /etc/ssl/certs/{{ site_name }}.crt
SSLCertificateKeyFile /etc/ssl/certs/{{ site_name }}.key
SSLCACertificateFile /etc/ssl/certs/gd_bundle.crt
{% endif %}
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
WSGIDaemonProcess {{ wsgi_daemon }}
WSGIProcessGroup {{ wsgi_daemon }}
WSGIScriptAlias / {{ install_base }}/{{ install_dir }}/{{ wsgi_name }}
WSGIApplicationGroup %{GLOBAL}
{% if site_function == 'roadmap' %}
RewriteEngine On
RewriteRule ^/$ /roadmap [R]
{% endif %}
ExpiresActive On
ExpiresDefault "access plus 300 seconds"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
Header always set Strict-Transport-Security "max-age=63072000"
Header append Cache-Control "no-transform"
<FilesMatch "\.(html|htm)$">
Header add Cache-Control "must-revalidate"
</FilesMatch>
<FilesMatch "\.(js|css)$">
Header add Cache-Control "max-age=604800"
</FilesMatch>
Alias /static/ /var/www/{{ install_dir }}/static/
<Location "/static/">
Options -Indexes
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary
</Location>
</VirtualHost>
|