Mercurial > hg > soundsoftware-site

annotate deploy/config/code-ssl.conf.in @ 1601:07deb8466f65 deploy

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
More provisioning docs/tweaks
author Chris Cannam
date Thu, 24 Aug 2017 14:25:03 +0100
parents
children 18643ab36008
rev   line source
Chris@1601 1
Chris@1601 2 # Apache config with SSL and admin auth stubbed in. You must provide
Chris@1601 3 # the key/cert and auth files.
Chris@1601 4
Chris@1601 5 # Note this has been updated for Apache 2.4, which introduced a number
Chris@1601 6 # of (welcome) changes to access control directives.
Chris@1601 7
Chris@1601 8 PerlLoadModule Apache::Authn::SoundSoftware
Chris@1601 9
Chris@1601 10 <VirtualHost *:80>
Chris@1601 11 ServerName code.soundsoftware.ac.uk
Chris@1601 12 ServerAdmin chris.cannam@soundsoftware.ac.uk
Chris@1601 13
Chris@1601 14 DocumentRoot /var/www/code/public
Chris@1601 15 PassengerRestartDir restart_files
Chris@1601 16 PassengerHighPerformance on
Chris@1601 17 PassengerMaxRequests 50000
Chris@1601 18 PassengerStatThrottleRate 5
Chris@1601 19 PassengerFriendlyErrorPages off
Chris@1601 20 RailsSpawnMethod smart
Chris@1601 21 ExpiresDefault "access plus 1 minute"
Chris@1601 22
Chris@1601 23 # Redirect all activity to secure site
Chris@1601 24 Redirect seeother / "https://code.soundsoftware.ac.uk/"
Chris@1601 25
Chris@1601 26 <DirectoryMatch "^/.*/\.svn/">
Chris@1601 27 Require all denied
Chris@1601 28 </DirectoryMatch>
Chris@1601 29
Chris@1601 30 <DirectoryMatch "^/.*/\.hg/">
Chris@1601 31 Require all denied
Chris@1601 32 </DirectoryMatch>
Chris@1601 33
Chris@1601 34 <DirectoryMatch "^/.*/\.git/">
Chris@1601 35 Require all denied
Chris@1601 36 </DirectoryMatch>
Chris@1601 37
Chris@1601 38 <Directory /var/www/code/public>
Chris@1601 39 Options -MultiViews
Chris@1601 40 </Directory>
Chris@1601 41
Chris@1601 42 ErrorLog /var/log/apache2/code-error.log
Chris@1601 43 CustomLog /var/log/apache2/code-access.log vhost_combined
Chris@1601 44
Chris@1601 45 LogLevel warn
Chris@1601 46 ServerSignature Off
Chris@1601 47 </VirtualHost>
Chris@1601 48
Chris@1601 49 <VirtualHost *:80>
Chris@1601 50 ServerName code.soundsoftware.ac.uk
Chris@1601 51 ServerAdmin chris.cannam@soundsoftware.ac.uk
Chris@1601 52
Chris@1601 53 DocumentRoot /var/www/code/public
Chris@1601 54 PassengerRestartDir restart_files
Chris@1601 55 PassengerHighPerformance on
Chris@1601 56 PassengerMaxRequests 50000
Chris@1601 57 PassengerStatThrottleRate 5
Chris@1601 58 PassengerStartTimeout 60
Chris@1601 59 PassengerFriendlyErrorPages off
Chris@1601 60 RailsSpawnMethod smart
Chris@1601 61 ExpiresDefault "access plus 1 minute"
Chris@1601 62
Chris@1601 63 <Location /sys>
Chris@1601 64 AuthType Basic
Chris@1601 65 AuthUserFile "/etc/apache2/auth/user.htpasswd"
Chris@1601 66 AuthName "code.soundsoftware.ac.uk"
Chris@1601 67 Require user user
Chris@1601 68 </Location>
Chris@1601 69
Chris@1601 70 <Location /admin>
Chris@1601 71 AuthType Digest
Chris@1601 72 AuthUserFile "/etc/apache2/auth/admin.htdigest"
Chris@1601 73 AuthName "code.soundsoftware.ac.uk admin interface"
Chris@1601 74 Require user admin
Chris@1601 75 </Location>
Chris@1601 76
Chris@1601 77 <DirectoryMatch "^/.*/\.svn/">
Chris@1601 78 Require all denied
Chris@1601 79 </DirectoryMatch>
Chris@1601 80
Chris@1601 81 <DirectoryMatch "^/.*/\.hg/">
Chris@1601 82 Require all denied
Chris@1601 83 </DirectoryMatch>
Chris@1601 84
Chris@1601 85 <DirectoryMatch "^/.*/\.git/">
Chris@1601 86 Require all denied
Chris@1601 87 </DirectoryMatch>
Chris@1601 88
Chris@1601 89 <Directory /var/www/code/public>
Chris@1601 90 Options -MultiViews
Chris@1601 91 </Directory>
Chris@1601 92
Chris@1601 93 <Directory /var/www/code/public/themes/soundsoftware/stylesheets/fonts>
Chris@1601 94 # Avoid other sites embedding our fonts
Chris@1601 95 RewriteEngine on
Chris@1601 96 RewriteCond %{HTTP_REFERER} !^$
Chris@1601 97 RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC]
Chris@1601 98 RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F]
Chris@1601 99 </Directory>
Chris@1601 100
Chris@1601 101 ScriptAlias /hg "/var/hg/index.cgi"
Chris@1601 102
Chris@1601 103 <Location /hg>
Chris@1601 104 AuthName "Mercurial"
Chris@1601 105 AuthType Basic
Chris@1601 106 Require valid-user
Chris@1601 107 PerlAccessHandler Apache::Authn::SoundSoftware::access_handler
Chris@1601 108 PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler
Chris@1601 109 PerlSetVar HTTPS "on"
Chris@1601 110 SoundSoftwareDSN "dbi:Pg:database=code;host=localhost"
Chris@1601 111 SoundSoftwareDbUser "code"
Chris@1601 112 SoundSoftwareDbPass "INSERT_DATABASE_PASSWORD_HERE"
Chris@1601 113 SoundSoftwareRepoPrefix "/var/hg/"
Chris@1601 114 SoundSoftwareSslRequired "on"
Chris@1601 115 Options +ExecCGI
Chris@1601 116 AddHandler cgi-script .cgi
Chris@1601 117 ExpiresDefault now
Chris@1601 118 </Location>
Chris@1601 119
Chris@1601 120 Alias /git "/var/files/git-mirror"
Chris@1601 121
Chris@1601 122 <Directory "/var/files/git-mirror">
Chris@1601 123 Options -Indexes +FollowSymLinks
Chris@1601 124 Require all granted
Chris@1601 125 </Directory>
Chris@1601 126 <Directory ~ "/var/files/git-mirror/.*\.workdir">
Chris@1601 127 Require all denied
Chris@1601 128 </Directory>
Chris@1601 129 <Directory ~ "/var/files/git-mirror/__.*">
Chris@1601 130 Require all denied
Chris@1601 131 </Directory>
Chris@1601 132
Chris@1601 133 ErrorLog /var/log/apache2/code-error.log
Chris@1601 134 CustomLog /var/log/apache2/code-access.log vhost_combined
Chris@1601 135
Chris@1601 136 LogLevel warn
Chris@1601 137 ServerSignature Off
Chris@1601 138
Chris@1601 139 </VirtualHost>
Chris@1601 140