Mercurial > hg > soundsoftware-site
diff deploy/config/code-ssl.conf.in @ 1601:07deb8466f65 deploy
More provisioning docs/tweaks
| author | Chris Cannam |
|---|---|
| date | Thu, 24 Aug 2017 14:25:03 +0100 |
| parents | |
| children | 18643ab36008 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/code-ssl.conf.in Thu Aug 24 14:25:03 2017 +0100 @@ -0,0 +1,140 @@ + +# Apache config with SSL and admin auth stubbed in. You must provide +# the key/cert and auth files. + +# Note this has been updated for Apache 2.4, which introduced a number +# of (welcome) changes to access control directives. + +PerlLoadModule Apache::Authn::SoundSoftware + +<VirtualHost *:80> + ServerName code.soundsoftware.ac.uk + ServerAdmin chris.cannam@soundsoftware.ac.uk + + DocumentRoot /var/www/code/public + PassengerRestartDir restart_files + PassengerHighPerformance on + PassengerMaxRequests 50000 + PassengerStatThrottleRate 5 + PassengerFriendlyErrorPages off + RailsSpawnMethod smart + ExpiresDefault "access plus 1 minute" + + # Redirect all activity to secure site + Redirect seeother / "https://code.soundsoftware.ac.uk/" + + <DirectoryMatch "^/.*/\.svn/"> + Require all denied + </DirectoryMatch> + + <DirectoryMatch "^/.*/\.hg/"> + Require all denied + </DirectoryMatch> + + <DirectoryMatch "^/.*/\.git/"> + Require all denied + </DirectoryMatch> + + <Directory /var/www/code/public> + Options -MultiViews + </Directory> + + ErrorLog /var/log/apache2/code-error.log + CustomLog /var/log/apache2/code-access.log vhost_combined + + LogLevel warn + ServerSignature Off +</VirtualHost> + +<VirtualHost *:80> + ServerName code.soundsoftware.ac.uk + ServerAdmin chris.cannam@soundsoftware.ac.uk + + DocumentRoot /var/www/code/public + PassengerRestartDir restart_files + PassengerHighPerformance on + PassengerMaxRequests 50000 + PassengerStatThrottleRate 5 + PassengerStartTimeout 60 + PassengerFriendlyErrorPages off + RailsSpawnMethod smart + ExpiresDefault "access plus 1 minute" + + <Location /sys> + AuthType Basic + AuthUserFile "/etc/apache2/auth/user.htpasswd" + AuthName "code.soundsoftware.ac.uk" + Require user user + </Location> + + <Location /admin> + AuthType Digest + AuthUserFile "/etc/apache2/auth/admin.htdigest" + AuthName "code.soundsoftware.ac.uk admin interface" + Require user admin + </Location> + + <DirectoryMatch "^/.*/\.svn/"> + Require all denied + </DirectoryMatch> + + <DirectoryMatch "^/.*/\.hg/"> + Require all denied + </DirectoryMatch> + + <DirectoryMatch "^/.*/\.git/"> + Require all denied + </DirectoryMatch> + + <Directory /var/www/code/public> + Options -MultiViews + </Directory> + + <Directory /var/www/code/public/themes/soundsoftware/stylesheets/fonts> + # Avoid other sites embedding our fonts + RewriteEngine on + RewriteCond %{HTTP_REFERER} !^$ + RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC] + RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F] + </Directory> + + ScriptAlias /hg "/var/hg/index.cgi" + + <Location /hg> + AuthName "Mercurial" + AuthType Basic + Require valid-user + PerlAccessHandler Apache::Authn::SoundSoftware::access_handler + PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler + PerlSetVar HTTPS "on" + SoundSoftwareDSN "dbi:Pg:database=code;host=localhost" + SoundSoftwareDbUser "code" + SoundSoftwareDbPass "INSERT_DATABASE_PASSWORD_HERE" + SoundSoftwareRepoPrefix "/var/hg/" + SoundSoftwareSslRequired "on" + Options +ExecCGI + AddHandler cgi-script .cgi + ExpiresDefault now + </Location> + + Alias /git "/var/files/git-mirror" + + <Directory "/var/files/git-mirror"> + Options -Indexes +FollowSymLinks + Require all granted + </Directory> + <Directory ~ "/var/files/git-mirror/.*\.workdir"> + Require all denied + </Directory> + <Directory ~ "/var/files/git-mirror/__.*"> + Require all denied + </Directory> + + ErrorLog /var/log/apache2/code-error.log + CustomLog /var/log/apache2/code-access.log vhost_combined + + LogLevel warn + ServerSignature Off + +</VirtualHost> +