forked from openSUSE/open-build-service
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathobs-apache2.conf
119 lines (90 loc) · 3.57 KB
/
obs-apache2.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
Listen 82
# May needed on old distributions or after an update from them.
#Listen 443
# Passenger defaults
PassengerSpawnMethod "smart"
PassengerMaxPoolSize 20
#RailsEnv "development"
# allow long request urls and being part of headers
LimitRequestLine 20000
LimitRequestFieldsize 20000
# Just the overview page
<VirtualHost *:80>
# just give an overview about this OBS instance via static web page
DocumentRoot "/srv/www/obs/overview"
<Directory /srv/www/obs/overview>
Options Indexes
Allow from all
</Directory>
</VirtualHost>
# Build Results
<VirtualHost *:82>
# The resulting repositories
DocumentRoot "/srv/obs/repos"
<Directory /srv/obs/repos>
Options Indexes FollowSymLinks
Allow from all
</Directory>
</VirtualHost>
# OBS WEBUI & API
<VirtualHost *:443>
ServerName api
# General setup for the virtual host
DocumentRoot "/srv/www/obs/api/public"
ErrorLog /srv/www/obs/api/log/apache_error.log
TransferLog /srv/www/obs/api/log/apache_access.log
# Enable maintenance mode. All requests will be redirected
# to the maintenance page and return 503 as http status.
# Start your apache with -D MAINTENANCE to enable this.
# On (open)SUSE you can do this by setting
# APACHE_SERVER_FLAGS="MAINTENANCE" in /etc/sysconfig/apache
<IfDefine MAINTENANCE>
ErrorDocument 503 /503.html
RewriteEngine on
RewriteCond %{REQUEST_URI} !=/503.html
RewriteCond %{REQUEST_URI} !=/obs-down.png
RewriteRule ^ - [R=503,L]
</IfDefine>
PassengerMinInstances 2
PassengerPreStart https://api
SSLEngine on
# SSL protocols
# Supporting TLS only is adequate nowadays
SSLProtocol all -SSLv2 -SSLv3
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# We disable weak ciphers by default.
# See the mod_ssl documentation or "openssl ciphers -v" for a
# complete list.
SSLCipherSuite ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH
SSLCertificateFile /srv/obs/certs/server.crt
SSLCertificateKeyFile /srv/obs/certs/server.key
<Directory /srv/www/obs/api/public>
AllowOverride all
Options -MultiViews
# This requires mod_xforward loaded in apache
# Enable the usage via options.yml
# This will decrease the load due to long running requests a lot (unloading from rails stack)
XForward on
Allow from all
# Uncomment this if you're on Apache >= 2.4:
#Require all granted
</Directory>
SetEnvIf User-Agent ".*MSIE [1-5].*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
# from http://guides.rubyonrails.org/asset_pipeline.html
<LocationMatch "^/assets/.*$">
Header unset ETag
FileETag None
# RFC says only cache for 1 year
ExpiresActive On
ExpiresDefault "access plus 1 year"
</LocationMatch>
SetEnvIf User-Agent ".*MSIE [1-5].*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
## Older firefox versions needs this, otherwise it wont cache anything over SSL.
Header append Cache-Control "public"
</VirtualHost>