netz39-infra-ansible/roles/setup_http_site_proxy/templates/apache-docker-proxy-site.j2

{% if 'address' in ansible_default_ipv6 %}
<VirtualHost {{ ansible_default_ipv4.address }}:80 [{{ ansible_default_ipv6.address }}]:80>
{% else %}
<VirtualHost {{ ansible_default_ipv4.address }}:80>
{% endif %}
    ServerAdmin {{ server_admin }}
    ServerName {{ site_name }}
    ServerAlias {{ site_name }}
    ErrorLog /var/log/apache2/{{ site_name }}-error.log
    CustomLog /var/log/apache2/{{ site_name }}-access.log common

    Alias /.well-known/acme-challenge {{ dehydrated_wellknown_dir }}

    <ifmodule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    </ifmodule>
</VirtualHost>

<IfFile {{dehydrated_certs_dir}}/{{ site_name }}/cert.pem>
<IfFile {{dehydrated_certs_dir}}/{{ site_name }}/privkey.pem>
<IfFile {{dehydrated_certs_dir}}/{{ site_name }}/chain.pem>
{% if 'address' in ansible_default_ipv6 %}
<VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address }}]:443>
{% else %}
<VirtualHost {{ ansible_default_ipv4.address }}:443>
{% endif %}
    ServerAdmin {{ server_admin }}
    ServerName {{ site_name }}
    ServerAlias {{ site_name }}

    ErrorLog /var/log/apache2/{{ site_name }}-error.log
    CustomLog /var/log/apache2/{{ site_name }}-access.log common

    SSLEngine on
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    SSLCertificateFile    {{dehydrated_certs_dir}}/{{ site_name }}/cert.pem
    SSLCertificateKeyFile {{dehydrated_certs_dir}}/{{ site_name }}/privkey.pem
    SSLCertificateChainFile {{dehydrated_certs_dir}}/{{ site_name }}/chain.pem

{% if proxy_port %}
    AllowEncodedSlashes NoDecode
    ProxyPass / http://{{ backend_host | default("localhost") }}:{{proxy_port}}/ nocanon
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
    RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

    <ifmodule mod_rewrite.c>
        # see documentation of wstunnel: This allwos generic websocket passthrough
        RewriteEngine On
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteRule ^/?(.*) "ws://{{ backend_host | default("localhost") }}:{{ proxy_port }}/$1" [P,L]
    </ifmodule>
{% else %}
    Redirect 404 /
{% endif %}
</VirtualHost>
</IfFile>
</IfFile>
</IfFile>
:bug: Fix template for missing IPv6 on apache-docker-proxy 2022-08-04 17:32:23 +02:00			`{% if 'address' in ansible_default_ipv6 %}`
Add IPv6 addresses to HTTP virtual hosts 2020-12-06 13:22:54 +01:00			`<VirtualHost {{ ansible_default_ipv4.address }}:80 [{{ ansible_default_ipv6.address }}]:80>`
:bug: Fix template for missing IPv6 on apache-docker-proxy 2022-08-04 17:32:23 +02:00			`{% else %}`
			`<VirtualHost {{ ansible_default_ipv4.address }}:80>`
			`{% endif %}`
Add httpd setup and role for docker proxy in Apache2 2020-11-23 16:25:40 +01:00			`ServerAdmin {{ server_admin }}`
			`ServerName {{ site_name }}`
			`ServerAlias {{ site_name }}`
			`ErrorLog /var/log/apache2/{{ site_name }}-error.log`
			`CustomLog /var/log/apache2/{{ site_name }}-access.log common`

:sparkles: Use variables to configure dehydrated locations These variables match https://github.com/24367dfa/ansible-role-dehydrated 2022-09-08 15:41:36 +02:00			`Alias /.well-known/acme-challenge {{ dehydrated_wellknown_dir }}`
Add missing alias to proxy site 2020-12-04 18:54:21 +01:00
Add httpd setup and role for docker proxy in Apache2 2020-11-23 16:25:40 +01:00			`<ifmodule mod_rewrite.c>`
			`RewriteEngine On`
			`RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/`
			`RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]`
			`</ifmodule>`
			`</VirtualHost>`

:bug: Fix proxy site template These are errors from a bodged PR (my bad) that has been merged too early. 2022-09-14 23:24:55 +02:00			`<IfFile {{dehydrated_certs_dir}}/{{ site_name }}/cert.pem>`
			`<IfFile {{dehydrated_certs_dir}}/{{ site_name }}/privkey.pem>`
			`<IfFile {{dehydrated_certs_dir}}/{{ site_name }}/chain.pem>`
:bug: Fix template for missing IPv6 on apache-docker-proxy 2022-08-04 17:32:23 +02:00			`{% if 'address' in ansible_default_ipv6 %}`
Add IPv6 addresses to HTTP virtual hosts 2020-12-06 13:22:54 +01:00			`<VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address }}]:443>`
:bug: Fix template for missing IPv6 on apache-docker-proxy 2022-08-04 17:32:23 +02:00			`{% else %}`
			`<VirtualHost {{ ansible_default_ipv4.address }}:443>`
			`{% endif %}`
Add httpd setup and role for docker proxy in Apache2 2020-11-23 16:25:40 +01:00			`ServerAdmin {{ server_admin }}`
			`ServerName {{ site_name }}`
			`ServerAlias {{ site_name }}`

			`ErrorLog /var/log/apache2/{{ site_name }}-error.log`
			`CustomLog /var/log/apache2/{{ site_name }}-access.log common`

			`SSLEngine on`
			`SetEnvIf User-Agent ".MSIE." nokeepalive ssl-unclean-shutdown`
:bug: Fix proxy site template These are errors from a bodged PR (my bad) that has been merged too early. 2022-09-14 23:24:55 +02:00			`SSLCertificateFile {{dehydrated_certs_dir}}/{{ site_name }}/cert.pem`
			`SSLCertificateKeyFile {{dehydrated_certs_dir}}/{{ site_name }}/privkey.pem`
			`SSLCertificateChainFile {{dehydrated_certs_dir}}/{{ site_name }}/chain.pem`
Add httpd setup and role for docker proxy in Apache2 2020-11-23 16:25:40 +01:00
:bug: Fix proxy site template These are errors from a bodged PR (my bad) that has been merged too early. 2022-09-14 23:24:55 +02:00			`{% if proxy_port %}`
:wrench: Setup Apache proxy pass for sites with invalid URIs This is a setup according to https://www.rabbitmq.com/management.html#proxy which solves a problem with RabbitMQ encoding vhost names in a non-standard way. As this setting does not hurt other sites, we can introduce it into the general template. 2022-09-06 15:35:50 +02:00			`AllowEncodedSlashes NoDecode`
			`ProxyPass / http://{{ backend_host \| default("localhost") }}:{{proxy_port}}/ nocanon`
Add proxy headers 2022-07-04 13:59:13 +02:00			`RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}`
			`RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}`

Add rewrite rules for websockets 2022-07-04 14:01:09 +02:00			`<ifmodule mod_rewrite.c>`
			`# see documentation of wstunnel: This allwos generic websocket passthrough`
			`RewriteEngine On`
			`RewriteCond %{HTTP:Upgrade} websocket [NC]`
			`RewriteCond %{HTTP:Connection} upgrade [NC]`
			`RewriteRule ^/?(.*) "ws://{{ backend_host \| default("localhost") }}:{{ proxy_port }}/$1" [P,L]`
			`</ifmodule>`
:bug: Fix proxy site template These are errors from a bodged PR (my bad) that has been merged too early. 2022-09-14 23:24:55 +02:00			`{% else %}`
:sparkles: Enable setup-http-site-proxy with missing proxy target If no proxy port is defined, only the dehydrated HTTP endpoint is created and the HTTPS endpoint returns 404. 2022-09-08 15:43:54 +02:00			`Redirect 404 /`
:bug: Fix proxy site template These are errors from a bodged PR (my bad) that has been merged too early. 2022-09-14 23:24:55 +02:00			`{% endif %}`
Add httpd setup and role for docker proxy in Apache2 2020-11-23 16:25:40 +01:00			`</VirtualHost>`
Enable HTTPS sites only when cert exists 2020-12-12 16:26:12 +01:00			`</IfFile>`
Make cert availability check more robust 2022-07-04 14:01:33 +02:00			`</IfFile>`
			`</IfFile>`