JensWH/netz39-infra-ansible
1
0
Fork 0
forked from Netz39_Admin/netz39-infra-ansible
Code Pull requests Activity
netz39-infra-ansible/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
Stefan Haun f9197221c8 🔧 Setup Apache proxy pass for sites with invalid URIs 
This is a setup according to https://www.rabbitmq.com/management.html#proxy
which solves a problem with RabbitMQ encoding vhost names in a non-standard
way.

As this setting does not hurt other sites, we can introduce it into the
general template.
2022-09-06 15:35:50 +02:00

57 lines
2.3 KiB
Django/Jinja
Raw Blame History

{% if 'address' in ansible_default_ipv6 %}
<VirtualHost {{ ansible_default_ipv4.address }}:80 [{{ ansible_default_ipv6.address }}]:80>
{% else %}
<VirtualHost {{ ansible_default_ipv4.address }}:80>
{% endif %}
ServerAdmin {{ server_admin }}
ServerName {{ site_name }}
ServerAlias {{ site_name }}
ErrorLog /var/log/apache2/{{ site_name }}-error.log
CustomLog /var/log/apache2/{{ site_name }}-access.log common
Alias /.well-known/acme-challenge /usr/local/etc/dehydrated/challenge
<ifmodule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</ifmodule>
</VirtualHost>
<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem>
<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem>
<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem>
{% if 'address' in ansible_default_ipv6 %}
<VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address }}]:443>
{% else %}
<VirtualHost {{ ansible_default_ipv4.address }}:443>
{% endif %}
ServerAdmin {{ server_admin }}
ServerName {{ site_name }}
ServerAlias {{ site_name }}
ErrorLog /var/log/apache2/{{ site_name }}-error.log
CustomLog /var/log/apache2/{{ site_name }}-access.log common
SSLEngine on
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLCertificateFile /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem
SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem
SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem
AllowEncodedSlashes NoDecode
ProxyPass / http://{{ backend_host | default("localhost") }}:{{proxy_port}}/ nocanon
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
<ifmodule mod_rewrite.c>
# see documentation of wstunnel: This allwos generic websocket passthrough
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://{{ backend_host | default("localhost") }}:{{ proxy_port }}/$1" [P,L]
</ifmodule>
</VirtualHost>
</IfFile>
</IfFile>
</IfFile>
View git blame Copy permalink