-
Notifications
You must be signed in to change notification settings - Fork 25
Expand file tree
/
Copy pathhttp.proxy.conf.j2
More file actions
121 lines (101 loc) · 3.23 KB
/
http.proxy.conf.j2
File metadata and controls
121 lines (101 loc) · 3.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
{% if apache.ssl.enabled %}
<IfModule ssl_module>
{% if ansible_os_family == "RedHat" %}
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
{% endif %}
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
</IfModule>
<VirtualHost _default_:{{ apache.ssl.port }}>
{% else %}
<VirtualHost _default_:{{ apache.port }}>
{% endif %}
{% if apache.behind_ssl_reverse_proxy %}
ServerName https://{{ servername }}
<IfModule shib_module>
ShibURLScheme https
</IfModule>
{% else %}
ServerName {{ servername }}
{% endif %}
{% if apache.ssl.enabled %}
<IfModule ssl_module>
{% if ansible_os_family == "RedHat" %}
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
{% endif %}
LogLevel warn
SSLEngine on
SSLProtocol -all +TLSv1.3
SSLHonorCipherOrder on
SSLCipherSuite kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!DES:!EXP:!SEED:!IDEA:!3DES
{% if apache.ssl.remote_cert %}
SSLCertificateFile {{ apache.ssl.cert }}
SSLCertificateKeyFile {{ apache.ssl.key }}
SSLCertificateChainFile {{ apache.ssl.interm }}
{% elif apache_ssl_cert is defined %}
SSLCertificateFile /etc/pki/tls/certs/{{ apache_ssl_cert }}
SSLCertificateKeyFile /etc/pki/tls/private/{{ apache_ssl_key }}
SSLCertificateChainFile /etc/pki/tls/certs/{{ apache_ssl_interm }}
{% endif %}
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
{% if ansible_os_family == "RedHat" %}
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
{% endif %}
</IfModule>
{% else %}
ErrorLog logs/error_log
TransferLog logs/access_log
{% endif %}
<Location "/prometheus">
ProxyPass "http://localhost:9090/prometheus"
ProxyPassReverse "http://localhost:9090/prometheus"
</Location>
<Location "/grafana">
ProxyPass "http://localhost:3000"
ProxyPassReverse "http://localhost:3000"
</Location>
# custom error document when Glassfish isn't responding
ErrorDocument 503 /503.html
ProxyPassMatch ^/503.html$ !
# don't pass paths used by rApache and TwoRavens to Glassfish
ProxyPassMatch ^/RApacheInfo$ !
ProxyPassMatch ^/custom !
ProxyPassMatch ^/dataexplore !
# allow munin
ProxyPassMatch ^/munin !
# allow guides
ProxyPassMatch ^/en !
{% if schemaspy.enabled == true %}
# allow schemaspy
ProxyPassMatch ^/schemaspy !
{% endif %}
{% if dataverse.previewers.on_same_server %}
# allow previewers
ProxyPassMatch ^/dataverse-previewers !
{% endif %}
{% if shibboleth.enabled %}
<IfModule mod_shib>
# don't pass paths used by Shibboleth to Glassfish
ProxyPassMatch ^/Shibboleth.sso !
ProxyPassMatch ^/shibboleth-ds !
ProxyPassMatch ^/shibboleth-sp !
<Location /shib.xhtml>
AuthType shibboleth
ShibRequestSetting requireSession 1
require shibboleth
</Location>
</IfModule>
{% endif %}
# pass everything else to Glassfish
ProxyPass / ajp://localhost:8009/
</VirtualHost>