system-config/playbooks/roles/ptgbot/templates/ptgbot.vhost.config.j2
Ian Wienand 051aee9f16 ptgbot: have apache cache backend
The static server in the ptgbot container is very simple; it will be
much better to have apache caching the files which essentially never
change.

Change-Id: I8056d8c529c60f4b95aaca549528b6aa8465fa78
2021-10-15 11:23:24 +11:00

61 lines
1.6 KiB
Django/Jinja

<VirtualHost *:80>
ServerName ptg.opendev.org
ServerAlias ptg.openstack.org
ServerAlias ptgbot.opendev.org
ServerAdmin infra-root@openstack.org
ErrorLog ${APACHE_LOG_DIR}/ptg-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ptg-access.log combined
Redirect / https://ptg.opendev.org/
</VirtualHost>
<VirtualHost *:443>
ServerName ptg.opendev.org
ServerAlias ptg.openstack.org
ServerAlias ptgbot.opendev.org
ServerAdmin infra-root@openstack.org
RewriteEngine On
RewriteCond %{HTTP_HOST} !^ptg\.opendev\.org [nocase]
RewriteRule ^/(.*) https://ptg.opendev.org/$1 [last,redirect=permanent]
AllowEncodedSlashes On
ErrorLog ${APACHE_LOG_DIR}/ptg-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ptg-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt-certs/ptg.opendev.org/ptg.opendev.org.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/ptg.opendev.org/ptg.opendev.org.key
SSLCertificateChainFile /etc/letsencrypt-certs/ptg.opendev.org/ca.cer
# Enable SHM backend
CacheSocache shmcb
# disk fallback
CacheRoot "/var/cache/apache2/proxy"
# required to match on rewrites
CacheQuickHandler off
# don't pass requests to backend
CacheIgnoreCacheControl On
CacheEnable socache /
CacheEnable disk /
ProxyPass / http://localhost:8000/ retry=0
ProxyPassReverse / http://localhost:8000/
</VirtualHost>