f0b77485ec
Zuul is publishing lovely container images, so we should go ahead and start using them. We can't use containers for zuul-executor because of the docker->bubblewrap->AFS issue, so install from pip there. Don't start any of the containers by default, which should let us safely roll this out and then do a rolling restart. For things (like web or mergers) where it's safe to do so, a followup change will swap the flag. Change-Id: I37dcce3a67477ad3b2c36f2fd3657af18bc25c40
72 lines
2.0 KiB
Django/Jinja
72 lines
2.0 KiB
Django/Jinja
<VirtualHost *:80>
|
|
ServerName zuul.opendev.org
|
|
ServerAdmin webmaster@openstack.org
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/zuul-error.log
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/zuul-access.log combined
|
|
|
|
Redirect / https://zuul.opendev.org/
|
|
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName zuul.opendev.org
|
|
ServerAdmin webmaster@openstack.org
|
|
|
|
AllowEncodedSlashes On
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/zuul-ssl-error.log
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/zuul-ssl-access.log combined
|
|
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Note: this list should ensure ciphers that provide forward secrecy
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
|
|
SSLCertificateFile /etc/letsencrypt-certs/zuul.opendev.org/zuul.opendev.org.cer
|
|
SSLCertificateKeyFile /etc/letsencrypt-certs/zuul.opendev.org/zuul.opendev.org.key
|
|
SSLCertificateChainFile /etc/letsencrypt-certs/zuul.opendev.org/ca.cer
|
|
|
|
BrowserMatch "MSIE [2-6]" \
|
|
nokeepalive ssl-unclean-shutdown \
|
|
downgrade-1.0 force-response-1.0
|
|
# MSIE 7 and newer should be able to use keepalive
|
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
|
|
|
RewriteEngine on
|
|
|
|
RewriteRule ^/api/tenant/(.*)/console-stream ws://127.0.0.1:9000/api/tenant/$1/console-stream [P,L]
|
|
RewriteRule ^/(.*)$ http://127.0.0.1:9000/$1 [P,L]
|
|
|
|
AddOutputFilterByType DEFLATE application/json
|
|
|
|
<IfModule mod_cache.c>
|
|
CacheDefaultExpire 5
|
|
<IfModule mod_mem_cache.c>
|
|
# TODO: Should we cache the rest of the API too?
|
|
CacheEnable mem /api/status
|
|
# 12MByte total cache size.
|
|
MCacheSize 12288
|
|
MCacheMaxObjectCount 10
|
|
MCacheMinObjectSize 1
|
|
# 8MByte max size per cache entry
|
|
MCacheMaxObjectSize 8388608
|
|
MCacheMaxStreamingBuffer 8388608
|
|
</IfModule>
|
|
<IfModule mod_cache_disk.c>
|
|
CacheEnable disk /api/status
|
|
CacheRoot /var/cache/apache2/mod_cache_disk
|
|
CacheMaxFileSize 10000000
|
|
</IfModule>
|
|
</IfModule>
|
|
</VirtualHost>
|
|
</IfModule>
|