Remove global apache certs and implement optional domain specific redirects of aliases

3d8aa7f8 · jurgenhaas · f06a6237 · 3d8aa7f8
Commit 3d8aa7f8 authored 8 years ago by jurgenhaas
--- a/templates/vhost.conf
+++ b/templates/vhost.conf
@@ -4,7 +4,9 @@
 {% if drupal_domain.protocol|default("https") == "https" and groups.proxyserver is not defined %}
  ServerAdmin {{ apache_server_admin }}
  ServerName  {{ drupal_domain.domain }}
+{% if not drupal_domain.aliases_redirect|default(False) %}
  ServerAlias {{ drupal_domain.domain }}{% for alias in drupal_domain.aliases|default([]) %} {{ alias }}{% endfor %}
+{% endif %}

  RewriteEngine on
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
@@ -23,8 +25,9 @@
 {% endif %}
  ServerAdmin {{ apache_server_admin }}
  ServerName  {{ drupal_domain.domain }}
+{% if not drupal_domain.aliases_redirect|default(False) %}
  ServerAlias {{ drupal_domain.domain }}{% for alias in drupal_domain.aliases|default([]) %} {{ alias }}{% endfor %}
-
+{% endif %}

 {% if drupal.jail is defined %}
  ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:{{ drupal.jail.port }}{{ drupalRoot }}/$1
@@ -86,54 +89,45 @@
  SSLCertificateKeyFile /etc/letsencrypt/live/{{ drupal_domain.domain }}/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/{{ drupal_domain.domain }}/chain.pem
 {% else %}
-{% for certs in apache_certificates|default([]) %}
-{% if certs.domain == drupal_domain.domain %}
-{% for cert in certs.certs %}
-  {{cert.type}} /etc/ssl/private/{{cert.file}}
-{% endfor %}
-{% for alias in certs.aliases|default([]) %}
+    # TODO: We should allow cert definition per domain
+{% endif %}
+{% endif %}
 </VirtualHost>
+{% if (drupal_domain.redirects is defined or drupal_domain.aliases_redirect|default(False)) and groups.proxyserver is not defined %}

-<VirtualHost *:443>
+<VirtualHost *:80>
  Include /etc/apache2/{{ apache_conf_dir }}/global-redirect.conf

-  ServerName {{ alias }}
-  Redirect 301 / https://{{ certs.domain }}/
-
-  SSLEngine on
-{% for cert in certs.certs %}
-  {{cert.type}} /etc/ssl/private/{{cert.file}}
-{% endfor %}
+  ServerAdmin {{ apache_server_admin }}
+  ServerName  dummy.{{ drupal_domain.domain }}
+  ServerAlias {% for redirect in drupal_domain.redirects|default([]) %} {{ redirect }}{% endfor %}{% if drupal_domain.aliases_redirect|default(False) %}{% for alias in drupal_domain.aliases|default([]) %} {{ alias }}{% endfor %}{% endif %}

-  ErrorLog {{ apacheLogDir }}/{{ certs.domain }}-error.log
-  LogLevel warn
-  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
-  SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
-  CustomLog {{ apacheLogDir }}/{{ certs.domain }}-access.log combined env=!forwarded
-  CustomLog {{ apacheLogDir }}/{{ certs.domain }}-access.log proxy env=forwarded
-{% endfor %}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% endif %}
+  RewriteEngine on
+  RewriteRule ^ {{ drupal_domain.protocol|default("https") }}://{{ drupal_domain.domain }}%{REQUEST_URI} [END,QSA,R=permanent]
 </VirtualHost>
-{% if drupal_domain.redirects is defined and groups.proxyserver is not defined %}
+{% if drupal_domain.protocol|default("https") == "https" and groups.proxyserver is not defined %}

-<VirtualHost *:80>
+<VirtualHost *:443>
  Include /etc/apache2/{{ apache_conf_dir }}/global-redirect.conf

  ServerAdmin {{ apache_server_admin }}
  ServerName  dummy.{{ drupal_domain.domain }}
-  ServerAlias {% for redirect in drupal_domain.redirects %} {{ redirect }}{% endfor %}
+  ServerAlias {% for redirect in drupal_domain.redirects|default([]) %} {{ redirect }}{% endfor %}{% if drupal_domain.aliases_redirect|default(False) %}{% for alias in drupal_domain.aliases|default([]) %} {{ alias }}{% endfor %}{% endif %}

  RewriteEngine on
-  RewriteRule ^ {{ drupal_domain.protocol|default("https") }}://{{ drupal_domain.domain }}%{REQUEST_URI} [END,QSA,R=permanent]
+  RewriteRule ^ https://{{ drupal_domain.domain }}%{REQUEST_URI} [END,QSA,R=permanent]

-  ErrorLog {{ apacheLogDir }}/{{ drupal_domain.domain }}-error.log
-  LogLevel warn
-  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
-  SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
-  CustomLog {{ apacheLogDir }}/{{ drupal_domain.domain }}-access.log combined env=!forwarded
-  CustomLog {{ apacheLogDir }}/{{ drupal_domain.domain }}-access.log proxy env=forwarded
+{% if drupal_domain.protocol|default("https") == "https" and groups.proxyserver is not defined %}
+  SSLEngine on
+{% if drupal_domain.letsencrypt|default(true) %}
+  Include /etc/letsencrypt/options-ssl-apache.conf
+  SSLCertificateFile /etc/letsencrypt/live/{{ drupal_domain.domain }}/cert.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/{{ drupal_domain.domain }}/privkey.pem
+  SSLCertificateChainFile /etc/letsencrypt/live/{{ drupal_domain.domain }}/chain.pem
+{% else %}
+    # TODO: We should allow cert definition per domain
+{% endif %}
+{% endif %}
 </VirtualHost>
 {% endif %}
+{% endif %}