Split apache conf into 2 files, one for HTTP and one for SSL.

2026-01-21 07:55:00 +00:00 · 2014-03-24 07:19:57 -04:00 · 2014-03-24 07:19:57 -04:00 · f178b74055
commit f178b74055
parent f79463ec56
6 changed files with 55 additions and 43 deletions
--- a/1
+++ b/1
@ -69,6 +69,7 @@ specified and linked otherwise.
 - modules/installed/system/wan.py :: -
 - setup/86_plinth :: -
 - share/apache2/plinth.conf :: -
+- share/apache2/plinth-ssl.conf :: -
 - share/init.d/plinth :: -
 - sudoers/plinth :: -
 - templates/base.tmpl :: [[file:templates/base.tmpl::the%20<a%20href%3D"http:/www.gnu.org/licenses/agpl.html"%20target%3D"_blank">GNU%20Affero%20General%20Public][GNU Affero General Public License, Version 3 or later]]
--- a/2
+++ b/2
@ -93,8 +93,10 @@ current-repository.tar.gz: $(ALL_BUT_GZ)

 apache-install:
 	install -D -m644 share/apache2/plinth.conf $(DESTDIR)/etc/apache2/sites-available/plinth.conf
+	install -D -m644 share/apache2/plinth-ssl.conf $(DESTDIR)/etc/apache2/sites-available/plinth-ssl.conf
 apache-config: apache-install apache-modules
 	a2ensite plinth
+	a2ensite plinth-ssl
 	service apache2 reload

 apache-modules:
--- a/fabfile.py
+++ b/fabfile.py
@ -135,6 +135,15 @@ def apache():
         backslash_path(os.path.join(remote_dir(), "static")),
         conf_path))
   link(conf_path, "/etc/apache2/sites-enabled/plinth.conf")
+
+   sslconf_path = os.path.join(remote_dir(), "share/apache2/plinth-ssl.conf")
+   sudo("mkdir -p " + os.path.split(sslconf_path)[0])
+   sudo("touch "+ sslconf_path)
+   sudo(r"sed -i 's/\(\s*\)DocumentRoot.*/\1DocumentRoot %s/g' %s" % (
+         backslash_path(os.path.join(remote_dir(), "static")),
+         sslconf_path))
+   link(sslconf_path, "/etc/apache2/sites-enabled/plinth-ssl.conf")
+
   sudo('rm -f /etc/apache2/sites-enabled/000-default')
   sudo('service apache2 restart')

--- a/setup.d/86_plinth
+++ b/setup.d/86_plinth
@ -12,5 +12,6 @@ a2enmod rewrite
 a2enmod ssl
 a2dissite default
 a2ensite plinth.conf
+a2ensite plinth-ssl.conf

 echo "Done configuring Apache for Plinth."
--- a/share/apache2/plinth-ssl.conf
+++ b/share/apache2/plinth-ssl.conf
@ -0,0 +1,42 @@
+<VirtualHost *:443>
+
+    ## Enable SSL
+    SSLEngine on
+    SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+    ## Use HTTP Strict Transport Security to force client to use secure connections only
+    Header always set Strict-Transport-Security "max-age=31536000"
+
+    ## Shared options.
+    ProxyPreserveHost on
+    DocumentRoot /usr/share/plinth
+
+    ## Use this rule to hang plinth off of plinth.(servername)
+    # ServerName plinth
+    # ServerAlias plinth.*
+    # ProxyPass        /  http://localhost:8000/
+    # ProxyPassReverse /  http://localhost:8000/
+    # <Proxy *>
+    #     Order Deny,Allow
+    #     Deny from All
+    #     Allow from 10.0.0.0/8
+    #     Allow from 172.16.0.0/12
+    #     Allow from 192.168.0.0/16
+    # </Proxy>
+
+    ## Use this rule to hang plinth off a subdir.
+    ## Make sure to provide plinth with a default directory: /plinth
+    <Location /plinth>
+        ProxyPass        http://localhost:8000/plinth
+        ProxyPassReverse http://localhost:8000/plinth
+
+        Order Deny,Allow
+        Deny from All
+        Allow from 10.0.0.0/8
+        Allow from 172.16.0.0/12
+        Allow from 192.168.0.0/16
+    </Location>
+    ProxyPass    /plinth/static !
+
+</VirtualHost>
--- a/share/apache2/plinth.conf
+++ b/share/apache2/plinth.conf
@ -14,46 +14,3 @@
    # ServerAlias plinth.*

 </VirtualHost>
-
-<VirtualHost *:443>
-
-    ## Enable SSL
-    SSLEngine on
-    SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
-    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
-
-    ## Use HTTP Strict Transport Security to force client to use secure connections only
-    Header always set Strict-Transport-Security "max-age=31536000"
-
-    ## Shared options.
-    ProxyPreserveHost on
-    DocumentRoot /usr/share/plinth
-
-    ## Use this rule to hang plinth off of plinth.(servername)
-    # ServerName plinth
-    # ServerAlias plinth.*
-    # ProxyPass        /  http://localhost:8000/
-    # ProxyPassReverse /  http://localhost:8000/
-    # <Proxy *>
-    #     Order Deny,Allow
-    #     Deny from All
-    #     Allow from 10.0.0.0/8
-    #     Allow from 172.16.0.0/12
-    #     Allow from 192.168.0.0/16
-    # </Proxy>
-
-    ## Use this rule to hang plinth off a subdir.
-    ## Make sure to provide plinth with a default directory: /plinth
-    <Location /plinth>
-        ProxyPass        http://localhost:8000/plinth
-        ProxyPassReverse http://localhost:8000/plinth
-
-        Order Deny,Allow
-        Deny from All
-        Allow from 10.0.0.0/8
-        Allow from 172.16.0.0/12
-        Allow from 192.168.0.0/16
-    </Location>
-    ProxyPass    /plinth/static !
-
-</VirtualHost>