From f178b7405532740d1745018c452df6230158df7d Mon Sep 17 00:00:00 2001
From: James Valleroy <james.valleroy@gmail.com>
Date: Mon, 24 Mar 2014 07:19:57 -0400
Subject: [PATCH] Split apache conf into 2 files, one for HTTP and one for SSL.

---
 LICENSES                      |  1 +
 Makefile                      |  2 ++
 fabfile.py                    |  9 ++++++++
 setup.d/86_plinth             |  1 +
 share/apache2/plinth-ssl.conf | 42 ++++++++++++++++++++++++++++++++++
 share/apache2/plinth.conf     | 43 -----------------------------------
 6 files changed, 55 insertions(+), 43 deletions(-)
 create mode 100644 share/apache2/plinth-ssl.conf

diff --git a/LICENSES b/LICENSES
index 09717ea6d..c333d3876 100644
--- a/LICENSES
+++ b/LICENSES
@@ -69,6 +69,7 @@ specified and linked otherwise.
 - modules/installed/system/wan.py :: -
 - setup/86_plinth :: -
 - share/apache2/plinth.conf :: -
+- share/apache2/plinth-ssl.conf :: -
 - share/init.d/plinth :: -
 - sudoers/plinth :: -
 - templates/base.tmpl :: [[file:templates/base.tmpl::the%20<a%20href%3D"http:/www.gnu.org/licenses/agpl.html"%20target%3D"_blank">GNU%20Affero%20General%20Public][GNU Affero General Public License, Version 3 or later]]
diff --git a/Makefile b/Makefile
index 6b29b092b..c93d3a5c9 100644
--- a/Makefile
+++ b/Makefile
@@ -93,8 +93,10 @@ current-repository.tar.gz: $(ALL_BUT_GZ)
 
 apache-install:
 	install -D -m644 share/apache2/plinth.conf $(DESTDIR)/etc/apache2/sites-available/plinth.conf
+	install -D -m644 share/apache2/plinth-ssl.conf $(DESTDIR)/etc/apache2/sites-available/plinth-ssl.conf
 apache-config: apache-install apache-modules
 	a2ensite plinth
+	a2ensite plinth-ssl
 	service apache2 reload
 
 apache-modules:
diff --git a/fabfile.py b/fabfile.py
index a9a95d09c..7801834aa 100644
--- a/fabfile.py
+++ b/fabfile.py
@@ -135,6 +135,15 @@ def apache():
          backslash_path(os.path.join(remote_dir(), "static")),
          conf_path))
    link(conf_path, "/etc/apache2/sites-enabled/plinth.conf")
+
+   sslconf_path = os.path.join(remote_dir(), "share/apache2/plinth-ssl.conf")
+   sudo("mkdir -p " + os.path.split(sslconf_path)[0])
+   sudo("touch "+ sslconf_path)
+   sudo(r"sed -i 's/\(\s*\)DocumentRoot.*/\1DocumentRoot %s/g' %s" % (
+         backslash_path(os.path.join(remote_dir(), "static")),
+         sslconf_path))
+   link(sslconf_path, "/etc/apache2/sites-enabled/plinth-ssl.conf")
+
    sudo('rm -f /etc/apache2/sites-enabled/000-default')
    sudo('service apache2 restart')
 
diff --git a/setup.d/86_plinth b/setup.d/86_plinth
index 5ebd0dedf..5ee424d7b 100755
--- a/setup.d/86_plinth
+++ b/setup.d/86_plinth
@@ -12,5 +12,6 @@ a2enmod rewrite
 a2enmod ssl
 a2dissite default
 a2ensite plinth.conf
+a2ensite plinth-ssl.conf
 
 echo "Done configuring Apache for Plinth."
diff --git a/share/apache2/plinth-ssl.conf b/share/apache2/plinth-ssl.conf
new file mode 100644
index 000000000..c96107003
--- /dev/null
+++ b/share/apache2/plinth-ssl.conf
@@ -0,0 +1,42 @@
+<VirtualHost *:443>
+
+    ## Enable SSL
+    SSLEngine on
+    SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+    ## Use HTTP Strict Transport Security to force client to use secure connections only
+    Header always set Strict-Transport-Security "max-age=31536000"
+
+    ## Shared options.
+    ProxyPreserveHost on
+    DocumentRoot /usr/share/plinth
+
+    ## Use this rule to hang plinth off of plinth.(servername)
+    # ServerName plinth
+    # ServerAlias plinth.*
+    # ProxyPass        /  http://localhost:8000/
+    # ProxyPassReverse /  http://localhost:8000/
+    # <Proxy *>
+    #     Order Deny,Allow
+    #     Deny from All
+    #     Allow from 10.0.0.0/8
+    #     Allow from 172.16.0.0/12
+    #     Allow from 192.168.0.0/16
+    # </Proxy>
+
+    ## Use this rule to hang plinth off a subdir.
+    ## Make sure to provide plinth with a default directory: /plinth
+    <Location /plinth>
+        ProxyPass        http://localhost:8000/plinth
+        ProxyPassReverse http://localhost:8000/plinth
+
+        Order Deny,Allow
+        Deny from All
+        Allow from 10.0.0.0/8
+        Allow from 172.16.0.0/12
+        Allow from 192.168.0.0/16
+    </Location>
+    ProxyPass    /plinth/static !
+
+</VirtualHost>
diff --git a/share/apache2/plinth.conf b/share/apache2/plinth.conf
index e2b0dcbb5..d7af857e8 100644
--- a/share/apache2/plinth.conf
+++ b/share/apache2/plinth.conf
@@ -14,46 +14,3 @@
     # ServerAlias plinth.*
 
 </VirtualHost>
-
-<VirtualHost *:443>
-
-    ## Enable SSL
-    SSLEngine on
-    SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
-    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
-
-    ## Use HTTP Strict Transport Security to force client to use secure connections only
-    Header always set Strict-Transport-Security "max-age=31536000"
-
-    ## Shared options.
-    ProxyPreserveHost on
-    DocumentRoot /usr/share/plinth
-
-    ## Use this rule to hang plinth off of plinth.(servername)
-    # ServerName plinth
-    # ServerAlias plinth.*
-    # ProxyPass        /  http://localhost:8000/
-    # ProxyPassReverse /  http://localhost:8000/
-    # <Proxy *>
-    #     Order Deny,Allow
-    #     Deny from All
-    #     Allow from 10.0.0.0/8
-    #     Allow from 172.16.0.0/12
-    #     Allow from 192.168.0.0/16
-    # </Proxy>
-
-    ## Use this rule to hang plinth off a subdir.
-    ## Make sure to provide plinth with a default directory: /plinth
-    <Location /plinth>
-        ProxyPass        http://localhost:8000/plinth
-        ProxyPassReverse http://localhost:8000/plinth
-
-        Order Deny,Allow
-        Deny from All
-        Allow from 10.0.0.0/8
-        Allow from 172.16.0.0/12
-        Allow from 192.168.0.0/16
-    </Location>
-    ProxyPass    /plinth/static !
-
-</VirtualHost>