From 16f37accab30c73ea8e38a9253f6ac9bb202a395 Mon Sep 17 00:00:00 2001 From: Andreas Gerstenberg Date: Thu, 17 Aug 2017 15:37:22 +0200 Subject: [PATCH] spk-spar-checker merge test -> production --- customer/spk-spar-checker/production.yaml | 92 +++++++++++++++++++++-- 1 file changed, 86 insertions(+), 6 deletions(-) diff --git a/customer/spk-spar-checker/production.yaml b/customer/spk-spar-checker/production.yaml index 9034a713..8c08c919 100644 --- a/customer/spk-spar-checker/production.yaml +++ b/customer/spk-spar-checker/production.yaml @@ -36,19 +36,19 @@ infra::profile::apache::pp_vhosts: docroot_group: apache docroot_mode: '0775' directories: - - directory_root: - provider: directory - path: '/var/www/spar-checker' + - provider: directory + path: '/var/www/spar-checker/sparchecker-frontend/' addhandlers: - { handler: "proxy:unix:/var/run/php5-fpm-sparchecker.sock|fcgi://./" , extensions: '.php' } options: - FollowSymLinks - MultiViews allow_override: - - All + - None directoryindex: 'index.php index.html' - - location1: - provider: location + setenv: + - 'APPLICATION_ENV production' + - provider: location path: '/' auth_type: Digest auth_name: server @@ -56,6 +56,86 @@ infra::profile::apache::pp_vhosts: auth_digest_algorithm: MD5 auth_user_file: '/etc/httpd/htdigest' auth_require: 'valid-user' + - provider: location + path: '/api' + - provider: location + path: '/sfp' + auth_type: Digest + auth_name: 'Manager-Interface' + auth_digest_provider: file + auth_digest_algorithm: MD5 + auth_user_file: '/etc/httpd/spk.managed.htdigest' + require: + - 'valid-user' + - 'ip 80.146.239.2/32 109.86.229.215/32 195.69.134.114/32 88.99.67.38/32' + error_documents: + - { error_code: 401 , document: "/401.html" } + + - provider: directory + path: '/var/www/spar-checker/sparchecker-backend/public/sfp/' + addhandlers: + - { handler: "proxy:unix:/var/run/php5-fpm-sparchecker.sock|fcgi://./" , extensions: '.php' } + options: + - FollowSymLinks + - MultiViews + allow_override: + - None + directoryindex: 'index.php index.html' + setenv: + - 'APPLICATION_ENV production' + rewrites: + - comment: 'sfp files' + rewrite_cond: + - '%%{ich-trickse}{REQUEST_FILENAME} -s [OR]' + - '%%{ich-trickse}{REQUEST_FILENAME} -l [OR]' + - '%%{ich-trickse}{REQUEST_FILENAME} -d' + rewrite_rule: + - '^.*$ - [L]' + - comment: 'sfp rebase' + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$' + rewrite_rule: + - '^(.*) - [E=BASE:%1]' + - comment: 'sfp index' + rewrite_rule: + - '^(.*)$ %%{ich-trickse}{ENV:BASE}/index.php [L]' + + - provider: directory + path: '/var/www/spar-checker/sparchecker-backend/public/api/' + addhandlers: + - { handler: "proxy:unix:/var/run/php5-fpm-sparchecker.sock|fcgi://./" , extensions: '.php' } + options: + - FollowSymLinks + - MultiViews + allow_override: + - None + directoryindex: 'index.php index.html' + setenv: + - 'APPLICATION_ENV production' + rewrites: + - comment: 'api files' + rewrite_cond: + - '%%{ich-trickse}{REQUEST_FILENAME} -s [OR]' + - '%%{ich-trickse}{REQUEST_FILENAME} -l [OR]' + - '%%{ich-trickse}{REQUEST_FILENAME} -d' + rewrite_rule: + - '^.*$ - [L]' + - comment: 'api rebase' + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$' + rewrite_rule: + - '^(.*) - [E=BASE:%1]' + - comment: 'api index' + rewrite_rule: + - '^(.*)$ %%{ich-trickse}{ENV:BASE}/index.php [L]' + headers: + - 'always set X-XSS-Protection "1; mode=block"' + - 'always set X-Frame-Options "SAMEORIGIN"' + - 'always set X-Content-Type-Options "nosniff"' + - "set Content-Security-Policy \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;\"" + aliases: + - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api } + - { alias: /sfp , path: /var/www/spar-checker/sparchecker-backend/public/sfp } setenvif: - 'HTTPS on X-Forwarded-Proto=https' - 'HTTPS on HTTPS=on' -- 2.39.5