From 3f9c725df874f0b29676f08270670070f662050c Mon Sep 17 00:00:00 2001 From: Andreas Gerstenberg Date: Tue, 22 Aug 2017 12:59:23 +0200 Subject: [PATCH] spk-spar-checker update global settings --- customer/spk-spar-checker/production.yaml | 28 +++++++++------------ customer/spk-spar-checker/test.yaml | 30 +++++++++-------------- 2 files changed, 23 insertions(+), 35 deletions(-) diff --git a/customer/spk-spar-checker/production.yaml b/customer/spk-spar-checker/production.yaml index 1f8c407c..c0aa2e86 100644 --- a/customer/spk-spar-checker/production.yaml +++ b/customer/spk-spar-checker/production.yaml @@ -36,11 +36,22 @@ infra::profile::apache::pp_vhosts: docroot_group: apache docroot_mode: '0750' access_log_format: lb_combined + headers: + - 'always set X-XSS-Protection "1; mode=block"' + - 'always set X-Frame-Options "SAMEORIGIN"' + - 'always set X-Content-Type-Options "nosniff"' + - "set Content-Security-Policy \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;\"" + aliases: + - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api } + - { alias: /sfp , path: /var/www/spar-checker/sparchecker-backend/public/sfp } setenvif: + - 'HTTPS on X-Forwarded-Proto=https' + - 'HTTPS on HTTPS=on' - 'X-Forwarded-For ^80.146.239.2 admin_ip_range' - 'X-Forwarded-For ^109.86.229.215 admin_ip_range' - 'X-Forwarded-For ^195.69.134.114 admin_ip_range' - 'X-Forwarded-For ^88.99.67.38 admin_ip_range' + - 'APPLICATION_ENV production' directories: - provider: directory path: '/var/www/spar-checker/sparchecker-frontend/' @@ -50,8 +61,6 @@ infra::profile::apache::pp_vhosts: allow_override: - None directoryindex: 'index.html' - setenv: - - 'APPLICATION_ENV production' - provider: location path: '/' auth_type: Digest @@ -85,8 +94,6 @@ infra::profile::apache::pp_vhosts: allow_override: - None directoryindex: 'index.php index.html' - setenv: - - 'APPLICATION_ENV production' rewrites: - comment: 'sfp files' rewrite_cond: @@ -114,8 +121,6 @@ infra::profile::apache::pp_vhosts: allow_override: - None directoryindex: 'index.php index.html' - setenv: - - 'APPLICATION_ENV production' rewrites: - comment: 'api files' rewrite_cond: @@ -132,17 +137,6 @@ infra::profile::apache::pp_vhosts: - comment: 'api index' rewrite_rule: - '^(.*)$ %%{ich-trickse}{ENV:BASE}/index.php [L]' - headers: - - 'always set X-XSS-Protection "1; mode=block"' - - 'always set X-Frame-Options "SAMEORIGIN"' - - 'always set X-Content-Type-Options "nosniff"' - - "set Content-Security-Policy \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;\"" - aliases: - - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api } - - { alias: /sfp , path: /var/www/spar-checker/sparchecker-backend/public/sfp } - setenvif: - - 'HTTPS on X-Forwarded-Proto=https' - - 'HTTPS on HTTPS=on' rewrites: - comment: 'http to https' rewrite_cond: diff --git a/customer/spk-spar-checker/test.yaml b/customer/spk-spar-checker/test.yaml index ba493d24..71c4e482 100644 --- a/customer/spk-spar-checker/test.yaml +++ b/customer/spk-spar-checker/test.yaml @@ -34,7 +34,19 @@ infra::profile::apache::pp_vhosts: docroot_group: apache docroot_mode: '0750' access_log_format: lb_combined + headers: + - 'always set X-XSS-Protection "1; mode=block"' + - 'always set X-Frame-Options "SAMEORIGIN"' + - 'always set X-Content-Type-Options "nosniff"' + - "set Content-Security-Policy \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;\"" + aliases: + - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api } + - { alias: /sfp , path: /var/www/spar-checker/sparchecker-backend/public/sfp } + setenv: + - 'APPLICATION_ENV production' setenvif: + - 'HTTPS on X-Forwarded-Proto=https' + - 'HTTPS on HTTPS=on' - 'X-Forwarded-For ^80.146.239.2 admin_ip_range' - 'X-Forwarded-For ^109.86.229.215 admin_ip_range' - 'X-Forwarded-For ^195.69.134.114 admin_ip_range' @@ -48,8 +60,6 @@ infra::profile::apache::pp_vhosts: allow_override: - None directoryindex: 'index.html' - setenv: - - 'APPLICATION_ENV production' - provider: location path: '/' auth_type: Digest @@ -83,8 +93,6 @@ infra::profile::apache::pp_vhosts: allow_override: - None directoryindex: 'index.php index.html' - setenv: - - 'APPLICATION_ENV production' rewrites: - comment: 'sfp files' rewrite_cond: @@ -112,8 +120,6 @@ infra::profile::apache::pp_vhosts: allow_override: - None directoryindex: 'index.php index.html' - setenv: - - 'APPLICATION_ENV production' rewrites: - comment: 'api files' rewrite_cond: @@ -130,18 +136,6 @@ infra::profile::apache::pp_vhosts: - comment: 'api index' rewrite_rule: - '^(.*)$ %%{ich-trickse}{ENV:BASE}/index.php [L]' - - headers: - - 'always set X-XSS-Protection "1; mode=block"' - - 'always set X-Frame-Options "SAMEORIGIN"' - - 'always set X-Content-Type-Options "nosniff"' - - "set Content-Security-Policy \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;\"" - aliases: - - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api } - - { alias: /sfp , path: /var/www/spar-checker/sparchecker-backend/public/sfp } - setenvif: - - 'HTTPS on X-Forwarded-Proto=https' - - 'HTTPS on HTTPS=on' rewrites: - comment: 'http to https' rewrite_cond: -- 2.39.5