From 84bc78de201b7f31bf89f3814b01db4c1249d031 Mon Sep 17 00:00:00 2001 From: sambufe Date: Fri, 21 Jul 2017 09:30:57 +0200 Subject: [PATCH] FBBKERNSERV-305 prd --- customer/fbb-www/production.yaml | 29 +++++++++++++++++++---------- customer/fbb-www/test.yaml | 2 -- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/customer/fbb-www/production.yaml b/customer/fbb-www/production.yaml index 3be89c81..84fbb4de 100644 --- a/customer/fbb-www/production.yaml +++ b/customer/fbb-www/production.yaml @@ -6,6 +6,7 @@ infra::additional_classes: - infra::profile::postfix - infra::profile::cron - infra::profile::clamav + - apache::mod::remoteip accounts::users: #fbb @@ -128,6 +129,10 @@ sudo::configs: florian.dorrer ALL=(unitb.cron) NOPASSWD: ALL felix.maier ALL=(unitb.cron) NOPASSWD: ALL +apache::mod::remoteip::proxy_ips: + - 192.168.65.253 + - 192.168.65.254 + infra::profile::cron::cronjobs: flugplan-import: command: '/bin/bash /opt/app/web_alt/flugplan/SH_Sources/poll.sh >> /var/log/unitb/flugplan-import.log 2>> /var/log/unitb/flugplan-import.log' @@ -259,6 +264,7 @@ infra::profile::apache::pp_vhosts: ssl: false docroot_owner: apache docroot_group: apache + access_log_format: remote_combined setenvif: - 'HTTPS on X-Forwarded-Proto=https' - 'HTTPS on HTTPS=on' @@ -287,6 +293,7 @@ infra::profile::apache::pp_vhosts: docroot_owner: web docroot_group: fbb docroot_mode: '0775' + access_log_format: remote_combined setenvif: - 'HTTPS on X-Forwarded-Proto=https' - 'HTTPS on HTTPS=on' @@ -314,6 +321,7 @@ infra::profile::apache::pp_vhosts: ssl: false docroot_owner: presse.upload docroot_group: fbb + access_log_format: remote_combined setenvif: - 'HTTPS on X-Forwarded-Proto=https' - 'HTTPS on HTTPS=on' @@ -614,6 +622,7 @@ infra::profile::apache::pp_vhosts: docroot_group: apache #wird benoetigt weil die docroot auf einen symlink zeigt manage_docroot: false + access_log_format: remote_combined setenvif: - 'HTTPS on X-Forwarded-Proto=https' - 'HTTPS on HTTPS=on' @@ -647,22 +656,13 @@ infra::profile::apache::pp_vhosts: docroot_group: apache #wird benoetigt weil die docroot auf einen symlink zeigt manage_docroot: false + access_log_format: remote_combined setenv: - AIRLINE_DATA /www/data/fiona/app/online/docs/_airlines/index.php - POI_CMS_EXPORT_FILE /www/data/fiona/app/online/docs/poiExport/index.php setenvif: - 'HTTPS on X-Forwarded-Proto=https' - 'HTTPS on HTTPS=on' - headers: - - 'set X-Content-Type-Options: nosniff' - - 'set X-XSS-Protection: "1; mode=block"' - - 'set X-Frame-Options: DENY' - error_documents: - - { error_code: 401 , document: "/de/global/_errors/_error401/index.php" } - - { error_code: 403 , document: "/de/global/_errors/_error403/index.php" } - - { error_code: 404 , document: "/de/global/_errors/_error404/index.php" } - - { error_code: 500 , document: "/de/global/_errors/_error500/index.php" } - setenvif: # 82.145.10.128/29 - 'Client-IP "82\.145\.10\.(129|130|131|132|133|134)" AdslZugriffErlaubt' # 82.145.10.136/29 @@ -688,6 +688,15 @@ infra::profile::apache::pp_vhosts: - 'Client-IP "194\.174\.76\.\d+" AdslZugriffErlaubt' - 'Client-IP "178\.8\.96\.\d+" AdslZugriffErlaubt' - 'Client-IP "89\.\d+\.\d+\.\d+" AdslZugriffErlaubt' + headers: + - 'set X-Content-Type-Options: nosniff' + - 'set X-XSS-Protection: "1; mode=block"' + - 'set X-Frame-Options: DENY' + error_documents: + - { error_code: 401 , document: "/de/global/_errors/_error401/index.php" } + - { error_code: 403 , document: "/de/global/_errors/_error403/index.php" } + - { error_code: 404 , document: "/de/global/_errors/_error404/index.php" } + - { error_code: 500 , document: "/de/global/_errors/_error500/index.php" } directories: - provider: 'directory' path: '/var/www/berlin-airport' diff --git a/customer/fbb-www/test.yaml b/customer/fbb-www/test.yaml index 83afef67..3ea44a8a 100644 --- a/customer/fbb-www/test.yaml +++ b/customer/fbb-www/test.yaml @@ -576,8 +576,6 @@ infra::profile::apache::pp_vhosts: - provider: location path: /de/global/ADSL-info require: - #Pixelpark Admin Nat Pool - - ip 10.90.14.0 - ip 172.18.39.22 172.18.49.24 194.174.73 194.174.78 217.66.51 10.99.1.10 - ip 89.27.163.36/29 89.27.134.34/24 89.27.134.67/24 194.174.73.0/24 194.174.80.0/24 194.174.76.0/24 - env AdslZugriffErlaubt -- 2.39.5