This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/develop by this push:
new 431cb1b Custom simccs vhost config to reverse proxy geoserver
431cb1b is described below
commit 431cb1b4f17bbedef633dd6b5b14cb625bad86c7
Author: Marcus Christie <[email protected]>
AuthorDate: Tue Mar 19 14:31:13 2019 -0400
Custom simccs vhost config to reverse proxy geoserver
---
.../simccs/files/django-ssl-vhost.conf.j2 | 76 ++++++++++++++++++++++
.../scigap/develop/host_vars/simccs/vars.yml | 2 +
2 files changed, 78 insertions(+)
diff --git
a/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/files/django-ssl-vhost.conf.j2
b/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/files/django-ssl-vhost.conf.j2
new file mode 100644
index 0000000..9f69fc5
--- /dev/null
+++
b/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/files/django-ssl-vhost.conf.j2
@@ -0,0 +1,76 @@
+{#
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#}
+
+{% if vhost_server_redirect is defined %}
+<VirtualHost *:{{httpd_default_http_port}}>
+ ServerName {{ vhost_server_redirect }}
+ Redirect "/" "https://{{ vhost_servername }}"
+</VirtualHost>
+{% endif %}
+
+<VirtualHost *:{{ httpd_default_http_port }}>
+ ServerName {{ vhost_servername }}
+
+ # Reverse proxy to geoserver on gf8
+ ProxyPass /geoserver "http://gf8.ucs.indiana.edu/geoserver";
+ ProxyPassReverse /geoserver "http://gf8.ucs.indiana.edu/geoserver";
+
+ ## Redirect all http traffic to https
+ RewriteEngine On
+ RewriteCond %{HTTPS} off
+ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+
+<VirtualHost *:{{ httpd_default_https_port }}>
+ ServerName {{ vhost_servername }}
+
+ Alias /robots.txt {{ doc_root_dir }}/static/robots.txt
+ Alias /favicon.ico {{ doc_root_dir }}/static/favicon.ico
+
+ Alias /static/ {{ doc_root_dir }}/static/
+
+ <Directory {{ doc_root_dir }}/static>
+ Require all granted
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
text/javascript application/javascript
+ </Directory>
+
+ WSGIDaemonProcess {{ vhost_servername }} display-name=%{GROUP}
python-home={{ doc_root_dir }}/venv python-path={{ doc_root_dir
}}/airavata-django-portal processes={{ django_wsgi_processes }} user={{ user }}
group={{ group }}
+ WSGIProcessGroup {{ vhost_servername }}
+
+ WSGIScriptAlias / {{ doc_root_dir
}}/airavata-django-portal/django_airavata/wsgi.py
+
+ <Directory {{ doc_root_dir }}/airavata-django-portal/django_airavata>
+ <Files wsgi.py>
+ Require all granted
+ </Files>
+ </Directory>
+
+ ErrorLog {{ httpd_log_dir[ansible_os_family] }}/django-{{ gateway_id
}}.error.log
+ CustomLog {{ httpd_log_dir[ansible_os_family] }}/django-{{ gateway_id
}}.requests.log combined
+
+ SSLEngine on
+ # Disable SSLv3 which is vulnerable to the POODLE attack
+ SSLProtocol All -SSLv2 -SSLv3
+ SSLCertificateFile {{ ssl_certificate_file }}
+ SSLCertificateChainFile {{ ssl_certificate_chain_file }}
+ SSLCertificateKeyFile {{ ssl_certificate_key_file }}
+</VirtualHost>
diff --git
a/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml
b/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml
index e56cadb..3fb0207 100644
--- a/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml
@@ -28,6 +28,8 @@ vhost_ssl: True
ssl_certificate_file: "/etc/letsencrypt/live/beta.simccs.org/cert.pem"
ssl_certificate_chain_file:
"/etc/letsencrypt/live/beta.simccs.org/fullchain.pem"
ssl_certificate_key_file: "/etc/letsencrypt/live/beta.simccs.org/privkey.pem"
+# Custom vhost config file to specify the geoserver reverse proxy
+django_ssl_vhost_template: "{{ inventory_dir
}}/host_vars/simccs/files/django-ssl-vhost.conf.j2"
## Keycloak related variables
tenant_domain: "simccs"
