This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/master by this push:
new 050a29f AIRAVATA-3533 Support redirecting from old HTTPS domain to
new HTTPS domain
050a29f is described below
commit 050a29f8474b769004d00db3c01825d481da4824
Author: Marcus Christie <[email protected]>
AuthorDate: Thu Oct 21 16:27:52 2021 -0400
AIRAVATA-3533 Support redirecting from old HTTPS domain to new HTTPS domain
---
.../scigap/production/host_vars/ampgateway/vars.yml | 7 +++++--
dev-tools/ansible/roles/django/tasks/main.yml | 8 ++++++++
.../roles/django/templates/django-ssl-vhost.conf.j2 | 14 ++++++++++++++
3 files changed, 27 insertions(+), 2 deletions(-)
diff --git
a/dev-tools/ansible/inventories/scigap/production/host_vars/ampgateway/vars.yml
b/dev-tools/ansible/inventories/scigap/production/host_vars/ampgateway/vars.yml
index d18abf8..1b0cbc6 100644
---
a/dev-tools/ansible/inventories/scigap/production/host_vars/ampgateway/vars.yml
+++
b/dev-tools/ansible/inventories/scigap/production/host_vars/ampgateway/vars.yml
@@ -23,14 +23,17 @@ airavata_django_extra_dependencies:
-
git+https://github.com/SciGaP/amp-gateway-django-app.git#egg=amp_gateway_django_app
vhost_servername: "amosgateway.org"
-vhost_server_redirect: "ampgateway.org"
-#vhost_serveralias: "ampgateway.org"
vhost_ssl: True
ssl_certificate_file: "/etc/letsencrypt/live/amosgateway.org/cert.pem"
ssl_certificate_chain_file:
"/etc/letsencrypt/live/amosgateway.org/fullchain.pem"
ssl_certificate_key_file: "/etc/letsencrypt/live/amosgateway.org/privkey.pem"
+vhost_server_redirect: "ampgateway.org"
+vhost_server_redirect_ssl_certificate_file:
"/etc/letsencrypt/live/ampgateway.org/cert.pem"
+vhost_server_redirect_ssl_certificate_chain_file:
"/etc/letsencrypt/live/ampgateway.org/fullchain.pem"
+vhost_server_redirect_ssl_certificate_key_file:
"/etc/letsencrypt/live/ampgateway.org/privkey.pem"
+
## Keycloak related variables
tenant_domain: "amp"
oauth_client_key: "{{ vault_oauth_client_key }}"
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml
b/dev-tools/ansible/roles/django/tasks/main.yml
index 021f4b5..172b7f0 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -332,3 +332,11 @@
create: yes
become: yes
when: vhost_ssl
+
+- name: add redirect domain to Zabbix monitoring checklist
+ lineinfile:
+ path: /etc/zabbix/domain_checklist
+ line: "{{ vhost_server_redirect }}"
+ create: yes
+ become: yes
+ when: vhost_ssl and vhost_server_redirect_ssl_certificate_file is defined
diff --git a/dev-tools/ansible/roles/django/templates/django-ssl-vhost.conf.j2
b/dev-tools/ansible/roles/django/templates/django-ssl-vhost.conf.j2
index 16e5fab..71b5323 100644
--- a/dev-tools/ansible/roles/django/templates/django-ssl-vhost.conf.j2
+++ b/dev-tools/ansible/roles/django/templates/django-ssl-vhost.conf.j2
@@ -25,6 +25,20 @@
ServerName {{ vhost_server_redirect }}
Redirect "/" "https://{{ vhost_servername }}"
</VirtualHost>
+
+{% if vhost_server_redirect_ssl_certificate_file is defined %}
+<VirtualHost *:{{httpd_default_https_port}}>
+ ServerName {{ vhost_server_redirect }}
+ Redirect "/" "https://{{ vhost_servername }}"
+
+ SSLEngine on
+ # Disable SSLv3 which is vulnerable to the POODLE attack
+ SSLProtocol All -SSLv2 -SSLv3
+ SSLCertificateFile {{ vhost_server_redirect_ssl_certificate_file }}
+ SSLCertificateChainFile {{
vhost_server_redirect_ssl_certificate_chain_file }}
+ SSLCertificateKeyFile {{ vhost_server_redirect_ssl_certificate_key_file }}
+</VirtualHost>
+{% endif %}
{% endif %}
<VirtualHost *:{{ httpd_default_http_port }}>
