Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

ssl the backend site too

Browse source 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
This commit is contained in:
Rick Elrod 2016-06-29 15:20:43 +00:00
parent f89ecea1ac
commit 22a25a935f
1 changed files with 18 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

34
roles/graphite/graphite/templates/graphite-web.conf
View file

@ -11,9 +11,6 @@
CustomLog /var/log/httpd/graphite-web-access.log common
Header set Access-Control-Allow-Origin "*"
# Header set Access-Control-Allow-Methods "GET, OPTIONS"
# Header set Access-Control-Allow-Headers "origin, authorization, accept"
# Header set Access-Control-Allow-Credentials true
WSGIScriptAlias / /usr/share/graphite/graphite-web.wsgi
WSGIImportScript /usr/share/graphite/graphite-web.wsgi process-group=%{GLOBAL} application-group=%{GLOBAL}
@ -27,17 +24,22 @@
SetHandler None
</Location>
#<Directory "/usr/share/graphite/">
# <IfModule mod_authz_core.c>
# # Apache 2.4
# Require local
# </IfModule>
# <IfModule !mod_authz_core.c>
# # Apache 2.2
# Order Deny,Allow
# Deny from all
# Allow from 127.0.0.1
# Allow from ::1
# </IfModule>
#</Directory>
# certbot/letsencrypt
RewriteEngine on
RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
</VirtualHost>
<VirtualHost {{public_ip}}:443 _default_:443>
ServerName graphite.cloud.fedoraproject.org
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/graphite.cloud.fedoraproject.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/graphite.cloud.fedoraproject.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/graphite.cloud.fedoraproject.org/fullchain.pem
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
SSLProtocol ALL -SSLv2
ProxyPass / http://graphite.cloud.fedoraproject.org/
ProxyPassReverse / http://graphite.cloud.fedoraproject.org/
</VirtualHost>