Special-case fedoauth (reverseproxy).

2014-12-08 19:53:10 +00:00 · 2014-12-08 19:53:10 +00:00 · df30b9fa9d
commit df30b9fa9d
parent 4df7a4b977
1 changed files with 41 additions and 0 deletions
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf
@ -0,0 +1,41 @@
+RequestHeader unset Expect early
+RequestHeader set X-Forwarded-Scheme https early
+
+RewriteEngine on
+
+RewriteMap lowercase int:tolower
+
+{% if env == "staging" %}
+RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9-]+\.id\.stg\.fedoraproject\.org$
+{% else %}
+RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9-]+\.id\.fedoraproject\.org$
+{% endif %}
+
+RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]
+
+{{ if env == "staging" }}
+RewriteRule ^([a-z0-9-]+)\.id\.stg\.fedoraproject\.org/.* {{proxyurl}}/openid/id/$1/ [P,L]
+{{ else }}
+RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* {{proxyurl}}/openid/id/$1/ [P]
+{{ endif }}
+
+RewriteCond %{HTTPS} off
+RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
+
+Header add Strict-Transport-Security "max-age=15768000"
+
+
+RewriteRule ^(.+) - [PT]
+
+<Location /login>
+    # required for rewrite rule
+    Options +SymLinksIfOwnerMatch
+    RewriteEngine on
+    RewriteCond %{HTTPS} off
+    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</Location>
+
+
+ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
+ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}
+