<% @path = "/etc/apache2/sites-available/#{rubber_env.app_name}-tools" @post = <<-EOS a2enmod rewrite a2enmod ssl a2enmod proxy_http a2enmod proxy_html a2enmod ext_filter a2ensite #{rubber_env.app_name}-tools EOS %> Listen <%= rubber_env.web_tools_port %> > ServerName <%= rubber_env.full_host %> RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^/(.*)$ https://%{SERVER_NAME}:<%= rubber_env.web_tools_ssl_port %>/$1 [L,R] RewriteLog "/var/log/apache2/rewrite.log" Listen <%= rubber_env.web_tools_ssl_port %> NameVirtualHost *:<%= rubber_env.web_tools_ssl_port %> > ServerName <%= rubber_env.full_host %> DocumentRoot /var/www SSLEngine on SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # SSLCertificateFile <%= Rubber.root %>/config/<%= rubber_env.domain %>.crt # SSLCertificateKeyFile <%= Rubber.root %>/config/<%= rubber_env.domain %>.key # SSLCertificateChainFile /etc/ssl/certs/gd_intermediate_bundle.crt RequestHeader set X_FORWARDED_PROTO "https" AuthType Basic AuthName "Rubber Admin Tools" AuthUserFile <%= Rubber.root %>/config/<%= rubber_env.app_name %>.auth Require valid-user Allow from all SetOutputFilter proxy-html <% rubber_instances.for_role('haproxy').each do |ic| %> ProxyPass /haproxy_<%= ic.name %>/ http://<%= ic.full_name %>:<%= rubber_env.haproxy_admin_port %>/haproxy/ /> ProxyPassReverse / ProxyHTMLURLMap http://<%= ic.full_name %>:<%= rubber_env.haproxy_admin_port %>/ /haproxy_<%= ic.name %>/ ProxyHTMLURLMap /haproxy/ /haproxy_<%= ic.name %>/ ProxyHTMLURLMap /haproxy /haproxy_<%= ic.name %>/ <% end %> <% rubber_instances.each do |ic| %> ProxyPass /monit_<%= ic.name %>/ http://<%= ic.full_name %>:<%= rubber_env.monit_admin_port %>/ /> ProxyPassReverse / ProxyHTMLURLMap http://<%= ic.full_name %>:<%= rubber_env.monit_admin_port %>/ /monit_<%= ic.name %>/ ProxyHTMLURLMap / /monit_<%= ic.name %>/ <% end %> <% Array(rubber_env.web_tools_proxies).each do |name, settings| proxy_host = rubber_instances.for_role(settings.role).first.full_name rescue nil next unless proxy_host host = "#{name}-#{rubber_env.full_host}" host_and_port = "#{host}:#{rubber_env.web_tools_ssl_port}" # don't use settings.path here - mapping the host/port is sufficient, # and path can be done in tools-index.html. This allows admin sites # that hit other paths on same host/port to still function, e.g. elasticsearch proxy_url = "http://#{proxy_host}:#{settings.port}/" %> > ServerName <%= host %> DocumentRoot /var/www SSLEngine on SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire SSLEngine on SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # SSLCertificateFile <%= Rubber.root %>/config/<%= rubber_env.domain %>.crt # SSLCertificateKeyFile <%= Rubber.root %>/config/<%= rubber_env.domain %>.key # SSLCertificateChainFile /etc/ssl/certs/gd_intermediate_bundle.crt RequestHeader set X_FORWARDED_PROTO "https" AuthType Basic AuthName "Rubber Admin Tools" AuthUserFile <%= Rubber.root %>/config/<%= rubber_env.app_name %>.auth Require valid-user Allow from all ProxyRequests Off ProxyPreserveHost On ProxyPass / <%= proxy_url %> ProxyPassReverse / # Fix any redirects occurring on the backend server, since we're communicating with it via HTTP. Header edit Location ^https?://([^/]+)/ https://<%= host_and_port %>/ <% end %>