%
@path = "/etc/apache2/sites-available/#{rubber_env.app_name}-tools"
@post = <<-EOS
a2enmod rewrite
a2enmod ssl
a2enmod proxy_http
a2enmod proxy_html
a2enmod ext_filter
a2ensite #{rubber_env.app_name}-tools
EOS
%>
Listen <%= rubber_env.web_tools_port %>
>
ServerName <%= rubber_env.full_host %>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*)$ https://%{SERVER_NAME}:<%= rubber_env.web_tools_ssl_port %>/$1 [L,R]
RewriteLog "/var/log/apache2/rewrite.log"
Listen <%= rubber_env.web_tools_ssl_port %>
NameVirtualHost *:<%= rubber_env.web_tools_ssl_port %>
>
ServerName <%= rubber_env.full_host %>
DocumentRoot /var/www
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# SSLCertificateFile <%= Rubber.root %>/config/<%= rubber_env.domain %>.crt
# SSLCertificateKeyFile <%= Rubber.root %>/config/<%= rubber_env.domain %>.key
# SSLCertificateChainFile /etc/ssl/certs/gd_intermediate_bundle.crt
RequestHeader set X_FORWARDED_PROTO "https"
AuthType Basic
AuthName "Rubber Admin Tools"
AuthUserFile <%= Rubber.root %>/config/<%= rubber_env.app_name %>.auth
Require valid-user
Allow from all
SetOutputFilter proxy-html
<% rubber_instances.for_role('haproxy').each do |ic| %>
ProxyPass /haproxy_<%= ic.name %>/ http://<%= ic.full_name %>:<%= rubber_env.haproxy_admin_port %>/haproxy/
/>
ProxyPassReverse /
ProxyHTMLURLMap http://<%= ic.full_name %>:<%= rubber_env.haproxy_admin_port %>/ /haproxy_<%= ic.name %>/
ProxyHTMLURLMap /haproxy/ /haproxy_<%= ic.name %>/
ProxyHTMLURLMap /haproxy /haproxy_<%= ic.name %>/
<% end %>
<% rubber_instances.each do |ic| %>
ProxyPass /monit_<%= ic.name %>/ http://<%= ic.full_name %>:<%= rubber_env.monit_admin_port %>/
/>
ProxyPassReverse /
ProxyHTMLURLMap http://<%= ic.full_name %>:<%= rubber_env.monit_admin_port %>/ /monit_<%= ic.name %>/
ProxyHTMLURLMap / /monit_<%= ic.name %>/
<% end %>
<%
Array(rubber_env.web_tools_proxies).each do |name, settings|
proxy_host = rubber_instances.for_role(settings.role).first.full_name rescue nil
next unless proxy_host
host = "#{name}-#{rubber_env.full_host}"
host_and_port = "#{host}:#{rubber_env.web_tools_ssl_port}"
# don't use settings.path here - mapping the host/port is sufficient,
# and path can be done in tools-index.html. This allows admin sites
# that hit other paths on same host/port to still function, e.g. elasticsearch
proxy_url = "http://#{proxy_host}:#{settings.port}/"
%>
>
ServerName <%= host %>
DocumentRoot /var/www
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# SSLCertificateFile <%= Rubber.root %>/config/<%= rubber_env.domain %>.crt
# SSLCertificateKeyFile <%= Rubber.root %>/config/<%= rubber_env.domain %>.key
# SSLCertificateChainFile /etc/ssl/certs/gd_intermediate_bundle.crt
RequestHeader set X_FORWARDED_PROTO "https"
AuthType Basic
AuthName "Rubber Admin Tools"
AuthUserFile <%= Rubber.root %>/config/<%= rubber_env.app_name %>.auth
Require valid-user
Allow from all
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / <%= proxy_url %>
ProxyPassReverse /
# Fix any redirects occurring on the backend server, since we're communicating with it via HTTP.
Header edit Location ^https?://([^/]+)/ https://<%= host_and_port %>/
<% end %>