<% is_old_ubuntu = rubber_instance.os_version == '12.04' # Apache 2.2 requires no extension while Apache 2.4 requires the '.conf' extension. @path = "/etc/apache2/sites-available/#{rubber_env.app_name}-torquebox" @path << '.conf' unless is_old_ubuntu @post = "a2enmod rewrite && a2enmod ssl && a2enmod expires && a2enmod xsendfile && a2ensite #{rubber_env.app_name}-torquebox" sidekiq_gem_path = if rubber_instances.for_role('sidekiq').any? require 'sidekiq' `find /mnt/#{rubber_env.app_name}-#{RUBBER_ENV}/shared/bundle -name sidekiq-#{Sidekiq::VERSION}`.strip end %> NameVirtualHost *:<%= rubber_env.apache_listen_port %> <% [rubber_env.apache_listen_port, rubber_env.apache_listen_ssl_port].each do |port| %> Listen <%= port %> > ServerName <%= rubber_env.domain %> <%- if rubber_env.web_aliases -%> ServerAlias <%= rubber_env.web_aliases.join(" ") %> <%- end -%> DocumentRoot <%= Rubber.root + "/public" %> <%- unless is_old_ubuntu %> > Options FollowSymLinks Require all granted <% end %> ErrorDocument 404 /404.html ErrorDocument 500 /500.html SetEnvIf User-Agent "^(.*MSIE.*)|(.*AppleWebKit.*)$" nokeepalive # Don't show haproxy checks in access log (see also apache2.conf) SetEnvIf Request_URI "^/httpchk.txt$" dontlog XSendFile on <% if rubber_instances.for_role('sidekiq').any? %> XSendFilePath <%= sidekiq_gem_path %>/web/assets <% end %> RewriteEngine On RewriteCond %{HTTP_HOST} ^<%= rubber_env.domain %>$ RewriteRule ^(.*)$ http://www.<%= rubber_env.domain %>$1 [R,L] # Include <%= Rubber.root %>/config/apache/rewrites.conf RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f RewriteCond %{SCRIPT_FILENAME} !maintenance.html RewriteRule ^.*$ /system/maintenance.html [L] <% if Rubber::Util.has_asset_pipeline? %> Header unset ETag FileETag None # RFC says only cache for 1 year. ExpiresActive On ExpiresDefault "access plus 1 year" # Cache the resource even if SSL is in use. Header merge Cache-Control public # Remove any cookies set with the request so we avoid them being cached in a CDN. Header unset Set-Cookie SetEnv no-gzip # Serve the gzip'd assets directly from disk if they were generated by Sprockets. # This avoids gzipping the asset on the fly by Apache and Sprockets will usually use a higher level # of compression than mod_deflate will, yielding savings all around. RewriteCond %{HTTP:Accept-Encoding} \b(x-)?gzip\b RewriteCond <%= Rubber.root + "/public" %>%{REQUEST_FILENAME}.gz -s RewriteRule ^(.+) $1.gz [L] ForceType text/css Header set Content-Encoding gzip ForceType text/javascript Header set Content-Encoding gzip <% end %> <% if port == rubber_env.apache_listen_ssl_port %> SSLEngine on SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # SSLCertificateFile <%= Rubber.root %>/config/<%= rubber_env.domain %>.crt # SSLCertificateKeyFile <%= Rubber.root %>/config/<%= rubber_env.domain %>.key # SSLCertificateChainFile /etc/ssl/certs/gd_intermediate_bundle.crt SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM <% end %> # Show additional information in mod_cluster-manager. AllowDisplay On # Enable receiving TorqueBox node registration requests. EnableMCPMReceive # Enabled the mod_cluster manager. SetHandler mod_cluster-manager Order deny,allow Deny from all Allow from 127.0.0.1 <% end %>