| <VirtualHost *:80> |
| ServerName <%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> |
| ServerAdmin <%= scope.lookupvar("etherpad_lite::apache::serveradmin") %> |
| |
| ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>-error.log |
| |
| LogLevel warn |
| |
| CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>-access.log combined |
| |
| Redirect / https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/ |
| |
| </VirtualHost> |
| |
| <IfModule mod_ssl.c> |
| <VirtualHost *:443> |
| ServerName <%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> |
| ServerAdmin <%= scope.lookupvar("etherpad_lite::apache::serveradmin") %> |
| |
| ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>-ssl-error.log |
| |
| LogLevel warn |
| |
| CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>-ssl-access.log combined |
| |
| SSLEngine on |
| SSLProtocol All -SSLv2 -SSLv3 |
| |
| SSLCertificateFile <%= scope.lookupvar("etherpad_lite::apache::ssl_cert_file") %> |
| SSLCertificateKeyFile <%= scope.lookupvar("etherpad_lite::apache::ssl_key_file") %> |
| <% if scope.lookupvar("etherpad_lite::apache::ssl_chain_file") != "" %> |
| SSLCertificateChainFile <%= scope.lookupvar("etherpad_lite::apache::ssl_chain_file") %> |
| <% end %> |
| |
| BrowserMatch "MSIE [2-6]" \ |
| nokeepalive ssl-unclean-shutdown \ |
| downgrade-1.0 force-response-1.0 |
| # MSIE 7 and newer should be able to use keepalive |
| BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown |
| |
| <% if @auth_openid != nil %> |
| <Location /p/> |
| AuthType OpenID |
| AuthName "<%= @auth_openid['banner'] %>" |
| AuthOpenIDSecureCookie On |
| AuthOpenIDCookieLifespan 3600 |
| AuthOpenIDTrustRoot <%= @vhost_name %> |
| AuthOpenIDServerName <%= @vhost_name %> |
| AuthOpenIDSingleIdP <%= @auth_openid['singleIdp'] %> |
| AuthOpenIDTrusted <%= @auth_openid['trusted'] %> |
| <% if @auth_openid['any_valid_user'] %> |
| Require valid-user |
| <% elsif !@auth_openid['users'].empty? %> |
| <% @auth_openid['users'].each do |user| -%> |
| Require user <%= user %> |
| <% end -%> |
| <% end %> |
| </Location> |
| <% end %> |
| |
| <IfModule mod_proxy.c> |
| # The following redirects "nice" urls such as https://etherpad.example.org/padname |
| # to https://etherpad.example.org/p/padname. It was problematic directly |
| # supporting "nice" urls as etherpad hardcodes /p/ in many places. |
| # Adapted from https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy |
| RewriteEngine on |
| |
| # Do not rewrite the /server-status URL (though by default, this |
| # is only accessible from localhost). Connect to it with: |
| # ssh -L 8443:localhost:443 $HOSTNAME |
| # https://localhost:8443/server-status |
| RewriteRule ^/server-status$ /server-status [L] |
| |
| RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> |
| RewriteRule ^.*$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> [L,R=301] |
| |
| # Server robots.txt directly so that it does not affect |
| # etherpad-lite installation. |
| RewriteRule ^/robots.txt$ <%= scope.lookupvar("etherpad_lite::apache::docroot") %>/robots.txt [L] |
| |
| RewriteCond %{REQUEST_URI} !^/p/ |
| RewriteCond %{REQUEST_URI} !^/locales/ |
| RewriteCond %{REQUEST_URI} !^/locales.json |
| RewriteCond %{REQUEST_URI} !^/admin |
| RewriteCond %{REQUEST_URI} !^/p/ |
| RewriteCond %{REQUEST_URI} !^/static/ |
| RewriteCond %{REQUEST_URI} !^/pluginfw/ |
| RewriteCond %{REQUEST_URI} !^/javascripts/ |
| RewriteCond %{REQUEST_URI} !^/socket.io/ |
| RewriteCond %{REQUEST_URI} !^/ep/ |
| RewriteCond %{REQUEST_URI} !^/minified/ |
| RewriteCond %{REQUEST_URI} !^/api/ |
| RewriteCond %{REQUEST_URI} !^/ro/ |
| RewriteCond %{REQUEST_URI} !^/error/ |
| RewriteCond %{REQUEST_URI} !^/jserror |
| RewriteCond %{REQUEST_URI} !/favicon.ico |
| RewriteCond %{REQUEST_URI} !/robots.txt |
| RewriteRule ^/+(.+)$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/p/$1 [NC,L,R=301] |
| |
| <IfModule mod_proxy_wstunnel.c> |
| RewriteCond %{REQUEST_URI} ^/socket.io [NC] |
| RewriteCond %{QUERY_STRING} transport=websocket [NC] |
| RewriteRule /(.*) ws://localhost:9001/$1 [P,L] |
| ProxyPass /socket.io http://localhost:9001/socket.io retry=0 |
| ProxyPassReverse /socket.io http://localhost:9001/socket.io |
| </IfModule> |
| |
| ProxyPass / http://localhost:9001/ retry=0 |
| ProxyPassReverse / http://localhost:9001/ |
| </IfModule> |
| |
| </VirtualHost> |
| </IfModule> |