-
Notifications
You must be signed in to change notification settings - Fork 2
/
httpd-container.conf
141 lines (107 loc) · 6.56 KB
/
httpd-container.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
ServerTokens OS
ServerRoot /static-html
Listen 8080
ServerLimit 2048
MaxRequestWorkers 2048
LoadModule mpm_prefork_module /usr/lib/apache2/mod_mpm_prefork.so
LoadModule authn_file_module /usr/lib/apache2/mod_authn_file.so
LoadModule authn_core_module /usr/lib/apache2/mod_authn_core.so
LoadModule authz_host_module /usr/lib/apache2/mod_authz_host.so
LoadModule authz_groupfile_module /usr/lib/apache2/mod_authz_groupfile.so
LoadModule authz_user_module /usr/lib/apache2/mod_authz_user.so
LoadModule authz_core_module /usr/lib/apache2/mod_authz_core.so
LoadModule access_compat_module /usr/lib/apache2/mod_access_compat.so
LoadModule auth_basic_module /usr/lib/apache2/mod_auth_basic.so
LoadModule reqtimeout_module /usr/lib/apache2/mod_reqtimeout.so
LoadModule filter_module /usr/lib/apache2/mod_filter.so
LoadModule substitute_module /usr/lib/apache2/mod_substitute.so
LoadModule mime_module /usr/lib/apache2/mod_mime.so
LoadModule log_config_module /usr/lib/apache2/mod_log_config.so
LoadModule env_module /usr/lib/apache2/mod_env.so
LoadModule headers_module /usr/lib/apache2/mod_headers.so
LoadModule setenvif_module /usr/lib/apache2/mod_setenvif.so
LoadModule version_module /usr/lib/apache2/mod_version.so
LoadModule unixd_module /usr/lib/apache2/mod_unixd.so
LoadModule status_module /usr/lib/apache2/mod_status.so
LoadModule autoindex_module /usr/lib/apache2/mod_autoindex.so
LoadModule dir_module /usr/lib/apache2/mod_dir.so
# LoadModule alias_module /usr/lib/apache2/mod_alias.so
LoadModule rewrite_module /usr/lib/apache2/mod_rewrite.so
LoadModule negotiation_module /usr/lib/apache2/mod_negotiation.so
LoadModule proxy_module /usr/lib/apache2/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/mod_proxy_http.so
# LoadModule proxy_http2_module /usr/lib/apache2/mod_proxy_http2.so
ServerName ${HTTPD_CONF_SERVER_NAME}
ServerSignature Off
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/static-html/htdocs"
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog /dev/stdout
ErrorLogFormat "{ \"@timestamp\":\"%{cu}tZ\", \"log.level\": \"WARN\", \"function\" : \"[%-m:%l]\" , \"process\" : \"[pid %P:tid %T]\" , \"message\" : \"%M\"}"
LogLevel warn
LogFormat "{ \"@timestamp\":\"%{%Y-%m-%dT%T}t.%{usec_frac}t%{%z}t\", \"log.level\": \"INFO\", \"remoteIP\":\"%a\", \"host\":\"%V\", \"requestPath\":\"%U\", \"query\":\"%q\", \"method\":\"%m\", \"status\":\"%>s\", \"userAgent\":\"%{User-agent}i\", \"referer\":\"%{Referer}i\" }" json
CustomLog /dev/stdout json
<IfModule mime_module>
TypesConfig /etc/apache2/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
<VirtualHost *:8080>
ServerName ${HTTPD_CONF_SERVER_NAME}
DocumentRoot /static-html/${HTTPD_CONF_STATIC_DIR}
Header always set Content-Security-Policy "default-src 'self' 'unsafe-inline'; img-src 'self' data: ; font-src 'self' data: ;"
<Directory /static-html/${HTTPD_CONF_STATIC_DIR}/>
Require all granted
Options FollowSymLinks MultiViews
</Directory>
# This is a security measure in the event that our Api Key ever leaks
RequestHeader unset X-Api-Key
# This is a temporary security measure until 2FA arrives
RequestHeader unset X-Admin-Request
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/regsys http://regsys-classic:8080 disablereuse=On connectiontimeout=20 timeout=180
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/regsys http://regsys-classic:8080
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/attsrv/ http://attendee-service:8080/ disablereuse=On connectiontimeout=20 timeout=60
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/attsrv/ http://attendee-service:8080/
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/authsrv/ http://auth-service:8080/ disablereuse=On connectiontimeout=20 timeout=60
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/authsrv/ http://auth-service:8080/
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/cncrdsrv/ http://payment-cncrd-adapter:8080/ disablereuse=On connectiontimeout=20 timeout=60
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/cncrdsrv/ http://payment-cncrd-adapter:8080/
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/mailsrv/ http://mail-service:8080/ disablereuse=On connectiontimeout=20 timeout=60
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/mailsrv/ http://mail-service:8080/
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/roomsrv/ http://room-service:8080/ disablereuse=On connectiontimeout=20 timeout=60
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/roomsrv/ http://room-service:8080/
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/paysrv/ http://payment-service:8080/ disablereuse=On connectiontimeout=20 timeout=60
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/paysrv/ http://payment-service:8080/
# configuration for reg-frontend
RewriteEngine on
# special rules to prevent deep reloads and base link without trailing /
RewriteRule "^/${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/app/register/[a-z-]+/.*$" "/${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/app/register/index.html"
RewriteRule "^/${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/app/register$" "/${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/app/register/index.html"
# we have built the gatsby static app with this context base path, so we use inline content substitution
# and a rewrite rule
RewriteRule "^/${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/app/(.*)$" "/app/$1"
AddOutputFilterByType SUBSTITUTE text/html
AddOutputFilterByType SUBSTITUTE application/javascript
AddOutputFilterByType SUBSTITUTE text/css
AddOutputFilterByType SUBSTITUTE text/javascript
SubstituteMaxLineLength 5M
Substitute "s|aN3nNFwFoi5QkyPaVJ54dDTDc6HrrCYGAL6U6GUuyV2uvvekgOxqYe6K2hur|${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}|n"
# proxy to onsite UIs (nav page)
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/onsite http://onsite:8000/aN3nNFwFoi5QkyPaVJ54dDTDc6HrrCYGAL6U6GUuyV2uvvekgOxqYe6K2hur/onsite disablereuse=On connectiontimeout=20 timeout=60
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/onsite http://onsite:8000/aN3nNFwFoi5QkyPaVJ54dDTDc6HrrCYGAL6U6GUuyV2uvvekgOxqYe6K2hur/onsite
ServerSignature Off
ErrorDocument 404 /404.html
</VirtualHost>