diff options
Diffstat (limited to 'misc')
| -rw-r--r-- | misc/apache2.conf | 56 | ||||
| -rw-r--r-- | misc/varnish.vcl | 55 |
2 files changed, 111 insertions, 0 deletions
diff --git a/misc/apache2.conf b/misc/apache2.conf new file mode 100644 index 0000000..08471e0 --- /dev/null +++ b/misc/apache2.conf @@ -0,0 +1,56 @@ +<VirtualHost *:8080> + ServerAdmin drift@gathering.org + ServerName nms.tg16.gathering.org + ServerAlias nms.tg16.gathering.org + + DocumentRoot /srv/tgmanage/web/nms.gathering.org + ScriptAlias /api/write/ /srv/tgmanage/web/nms.gathering.org/api/write/ + ScriptAlias /api/read/ /srv/tgmanage/web/nms.gathering.org/api/read/ + ScriptAlias /api/public/ /srv/tgmanage/web/nms.gathering.org/api/public/ + <Directory "/srv/tgmanage/web/nms.gathering.org/api/write/"> + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + <RequireAny> + AuthUserFile /srv/tgmanage/web/htpasswd-write + AuthName "Tech:Server Secret Volcano Lair" + AuthType Basic + Require valid-user + </RequireAny> + </Directory> + <Directory "/srv/tgmanage/web/nms.gathering.org/api/read/"> + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + <RequireAny> + AuthUserFile /srv/tgmanage/web/htpasswd-read + AuthName "The Gathering Network Management System" + AuthType Basic + Require valid-user + </RequireAny> + </Directory> + <Directory "/srv/tgmanage/web/nms.gathering.org/api/public/"> + AllowOverride None + Options +ExecCGI -MultiViews +Indexes +SymLinksIfOwnerMatch + Require all granted + </Directory> + <Directory "/srv/tgmanage/web/nms.gathering.org"> + AllowOverride None + Options Indexes FollowSymLinks MultiViews + AddDefaultCharset UTF-8 + <RequireAny> + AuthUserFile /srv/tgmanage/web/htpasswd-read + AuthName "The Gathering Network Management System" + AuthType Basic + Require valid-user + </RequireAny> + </Directory> + + ErrorLog /var/log/apache2/error-nms.tg16.gathering.org.log + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + CustomLog /var/log/apache2/access-nms.tg16.gathering.org.log combined + ServerSignature On + +</VirtualHost> diff --git a/misc/varnish.vcl b/misc/varnish.vcl new file mode 100644 index 0000000..754ecbc --- /dev/null +++ b/misc/varnish.vcl @@ -0,0 +1,55 @@ +# vim: ts=8:expandtab:sw=4:softtabstop=4 + +vcl 4.0; + +backend default { + .host = "127.0.0.1"; + .port = "8080"; +} + +sub vcl_recv { + if (req.url ~ "^/where" || req.url ~ "^/location") { + set req.url = "/api/public/location"; + } + if (req.method != "GET" && + req.method != "HEAD" && + req.method != "PUT" && + req.method != "POST" && + req.method != "TRACE" && + req.method != "OPTIONS" && + req.method != "DELETE") { + # Vi hater alt som er gøy. + return (synth(418,"LOLOLOL")); + } + + if (req.method != "GET" && req.method != "HEAD") { + /* We only deal with GET and HEAD by default */ + return (pass); + } + + # Brukes ikke. Cookies er for nubs. + unset req.http.Cookie; + + # Tvinges gjennom for å cache med authorization-skrot. + return (hash); +} + + +# Rosa magi +sub vcl_hash { + # Wheee. Legg til authorization-headeren i hashen. + hash_data(req.http.authorization); +} + +# Mauve magi. Hva nå enn det er. +# Dette er WIP - Skal flyttes til backend +sub vcl_backend_response { + set beresp.http.x-url = bereq.url; + if (beresp.http.x-ban) { + ban("obj.http.x-url ~ " + beresp.http.x-ban); + } + if (beresp.status != 200) { + set beresp.uncacheable = false; + set beresp.ttl = 5s; + } +} |