Gitlab CSE Unil

base.conf 3.31 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
<IfModule wsgi_module>
{% block main %}

{% block static_paths %}
## ------------
## Static paths
## ------------
    Alias {{ settings.STATIC_URL }} "{{ settings.STATIC_ROOT }}/"
    {% if favicon %}
    Alias {{ settings.BASE_URL }}/favicon.ico "{{ settings.STATIC_ROOT }}/favicon.ico"
    {% endif %}
    <Directory "{{ settings.STATIC_ROOT }}">
        Options +FollowSymLinks -Indexes
        Order deny,allow
        Allow from all
        <IfModule expires_module>
            ExpiresActive On
            ExpiresDefault "access plus 10 minutes"
            <IfModule headers_module>
                Header append Cache-Control "public"
            </IfModule>
        </IfModule>
    </Directory>
{% endblock static_paths %}


{% block media_paths %}
# ----------
# Media path
# ----------
    Alias {{ settings.MEDIA_URL }} "{{ settings.MEDIA_ROOT }}/"
    <Directory "{{ settings.MEDIA_ROOT }}">
        Options +FollowSymLinks -Indexes
        Order deny,allow
        Allow from all
    </Directory>
{% endblock media_paths %}


{% block protected_media_paths %}
# ---------------
# Protected Media
# ---------------
    <Directory "{{ settings.MEDIA_ROOT }}/ao_images/">
        Order allow,deny
        Deny from all
    {% block xsendfile %}
        # --------------
        # XsendFile Conf
        # --------------
        <IfModule xsendfile_module>
            XSendFile On
            XSendFilePath "{{ settings.MEDIA_ROOT }}"
        </IfModule>
    {% endblock xsendfile %}
    </Directory>
{% endblock protected_media_paths %}


{% block shibboleth %}
# ---------------
# Shibboleth Conf
# ---------------
    <IfModule mod_shib>
65
        <Location {{ settings.BASE_URL }}/shibauth/>
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
            #Order allow,deny
            #Allow from all
            AuthType shibboleth
            ShibRequireSession On
            ShibRedirectToSSL 443
            require uniqueID impossiblevaluehere@nowhere.org

            require valid-user
        </Location>
    </IfModule>
{% endblock shibboleth %}


{% block wsgi %}
# ---------
# WSGI conf
# ---------
{% if not NoDaemonProcess %}
    WSGIDaemonProcess {{ daemon_process_name|default:settings.SITE_NAME }}.django user={{ apache_user|default:"www-data" }} group={{ apache_group|default:apache_user|default:"www-data" }}
{% endif %}
    WSGIScriptAlias {{ settings.BASE_URL|default:"/" }}  "{{ wsgi_path }}"
    <Directory "{{ settings.DJANGO_ROOT }}">
        WSGIProcessGroup {{ daemon_process_name|default:settings.SITE_NAME }}.django
        WSGIPassAuthorization On
        <Files wsgi.py>
            Order deny,allow
            Allow from all
        </Files>
    </Directory>
    {% if settings.BASE_URL and settings.BASE_URL != "/" %}
96
    RedirectMatch ^{{ settings.BASE_URL }}$ {{ settings.BASE_URL }}
97
98
99
100
101
102
103
104
    {% endif %}
    {% endblock wsgi %}

    {% block rewrite_protected %}
    <Location "{{ settings.BASE_URL|default:"/" }}">
        <IfModule rewrite_module>
            RewriteEngine On
            ## Retourne une 404 pour media/protected au lien d'une 403
Julien Furrer's avatar
Julien Furrer committed
105
            RewriteRule ^{{ settings.MEDIA_URL }}/ao_images/.*$ - [R=404,L,NS]
106
107
108
109
110
111
112
113
114
115

            #RewriteCond %{REMOTE_ADDR} !^130.223.3.229$
            #RewriteCond %{REQUEST_URI} !^/static/.*$
            #RewriteRule ^.*$ /maintenance.html
        </IfModule>
    </Location>
    {% endblock rewrite_protected %}

{% endblock main %}
</IfModule>