Gitlab CSE Unil

base.conf 3.8 KB
Newer Older
1
2
3
4
5
6
7
8
9
<IfModule wsgi_module>
{% block main %}

{% block static_paths %}
## ------------
## Static paths
## ------------
    Alias {{ settings.STATIC_URL }} "{{ settings.STATIC_ROOT }}/"
    {% if favicon %}
10
    Alias {{ settings.BASE_URL }}favicon.ico "{{ settings.STATIC_ROOT }}/favicon.ico"
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
    {% endif %}
    <Directory "{{ settings.STATIC_ROOT }}">
        Options +FollowSymLinks -Indexes
        Order deny,allow
        Allow from all
        <IfModule expires_module>
            ExpiresActive On
            ExpiresDefault "access plus 10 minutes"
            <IfModule headers_module>
                Header append Cache-Control "public"
            </IfModule>
        </IfModule>
    </Directory>
{% endblock static_paths %}


{% block media_paths %}
# ----------
# Media path
# ----------
    Alias {{ settings.MEDIA_URL }} "{{ settings.MEDIA_ROOT }}/"
    <Directory "{{ settings.MEDIA_ROOT }}">
        Options +FollowSymLinks -Indexes
        Order deny,allow
        Allow from all
    </Directory>
{% endblock media_paths %}


{% block protected_media_paths %}
# ---------------
# Protected Media
# ---------------
    <Directory "{{ settings.MEDIA_ROOT }}/ao_images/">
        Order allow,deny
        Deny from all
    {% block xsendfile %}
        # --------------
        # XsendFile Conf
        # --------------
        <IfModule xsendfile_module>
            XSendFile On
            XSendFilePath "{{ settings.MEDIA_ROOT }}"
        </IfModule>
    {% endblock xsendfile %}
    </Directory>
{% endblock protected_media_paths %}


{% block shibboleth %}
# ---------------
# Shibboleth Conf
# ---------------
    <IfModule mod_shib>
65
        <Location {{ settings.BASE_URL }}shibauth/>
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
            #Order allow,deny
            #Allow from all
            AuthType shibboleth
            ShibRequireSession On
            ShibRedirectToSSL 443
            require uniqueID impossiblevaluehere@nowhere.org

            require valid-user
        </Location>
    </IfModule>
{% endblock shibboleth %}


{% block wsgi %}
# ---------
# WSGI conf
# ---------
{% if not NoDaemonProcess %}
    WSGIDaemonProcess {{ daemon_process_name|default:settings.SITE_NAME }}.django user={{ apache_user|default:"www-data" }} group={{ apache_group|default:apache_user|default:"www-data" }}
{% endif %}
86
    WSGIScriptAlias {{ wsgi_alias }}  "{{ wsgi_path }}"
87
88
89
90
91
92
93
94
95
    <Directory "{{ settings.DJANGO_ROOT }}">
        WSGIProcessGroup {{ daemon_process_name|default:settings.SITE_NAME }}.django
        WSGIPassAuthorization On
        <Files wsgi.py>
            Order deny,allow
            Allow from all
        </Files>
    </Directory>
    {% if settings.BASE_URL and settings.BASE_URL != "/" %}
96
    RedirectMatch ^{{ settings.BASE_URL|make_list|slice:"-1"|join:"" }}$ {{ settings.BASE_URL }}
97
98
99
100
101
102
103
104
    {% endif %}
    {% endblock wsgi %}

    {% block rewrite_protected %}
    <Location "{{ settings.BASE_URL|default:"/" }}">
        <IfModule rewrite_module>
            RewriteEngine On
            ## Retourne une 404 pour media/protected au lien d'une 403
105
            RewriteRule ^{{ settings.MEDIA_URL }}ao_images/.*$ - [R=404,L,NS]
106
107
108
109
110
111
112
113

            #RewriteCond %{REMOTE_ADDR} !^130.223.3.229$
            #RewriteCond %{REQUEST_URI} !^/static/.*$
            #RewriteRule ^.*$ /maintenance.html
        </IfModule>
    </Location>
    {% endblock rewrite_protected %}

114
    {% block rewrite_admin_protected %}
115
    <Location "{{ settings.BASE_URL }}{% url "admin:index" %}">
116
117
118
119
120
121
122
123
124
125
126
127
128
       <IfModule rewrite_module>
           RewriteEngine On
           ## Retourne une 404 au lien d'une 403
           RewriteCond %{REMOTE_ADDR} !^130.223.72.159$
           RewriteRule ^.*$ - [R=404,L,NS]
       </IfModule>
       <IfModule !rewrite_module>
           Order allow,deny
           Deny from all
       </IfModule>
    </Location>
    {% endblock rewrite_admin_protected %}

129
130
{% endblock main %}
</IfModule>