Skip to content

Commit

Permalink
ui: add missing httpd config from puppet
Browse files Browse the repository at this point in the history
  • Loading branch information
@maany @bari12
maany authored and bari12 committed Mar 14, 2024
1 parent dc3d191 commit 5f83b5a
Showing 1 changed file with 21 additions and 13 deletions.
34 changes: 21 additions & 13 deletions ui/rucio.conf.j2
View file
Expand Up @@ -9,6 +9,22 @@ Listen 80

Header set X-Rucio-Host "%{HTTP_HOST}e"
RequestHeader add X-Rucio-RequestId "%{UNIQUE_ID}e"
Header set Referrer-Policy "no-referrer"
Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"

{% if RUCIO_ENABLE_SSL|default('False') == 'True' %}
{% if RUCIO_SSL_PROTOCOL is defined %}
#AB: SSLv3 disable
SSLProtocol {{ RUCIO_SSL_PROTOCOL }}
{% else %}
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
{% endif %}
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
{% endif %}

{% if RUCIO_LOG_FORMAT is defined %}
LogFormat "{{ RUCIO_LOG_FORMAT }}" combinedrucio
Expand Down Expand Up @@ -55,12 +71,12 @@ CacheRoot /tmp
{% endif %}

{% if RUCIO_PROXY is defined %}
ProxyPass /proxy {{ RUCIO_PROXY_SCHEME | default('https') }}://{{ RUCIO_PROXY }}
ProxyPassReverse /proxy {{ RUCIO_PROXY_SCHEME | default('https') }}://{{ RUCIO_PROXY }}
ProxyPass /proxy {{ RUCIO_PROXY_SCHEME | default('https') }}://{{ RUCIO_PROXY }}
ProxyPassReverse /proxy {{ RUCIO_PROXY_SCHEME | default('https') }}://{{ RUCIO_PROXY }}
{% endif %}
{% if RUCIO_AUTH_PROXY is defined %}
ProxyPass /authproxy {{ RUCIO_AUTH_PROXY_SCHEME | default('https') }}://{{ RUCIO_AUTH_PROXY }}
ProxyPassReverse /authproxy {{ RUCIO_AUTH_PROXY_SCHEME | default('https') }}://{{ RUCIO_AUTH_PROXY }}
ProxyPass /authproxy {{ RUCIO_AUTH_PROXY_SCHEME | default('https') }}://{{ RUCIO_AUTH_PROXY }}
ProxyPassReverse /authproxy {{ RUCIO_AUTH_PROXY_SCHEME | default('https') }}://{{ RUCIO_AUTH_PROXY }}
{% endif %}
{% endmacro %}

Expand Down Expand Up @@ -93,22 +109,14 @@ CacheRoot /tmp
SSLCACertificateFile /etc/grid-security/ca.pem
SSLCARevocationFile /etc/grid-security/ca.pem
{% endif %}
SSLVerifyClient optional_no_ca
SSLVerifyClient optional
SSLVerifyDepth 10
{% if RUCIO_HTTPD_LEGACY_DN|default('False') == 'True' %}
SSLOptions +StdEnvVars +LegacyDNStringFormat
{% else %}
SSLOptions +StdEnvVars
{% endif %}
SSLProxyEngine On
{% if RUCIO_SSL_PROTOCOL is defined %}
#AB: SSLv3 disable
SSLProtocol {{ RUCIO_SSL_PROTOCOL }}
{% else %}
SSLProtocol +TLSv1.2
{% endif %}
#AB: for Security
SSLCipherSuite HIGH:!CAMELLIA:!ADH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!3DES
{% endif %}
</VirtualHost>
{% endif %}
Expand Down

0 comments on commit 5f83b5a

Please sign in to comment.