From b51984eb089dbafdaff4f3a2205acddd75bfee37 Mon Sep 17 00:00:00 2001
From: Alexis Mousset <alexis.mousset@rudder.io>
Date: Thu, 19 Aug 2021 11:13:54 +0200
Subject: [PATCH] Fixes #19822:  Refactor apache configs - webapp

---
 .../SOURCES/rudder-apache-webapp-common.conf  | 61 +------------------
 .../SOURCES/rudder-apache-webapp-ssl.conf     | 61 +++++++++++++++++++
 2 files changed, 62 insertions(+), 60 deletions(-)

diff --git a/rudder-webapp/SOURCES/rudder-apache-webapp-common.conf b/rudder-webapp/SOURCES/rudder-apache-webapp-common.conf
index a7cde4383..9581a3250 100644
--- a/rudder-webapp/SOURCES/rudder-apache-webapp-common.conf
+++ b/rudder-webapp/SOURCES/rudder-apache-webapp-common.conf
@@ -1,60 +1 @@
-# Prevent Chrome loop detection to block the page after too many
-# page reloads.
-<LocationMatch "/rudder(?!/relay-api|/api)">
-  Header add X-Chrome-Exponential-Throttling "disable"
-  Header add X-UA-Compatible "IE=Edge"
-</LocationMatch>
-
-# MSIE 7 and newer should be able to use keepalive
-BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
-
-# Prevent the apache logs from being cluttered by 404 errors
-# due to a missing robots.txt file.
-Alias /robots.txt /opt/rudder/share/load-page/robots.txt
-
-# Nice loading page if the Java server is not ready
-Alias /images /opt/rudder/share/load-page/images
-Alias /files /opt/rudder/share/load-page/files
-
-Alias /rudder-loading.html /opt/rudder/share/load-page/rudder-loading.html
-Alias /rudder-not-loaded.html /opt/rudder/share/load-page/rudder-not-loaded.html
-
-ErrorDocument 503 /rudder-loading.html
-ErrorDocument 404 /rudder-not-loaded.html
-
-# avoid indexation by search engines
-Header set X-Robots-Tag "noindex, nofollow"
-
-#set "secure" and "HttpOnly" for all cookies without these pragma
-Header edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
-Header edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure"
-
-#jetty is leaking its version in the "Server" header, remove it
-Header unset Server
-
-# We want ProxyErrorOverride disabled in most cases but that's the only way i know for apache to override a 404 sent by a proxified application
-# (if proxyfied app send a content with a 404 (or any other error), apache will not use the Error document defined, but directly use content produced)
-# However, if disabled, but the web app does not send any content, apache will overwrite the content (it will be ok for our 503 error on apache 2.2)
-ProxyErrorOverride On
-<LocationMatch "^/rudder/((secure/)?api|authentication|relay-api)">
-  ProxyErrorOverride Off
-</LocationMatch>
-<LocationMatch "^/(inventories|inventory-updates|uuid)">
-  ProxyErrorOverride Off
-</LocationMatch>
-
-# Enforce permissive access to the load page directory
-<Directory /opt/rudder/share/load-page>
-  Require all granted
-</Directory>
-
-# Note: The preceding statements are here for compatibility purpose and will
-# be removed in a future version of Rudder, which will enforce authenticated
-# calls to every API part.
-
-# Link to Rudder documentation
-Alias /rudder-doc /usr/share/doc/rudder/html
-<Directory /usr/share/doc/rudder/html>
-  Require all granted
-  AllowOverrideList Redirect
-</Directory>
+# kept for compatibility, see rudder-apache-webapp-ssl.conf
diff --git a/rudder-webapp/SOURCES/rudder-apache-webapp-ssl.conf b/rudder-webapp/SOURCES/rudder-apache-webapp-ssl.conf
index de69e6d50..b94e4a848 100644
--- a/rudder-webapp/SOURCES/rudder-apache-webapp-ssl.conf
+++ b/rudder-webapp/SOURCES/rudder-apache-webapp-ssl.conf
@@ -1,3 +1,64 @@
+# Prevent Chrome loop detection to block the page after too many
+# page reloads.
+<LocationMatch "/rudder(?!/relay-api|/api)">
+  Header add X-Chrome-Exponential-Throttling "disable"
+  Header add X-UA-Compatible "IE=Edge"
+</LocationMatch>
+
+# MSIE 7 and newer should be able to use keepalive
+BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+# Prevent the apache logs from being cluttered by 404 errors
+# due to a missing robots.txt file.
+Alias /robots.txt /opt/rudder/share/load-page/robots.txt
+
+# Nice loading page if the Java server is not ready
+Alias /images /opt/rudder/share/load-page/images
+Alias /files /opt/rudder/share/load-page/files
+
+Alias /rudder-loading.html /opt/rudder/share/load-page/rudder-loading.html
+Alias /rudder-not-loaded.html /opt/rudder/share/load-page/rudder-not-loaded.html
+
+ErrorDocument 503 /rudder-loading.html
+ErrorDocument 404 /rudder-not-loaded.html
+
+# avoid indexation by search engines
+Header set X-Robots-Tag "noindex, nofollow"
+
+#set "secure" and "HttpOnly" for all cookies without these pragma
+Header edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
+Header edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure"
+
+#jetty is leaking its version in the "Server" header, remove it
+Header unset Server
+
+# We want ProxyErrorOverride disabled in most cases but that's the only way i know for apache to override a 404 sent by a proxified application
+# (if proxyfied app send a content with a 404 (or any other error), apache will not use the Error document defined, but directly use content produced)
+# However, if disabled, but the web app does not send any content, apache will overwrite the content (it will be ok for our 503 error on apache 2.2)
+ProxyErrorOverride On
+<LocationMatch "^/rudder/((secure/)?api|authentication|relay-api)">
+  ProxyErrorOverride Off
+</LocationMatch>
+<LocationMatch "^/(inventories|inventory-updates|uuid)">
+  ProxyErrorOverride Off
+</LocationMatch>
+
+# Enforce permissive access to the load page directory
+<Directory /opt/rudder/share/load-page>
+  Require all granted
+</Directory>
+
+# Note: The preceding statements are here for compatibility purpose and will
+# be removed in a future version of Rudder, which will enforce authenticated
+# calls to every API part.
+
+# Link to Rudder documentation
+Alias /rudder-doc /usr/share/doc/rudder/html
+<Directory /usr/share/doc/rudder/html>
+  Require all granted
+  AllowOverrideList Redirect
+</Directory>
+
 # Rudder webapp
 RewriteEngine on
 RewriteRule   ^/$  /rudder [R]