Fixes #5586: Create an Apache 2.4+ compatible virtualhost

Normation · Sep 29, 2014 · 3e95209 · 3e95209
1 parent cb4876a
commit 3e95209
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 25 deletions.
diff --git a/rudder-web/src/main/resources/apache2-sysconfig b/rudder-web/src/main/resources/apache2-sysconfig
@@ -1,5 +1,5 @@
 # Apache modules
-APACHE_MODULES="${APACHE_MODULES} rewrite dav dav_fs proxy proxy_http headers ssl"
+APACHE_MODULES="${APACHE_MODULES} rewrite dav dav_fs proxy proxy_http headers ssl version"
 
 # Apache configuration flags
 APACHE_SERVER_FLAGS="${APACHE_SERVER_FLAGS} SSL"
diff --git a/rudder-web/src/main/resources/rudder-apache-common.conf b/rudder-web/src/main/resources/rudder-apache-common.conf
@@ -20,15 +20,25 @@ ErrorDocument 503 /rudder-loading.html
 
 # Enforce permissive access to the load page directory
 <Directory /opt/rudder/share/load-page>
-  Order deny,allow
-  Allow From all
+  <IfVersion < 2.4>
+    Order deny,allow
+    Allow From all
+  </IfVersion>
+  <IfVersion >= 2.4>
+    Require all granted
+  </IfVersion>
 </Directory>
 
 # Expose the server UUID through http
 Alias /uuid /opt/rudder/etc/uuid.hive
 <Directory /opt/rudder/etc>
-  Order deny,allow
-  Allow from all
+  <IfVersion < 2.4>
+    Order deny,allow
+    Allow From all
+  </IfVersion>
+  <IfVersion >= 2.4>
+    Require all granted
+  </IfVersion>
 </Directory>
 
 # WebDAV share to receive inventories
@@ -43,14 +53,18 @@ Alias /inventories /var/rudder/inventories/incoming
 
   Require valid-user
 
-  # This file is automatically generated according to
-  # the hosts allowed by rudder.
-  Order deny,allow
-  Include /opt/rudder/etc/rudder-networks.conf
+  # rudder-networks.conf / rudder-networks.conf is automatically
+  # generated according to the hosts allowed by rudder.
+  <IfVersion < 2.4>
+    Order deny,allow
+    Include /opt/rudder/etc/rudder-networks.conf
+  </IfVersion>
+  <IfVersion >= 2.4>
+    Include /opt/rudder/etc/rudder-networks-24.conf
+  </IfVersion>
 
   <LimitExcept PUT>
-    Order allow,deny
-    Deny from all
+    Require all denied
   </LimitExcept>
 
 </Directory>
@@ -67,14 +81,18 @@ Alias /inventory-updates /var/rudder/inventories/accepted-nodes-updates
 
   Require valid-user
 
-  # This file is automatically generated according to
-  # the hosts allowed by rudder.
-  Order deny,allow
-  Include /opt/rudder/etc/rudder-networks.conf
+  # rudder-networks.conf / rudder-networks.conf is automatically
+  # generated according to the hosts allowed by rudder.
+  <IfVersion < 2.4>
+    Order deny,allow
+    Include /opt/rudder/etc/rudder-networks.conf
+  </IfVersion>
+  <IfVersion >= 2.4>
+    Include /opt/rudder/etc/rudder-networks-24.conf
+  </IfVersion>
 
   <LimitExcept PUT>
-    Order allow,deny
-    Deny from all
+    Require all denied
   </LimitExcept>
 
 </Directory>
@@ -83,16 +101,28 @@ Alias /inventory-updates /var/rudder/inventories/accepted-nodes-updates
 SetEnvIf X-API-Version "[^1]" api_deny
 # NO access to the status and archiving API unless you are localhost
 <LocationMatch "^/rudder/api/(status|archives)$">
-  Order allow,deny
-  Allow from localhost
-  Deny from env=api_deny
+  <IfVersion < 2.4>
+    Order allow,deny
+    Allow from localhost
+    Deny from env=api_deny
+  </IfVersion>
+  <IfVersion >= 2.4>
+    Require local
+    Require not env api_deny
+  </IfVersion>
 </LocationMatch>
 
 # NO access to the reloading API either unless you are localhost
 <LocationMatch "^/rudder/api/(techniqueLibrary|dyngroup|deploy)/reload$">
-  Order allow,deny
-  Allow from localhost
-  Deny from env=api_deny
+  <IfVersion < 2.4>
+    Order allow,deny
+    Allow from localhost
+    Deny from env=api_deny
+  </IfVersion>
+  <IfVersion >= 2.4>
+    Require local
+    Require not env api_deny
+  </IfVersion>
 </LocationMatch>
 
 # Note: The preceding statements are here for compatibility purpose and will
@@ -103,6 +133,11 @@ SetEnvIf X-API-Version "[^1]" api_deny
 Alias /rudder-doc /usr/share/doc/rudder/html
 <Directory /usr/share/doc/rudder/html>
   DirectoryIndex rudder-doc.html
-  Order deny,allow
-  Allow from all
+  <IfVersion < 2.4>
+    Order deny,allow
+    Allow From all
+  </IfVersion>
+  <IfVersion >= 2.4>
+    Require all granted
+  </IfVersion>
 </Directory>