Special-case fedoauth (reverseproxy).

1 files changed, 41 insertions, 0 deletions

diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf
new file mode 100644
index 000000000..1b49dd8c3
--- /dev/null
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf
@@ -0,0 +1,41 @@
+RequestHeader unset Expect early
+RequestHeader set X-Forwarded-Scheme https early
+
+RewriteEngine on
+
+RewriteMap lowercase int:tolower
+
+{% if env == "staging" %}
+RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9-]+\.id\.stg\.fedoraproject\.org$
+{% else %}
+RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9-]+\.id\.fedoraproject\.org$
+{% endif %}
+
+RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]
+
+{{ if env == "staging" }}
+RewriteRule ^([a-z0-9-]+)\.id\.stg\.fedoraproject\.org/.* {{proxyurl}}/openid/id/$1/ [P,L]
+{{ else }}
+RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* {{proxyurl}}/openid/id/$1/ [P]
+{{ endif }}
+
+RewriteCond %{HTTPS} off
+RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
+
+Header add Strict-Transport-Security "max-age=15768000"
+
+
+RewriteRule ^(.+) - [PT]
+
+<Location /login>
+    # required for rewrite rule
+    Options +SymLinksIfOwnerMatch
+    RewriteEngine on
+    RewriteCond %{HTTPS} off
+    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</Location>
+
+
+ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
+ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}
+