ansible/hg-web: support httpd 2.4 (
bug 1263680); r?fubar
CentOS 7 runs httpd 2.4 instead of 2.2. There were a few changes in 2.4
that require httpd config changes. Most of them around authnz handling.
MozReview-Commit-ID: 6HkhziXzgm0
--- a/ansible/roles/hg-web/templates/httpd.conf.j2
+++ b/ansible/roles/hg-web/templates/httpd.conf.j2
@@ -16,23 +16,29 @@ StartServers {{ httpd_start_server
MinSpareServers {{ httpd_min_spare_servers }}
MaxSpareServers {{ httpd_max_spare_servers }}
ServerLimit {{ httpd_server_limit }}
MaxClients {{ httpd_max_clients }}
MaxRequestsPerChild 4000
Listen 80
+{% if ansible_distribution_major_version == '6' %}
LoadModule authn_default_module modules/mod_authn_default.so
+LoadModule authz_default_module modules/mod_authz_default.so
+{% else %}
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule unixd_module modules/mod_unixd.so
+{% endif %}
LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule authz_default_module modules/mod_authz_default.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
+LoadModule filter_module modules/mod_filter.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
@@ -45,16 +51,21 @@ LoadModule actions_module modules/mod_ac
LoadModule speling_module modules/mod_speling.so
LoadModule alias_module modules/mod_alias.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule version_module modules/mod_version.so
LoadModule wsgi_module /var/hg/venv_hgweb/lib/python2.7/site-packages/mod_wsgi/server/mod_wsgi-py27.so
+{% if ansible_distribution_major_version == '7' %}
+LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+LoadModule systemd_module modules/mod_systemd.so
+{% endif %}
+
ExtendedStatus On
User apache
Group apache
ServerAdmin root@localhost
#ServerName www.example.com:80
UseCanonicalName Off
@@ -63,28 +74,36 @@ DocumentRoot "/var/www/html"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
+ {% if ansible_distribution_major_version == '6' %}
Order allow,deny
Allow from all
+ {% else %}
+ Require all granted
+ {% endif %}
</Directory>
DirectoryIndex index.html index.html.var
AccessFileName .htaccess
<Files ~ "^\.ht">
+ {% if ansible_distribution_major_version == '6' %}
Order allow,deny
Deny from all
Satisfy All
+ {% else %}
+ Require all denied
+ {% endif %}
</Files>
TypesConfig /etc/mime.types
DefaultType text/plain
MIMEMagicFile conf/magic
HostnameLookups Off
@@ -103,18 +122,23 @@ CustomLog logs/access_log combined
ServerSignature Off
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
+
+ {% if ansible_distribution_major_version == '6' %}
Order allow,deny
Allow from all
+ {% else %}
+ Require all granted
+ {% endif %}
</Directory>
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
@@ -194,18 +218,22 @@ AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/error/"
<Directory "/var/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
+ {% if ansible_distribution_major_version == '6' %}
Order allow,deny
Allow from all
+ {% else %}
+ Require all granted
+ {% endif %}
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
--- a/ansible/roles/hg-web/templates/vhost.conf.j2
+++ b/ansible/roles/hg-web/templates/vhost.conf.j2
@@ -34,29 +34,42 @@ LimitRequestFields 250
WSGIScriptAliasMatch ^/(releases/l10n/mozilla-release)(.*) /repo_local/mozilla/webroot_wsgi/$1/hgweb.wsgi$2
WSGIScriptAliasMatch ^/(incubator|testpilot-l10n|weave-l10n|gaia-l10n|build|labs|services|l10n(?!-)|l10n-central|projects|automation|qa|hgcustom|webtools|releases|rewriting-and-analysis|www|SeaMonkey)(.*) /repo_local/mozilla/webroot_wsgi/$1/hgweb.wsgi$2
WSGIScriptAliasMatch ^/dist(.*) /repo_local/mozilla/webroot_wsgi/dist/hgweb.wsgi$1
WSGIScriptAliasMatch ^/integration(.*) /repo_local/mozilla/webroot_wsgi/integration/hgweb.wsgi$1
WSGIScriptAliasMatch ^(/(?!users|robots).*) /repo_local/mozilla/webroot_wsgi/hgweb.wsgi$1
<Location /users>
Options +Indexes
+ {% if ansible_distribution_major_version == '6' %}
Order allow,deny
Allow from all
+ {% else %}
+ Require all granted
+ {% endif %}
</Location>
<Location /server-status>
SetHandler server-status
+
+ {% if ansible_distribution_major_version == '6' %}
Order deny,allow
Deny from all
{% for ip in httpd_server_status_allow %}
Allow from {{ ip }}
{% endfor %}
+ {% else %}
+
+ {% for ip in httpd_server_status_allow %}
+ Require ip {{ ip }}
+ {% endfor %}
+
+ {% endif %}
</Location>
#LogLevel debug
LogFormat "%h %v %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\" \"%{Cookie}i\""
ErrorLog "/var/log/httpd/hg.mozilla.org/error_log"
CustomLog "/var/log/httpd/hg.mozilla.org/access_log" combined env=!image
</VirtualHost>