commit 5191d26e86c72495412a8afa78084e0b20731146 Author: Nicolas Chauvet <kwizart(a)gmail.com&gt; Date: Sat Nov 5 14:51:06 2016 +0100 Add bugzilla apache httpd config roles/bugzilla/files/bugzilla-httpd.conf | 60 ++++++++++++++++++++++++++++++ roles/bugzilla/tasks/main.yml | 4 ++ 2 files changed, 64 insertions(+), 0 deletions(-) --- diff --git a/roles/bugzilla/files/bugzilla-httpd.conf b/roles/bugzilla/files/bugzilla-httpd.conf new file mode 100644 index 0000000..4c6100a --- /dev/null +++ b/roles/bugzilla/files/bugzilla-httpd.conf @@ -0,0 +1,60 @@ +#Alias /var/lib/bugzilla/data/webdot /var/lib/bugzilla/data/webdot +#Alias /bugzilla /usr/share/bugzilla + + DocumentRoot /usr/share/bugzilla + + RewriteEngine On + RewriteRule ^/([0-9]+)$ /show_bug.cgi?id=$1 [L,R] + RewriteRule ^/bugzilla/(.*)$ /$1 [L,R] + +<Directory /usr/share/bugzilla> + + <IfModule mod_authz_core.c> + # Bugzilla will be accessible to all machines in your network + # Replace with "Require local" if you want access to be restricted + # to this machine. + Require all granted + </IfModule> + + AddHandler cgi-script .cgi + Options +Indexes +ExecCGI +FollowSymLinks + DirectoryIndex index.cgi index.html + AllowOverride None + AddType application/vnd.mozilla.xul+xml .xul + AddType application/rdf+xml .rdf +</Directory> + +<Directory /var/lib/bugzilla/data> + Require all denied +</Directory> + +<Directory /var/lib/bugzilla/data/webdot> +# Restrict access to .dot files to the public webdot server at research.att.com +# if research.att.com ever changes their IP, or if you use a different +# webdot server, you'll need to edit this + <FilesMatch \.dot$> + #Require ip 192.20.225.0/24 + Require all denied + </FilesMatch> + +# Allow access to .png files created by a local copy of 'dot' + <FilesMatch \.png$> + Require all granted + </FilesMatch> + +# And no directory listings, either. + Require all denied +</Directory> + +<Directory /var/lib/bugzilla/assets> + Require all granted +</Directory> + +<Directory /var/lib/bugzilla/graphs> + <FilesMatch (\.gif|\.png)$> + Require all granted + </FilesMatch> + Require all denied +</Directory> + +Include conf.d/trace.inc diff --git a/roles/bugzilla/tasks/main.yml b/roles/bugzilla/tasks/main.yml index 45cc69c..fa99e46 100644 --- a/roles/bugzilla/tasks/main.yml +++ b/roles/bugzilla/tasks/main.yml @@ -41,4 +41,8 @@ - config - bugzilla +- name: install apache httpd bugzilla + copy: src="bugzilla-httpd.conf" dest="/etc/httpd/conf.d/bugzilla.conf" owner=root group=root + tags: + - config