Commit e9c958a3 authored by Ejegg's avatar Ejegg
Browse files

Turn off SSL for SmashPig IPN listener

We'll send this through the same sort of proxy as we're sending
payments-wiki through, so we turn off the 'Upgrade' header that
advertises support for HTTP/2 but should not be included on any
responses which are already HTTP/2 such as those from the proxy

Change-Id: I412e877aacdec233f293d94f0b2ab480f4846bea
parent 7348fd6e
......@@ -8,13 +8,8 @@ DocumentRoot /srv/smashpig/PublicHttp
ErrorLog "| /usr/bin/logger -thttpd -plocal6.err"
CustomLog "| /usr/bin/logger -thttpd -plocal6.notice" combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/docker-ssl.pem
SSLCertificateKeyFile /etc/ssl/private/docker-ssl.key
<FilesMatch ".+\.ph(ar|p|tml)$">
SSLOptions +StdEnvVars
</FilesMatch>
SetEnvIf X-Forwarded-Proto "https" HTTPS=on
Header unset Upgrade
# Config below taken from old vagrant template
RewriteEngine on
......
......@@ -20,7 +20,8 @@ RUN rm /var/www/html/index.html \
&& a2enmod rewrite \
&& a2enmod http2 \
&& a2enmod cache \
&& a2enmod ssl
&& a2enmod setenvif \
&& a2enmod headers
# Copy Apache config into image
......
fundraising-smashpig-buster-php73-apache2 (0.0.1-1-s3) wikimedia; urgency=medium
* Turn off SSL for IPN listener
-- Elliott Eggleston <ejegg@ejegg.com> Thu, 04 Nov 2021 15:10:17 -0400
fundraising-smashpig-buster-php73-apache2 (0.0.1-1-s2) wikimedia; urgency=high
Refresh for update in parent image buster:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment