---
+accounts::users:
+ hybris:
+ uid: 61000
+ group: hybris
+ shell: "bash"
+ apply: true
+ comment: "Hybris User"
+ keys:
+ detlef.gaisser:
+ key: "AAAAB3NzaC1yc2EAAAADAQABAAABAQDlULtDnNWDd3RoeMdsQN9BJnT1sCeFIqP0QvXgDV/65HXx5u6GFo9wtOqCN+RJBtgdMTitz1YIslJxv5MeCFKEkcxRW5Uj29uWqvoij9ZCnLUtFmqiEt2PyjPWda6TXnQPNYprVoeP/wZTq8priWDxAUaiNGFkaNFL/KAjeQe35+9YrdkEXYyn1PKB1yHM4DcTwFoQcSCgo0vSOZKcqxV/8CW9XxHoBMDWOvtgXebHRu2lqrK0ToF/lShXIa/oq7GvwrKDJlrVGOPhPcW/sacGdMZ2sSmhFWb6ndCnPM9jnw/4sj4NOJwh6j8zpSaX8Kfh62zy38GlLz9mhHFS3oEd"
+ detlef.gaisser:
+ apply: true
+ sudo: true
+
+infra::additional_classes:
+ - infra::profile::apache
+ - apache::mod::proxy_http
+
+infra::profile::apache::htdigest:
+ server:
+ www: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAVQr9NvxKune1HC+hn6htQCWh61TE2NsvPV3bsCIJnm2cTe4XfKE4+w6tLtUikvdFPmH0mzegauxK8Z28ypkrAOxHGWlwHBsmJx/MAFyfMuxgt6KQEKmLhv1kAylIJR3oBdLNdrcj+myBafv1JgtxUrjY1MOTFRZ6NZ0Wqj4g2LvAB4f+s5w9f0fkBGdpiOQi0L5szq2ABXUpTqtzchj1Dc/drWbcprYdQDk0HTSurbSp1skiUowuIq1VNJXnl0icEDnd1K5+V730N/we0JuDFja/Q3zp/yGGeFzK4cAHzlzy7jj0aA0QiKQ60SGxy3Rp+c0wPJhACyPgH74HQ0+aTjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBA/n8mEm/0LU+PlcbZhu46vgCCQCTN6HDaooQ/N2CkykiUnNwdYbHRqT6IsJUdFE9NaTA==]
+
+infra::profile::apache::pp_vhosts:
+ lapp-shop:
+ docroot: /var/www/lapp-shop
+ servername: dev01-www-lapp-de.pixelpark.net
+ cert_servername: 'wildcard.pixelpark.net'
+ cert_customer: 'pixelpark'
+ ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+ ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+
+# Damit es ohne gültiges Backend Certificate funktioniert
+ custom_fragment: |
+ SSLProxyVerify none
+ SSLProxyCheckPeerCN off
+ SSLProxyCheckPeerName off
+# SSLProxyEngine On
+ ssl_proxyengine: true
+# ProxyPreserveHost On
+ proxy_preserve_host: true
+# ProxyPass Settings (geht auch in Locations)
+ proxy_pass:
+ - { path: /assets, url: '!' }
+ - { path: /, url: 'https://localhost:9002/' }
+ setenvif:
+ - 'HTTPS on HTTPS=on'
+ setenvifnocase:
+ - 'Request_URI \.(?:gif|jpe?g|png)$ no-gzip'
+ - 'Request_URI \.(?:gif|jpe?g|png)$ dont-vary'
+ headers:
+# - always append X-Frame-Options SAMEORIGIN
+ - append Vary User-Agent env=!dont-vary
+ docroot_owner: apache
+ docroot_group: apache
+ docroot_mode: '2775'
+ directories:
+ - provider: directory
+ path: '/var/www/lapp-shop'
+ options:
+ - FollowSymLinks
+ - MultiViews
+ allow_override:
+ - All
+ - provider: directory
+ path: '/var/www/cgi-bin'
+ ssl_options:
+ - '+StdEnvVars'
+
+ - provider: location
+ path: '/'
+ auth_type: Digest
+ auth_name: server
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ auth_require: 'valid-user'
+
+ - provider: location
+ path: '/admin'
+ sethandler: "admin"
+
+ - provider: location
+ path: '/hmc'
+ sethandler: "hmc"
+
+ - provider: location
+ path: '/cmscockpit'
+ sethandler: "cmscockpit"
+ proxy_pass:
+ - { path: /, url: 'https://localhost:9002/cmscockpit' }
+
+ - provider: location
+ path: '/medias'
+ sethandler: "medias"
+ proxy_pass:
+ - { path: /, url: 'http://localhost:9001/media' }
+
+# - provider: location
+# path: '/solr'
+# sethandler: "solr"
+# proxy_pass:
+# - { path: /, url: 'http://localhost:8983/solr' }
+# custom_fragment: |
+# RequestHeader set Authorization "Basic c29scnNlcnZlcjpzZXJ2ZXIxMjM="
+
+ - provider: location
+ path: '/maintainance'
+ sethandler: "maintainance"
+ require:
+ - local
+
+ - provider: filesmatch
+ path: '\.(cgi|shtml|phtml|php)$'
+ ssl_options:
+ - '+StdEnvVars'
+
+# rewrites:
+# - comment: 'frontend root rewrite'
+# rewrite_cond:
+# - '%{literal("%")}{REQUEST_URI} ^(/?)$'
+# rewrite_rule:
+# - '(.*)$ /yb2bacceleratorstorefront/ [R=301]'