Add SSL options in www subdomain redirect vhost
The *:443 vhost for www needs ssl options set even though it only hosts a redirect. Change-Id: Ib9be4d3901a6abd4f55589e41bab363f066d747b
This commit is contained in:
parent
24890661b8
commit
5fd8ea4c50
|
@ -27,6 +27,20 @@
|
|||
|
||||
ErrorLog ${APACHE_LOG_DIR}/openstackid-error.log
|
||||
LogLevel warn
|
||||
|
||||
SSLEngine on
|
||||
SSLProtocol All -SSLv2 -SSLv3
|
||||
# Once the machine is using something to terminate TLS that supports ECDHE
|
||||
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
||||
# only is guarenteed.
|
||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
||||
SSLHonorCipherOrder on
|
||||
SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %>
|
||||
SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %>
|
||||
<% if scope.lookupvar("openstackid::ssl_chain_file") != "" %>
|
||||
SSLCertificateChainFile <%= scope.lookupvar("openstackid::ssl_chain_file") %>
|
||||
<% end %>
|
||||
|
||||
Redirect / https://<%= scope.lookupvar("openstackid::vhost_name") %>/
|
||||
</VirtualHost>
|
||||
|
||||
|
|
Loading…
Reference in New Issue