ServerName <%= scope.lookupvar("openstackid::vhost_name") %> ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %> ErrorLog ${APACHE_LOG_DIR}/openstackid-error.log LogLevel warn Redirect / https://<%= scope.lookupvar("openstackid::vhost_name") %>/ ServerName <%= scope.lookupvar("openstackid::vhost_name") %> ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %> ErrorLog ${APACHE_LOG_DIR}/openstackid-ssl-error.log LogLevel warn SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # Once the machine is using something to terminate TLS that supports ECDHE # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS # only is guarenteed. SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %> SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %> <% if scope.lookupvar("openstackid::ssl_chain_file") != "" %> SSLCertificateChainFile <%= scope.lookupvar("openstackid::ssl_chain_file") %> <% end %> RewriteEngine on RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("openstackid::vhost_name") %> RewriteRule ^.*$ <%= scope.lookupvar("openstackid::canonicalweburl") %> # send basic auth header RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] DocumentRoot <%= @docroot %> /> Options -Indexes +FollowSymLinks +MultiViews AllowOverride All ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000<%= @docroot %>/$1 retry=0 timeout=1800