ServerName <%= scope.lookupvar("openstackid::vhost_name") %> ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %> ErrorLog ${APACHE_LOG_DIR}/openstackid-error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/openstackid-access.log combined Redirect / https://<%= scope.lookupvar("openstackid::vhost_name") %>/ ServerName <%= scope.lookupvar("openstackid::vhost_name") %> ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %> ErrorLog ${APACHE_LOG_DIR}/openstackid-ssl-error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # Once the machine is using something to terminate TLS that supports ECDHE # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS # only is guarenteed. SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %> SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %> <% if scope.lookupvar("openstackid::ssl_chain_file") != "" %> SSLCertificateChainFile <%= scope.lookupvar("openstackid::ssl_chain_file") %> <% end %> RewriteEngine on RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("openstackid::vhost_name") %> RewriteRule ^.*$ <%= scope.lookupvar("openstackid::canonicalweburl") %> DocumentRoot <%= @docroot %> /> Order allow,deny Allow from all SetHandler "proxy:fcgi://127.0.0.1:9000" AddHandler php5-fcgi .php Action php5-fcgi /php5-fcgi Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -host 127.0.0.1:9000 -pass-header Authorization Options ExecCGI FollowSymLinks SetHandler fastcgi-script Require all granted