71 lines
2.3 KiB
Plaintext
71 lines
2.3 KiB
Plaintext
# ************************************
|
|
# Managed by Puppet
|
|
# ************************************
|
|
|
|
# Unconditionally redirect all HTTP traffic for this vhost to HTTPS
|
|
<VirtualHost *:80>
|
|
ServerName <%= @vhost_name %>
|
|
ServerAdmin <%= scope['phabricator::vars::httpd_admin_email'] %>
|
|
RewriteEngine On
|
|
RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent]
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
|
|
ServerName <%= @vhost_name %>
|
|
ServerAdmin <%= scope['phabricator::vars::httpd_admin_email'] %>
|
|
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Once the machine is using something to terminate TLS that supports ECDHE
|
|
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
|
# only is guaranteed.
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
SSLCertificateFile <%= scope['phabricator::certificates::cert_file'] %>
|
|
SSLCertificateKeyFile <%= scope['phabricator::certificates::key_file'] %>
|
|
<% unless [nil, :undef].include?(scope['phabricator::certificates::chain_file']) %>
|
|
SSLCertificateChainFile <%= scope['phabricator::certificates::chain_file'] %>
|
|
<% end %>
|
|
|
|
DocumentRoot <%= @docroot %>
|
|
<Directory />
|
|
Options FollowSymLinks
|
|
AllowOverride None
|
|
</Directory>
|
|
<Directory <%= @docroot %>>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverride None
|
|
Order allow,deny
|
|
Allow from all
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Location <%= scope['phabricator::auth_location'] %> >
|
|
AuthType OpenID
|
|
require valid-user
|
|
AuthOpenIDSingleIdP <%= scope['phabricator::authopenidsingleidp'] %>
|
|
</Location>
|
|
|
|
RewriteEngine On
|
|
RewriteRule ^/rsrc/(.*) - [last,qsappend]
|
|
RewriteRule ^/favicon.ico - [last,qsappend]
|
|
RewriteRule ^(.*) /index.php?__path__=$1 [B,last,qsappend]
|
|
|
|
SetEnv PHABRICATOR_ENV production
|
|
|
|
# Possible values include: debug, info, notice, warn, error, crit,
|
|
# alert, emerg.
|
|
LogLevel warn
|
|
|
|
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
|
|
ServerSignature Off
|
|
|
|
</VirtualHost>
|