6153eec795
Dynamic scoping for variables in ERB templates was removed in puppet 4[1] which means that the variables defined in the manifests cannot be found when it is referenced in the httpd::vhost defined type and will be evaluated as nil when puppet runs. Use scope.lookupvar instead to be explicit about the variable's source. [1] https://puppet.com/docs/puppet/4.10/lang_updating_manifests.html#dynamic-scoping-in-erb Change-Id: I007975c920bd12a352acdea742b841a17ecc5d17
67 lines
2.5 KiB
Plaintext
67 lines
2.5 KiB
Plaintext
<VirtualHost *:80>
|
|
<% if scope.lookupvar("storyboard::application::server_admin") != :undef %>
|
|
ServerAdmin <%= scope.lookupvar("storyboard::application::server_admin") %>
|
|
<% end %>
|
|
ServerName <%= scope.lookupvar("storyboard::application::hostname") %>
|
|
|
|
DocumentRoot <%= scope.lookupvar("storyboard::application::www_root") %>
|
|
|
|
Redirect / https://<%= scope.lookupvar("storyboard::application::hostname") %>/
|
|
|
|
LogLevel warn
|
|
ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined
|
|
|
|
</VirtualHost>
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
<% if scope.lookupvar("storyboard::application::server_admin") != :undef %>
|
|
ServerAdmin <%= scope.lookupvar("storyboard::application::server_admin") %>
|
|
<% end %>
|
|
ServerName <%= scope.lookupvar("storyboard::application::hostname") %>
|
|
|
|
LogLevel warn
|
|
ErrorLog ${APACHE_LOG_DIR}/storyboard-ssl-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/storyboard-ssl-access.log combined
|
|
|
|
SSLEngine on
|
|
|
|
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
|
|
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
|
|
|
|
SSLCertificateFile <%= scope.lookupvar("storyboard::cert::ssl_cert") %>
|
|
SSLCertificateKeyFile <%= scope.lookupvar("storyboard::cert::ssl_key") %>
|
|
<% if scope.lookupvar("storyboard::cert::resolved_ssl_ca") != :undef %>
|
|
SSLCertificateChainFile <%= scope.lookupvar("storyboard::cert::resolved_ssl_ca") %>
|
|
<% end %>
|
|
|
|
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
|
SSLOptions +StdEnvVars
|
|
</FilesMatch>
|
|
<Directory /usr/lib/cgi-bin>
|
|
SSLOptions +StdEnvVars
|
|
</Directory>
|
|
|
|
BrowserMatch "MSIE [2-6]" \
|
|
nokeepalive ssl-unclean-shutdown \
|
|
downgrade-1.0 force-response-1.0
|
|
# MSIE 7 and newer should be able to use keepalive
|
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
|
|
|
DocumentRoot <%= scope.lookupvar("storyboard::application::www_root") %>
|
|
|
|
WSGIDaemonProcess storyboard user=<%= scope.lookupvar("storyboard::params::user") %> group=<%= scope.lookupvar("storyboard::params::group") %> threads=5 python-path=/usr/local/lib/python2.7/dist-packages
|
|
WSGIScriptAlias /api /var/lib/storyboard/storyboard.wsgi
|
|
WSGIPassAuthorization On
|
|
|
|
<Directory "<%= scope.lookupvar("storyboard::application::install_root") %>">
|
|
<% if scope.lookupvar("storyboard::application::new_vhost_perms") %>
|
|
Require all granted
|
|
<% else %>
|
|
Order allow,deny
|
|
Allow from all
|
|
<% end %>
|
|
</Directory>
|
|
</VirtualHost>
|
|
</IfModule>
|