8cb841cb64
There are two ServerAdmin entries in the https vhost erb template. One for port 80 and one for port 443. The previous change only fixed the issue for port 80. Fix this for port 443 too. Additionally fix the ssl chain file variable which has the same problem. Change-Id: Id3a36d1a3088f9ae08761f51f4073f388e2eedf8
69 lines
2.6 KiB
Plaintext
69 lines
2.6 KiB
Plaintext
<VirtualHost *:80>
|
|
<% if ! [nil, :undef].include?(scope.lookupvar("storyboard::application::server_admin")) %>
|
|
ServerAdmin <%= scope.lookupvar("storyboard::application::server_admin") %>
|
|
<% end %>
|
|
ServerName <%= scope.lookupvar("storyboard::application::hostname") %>
|
|
|
|
DocumentRoot <%= scope.lookupvar("storyboard::application::www_root") %>
|
|
|
|
Redirect / https://<%= scope.lookupvar("storyboard::application::hostname") %>/
|
|
|
|
LogLevel warn
|
|
ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined
|
|
|
|
</VirtualHost>
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
<% if ! [nil, :undef].include?(scope.lookupvar("storyboard::application::server_admin")) %>
|
|
ServerAdmin <%= scope.lookupvar("storyboard::application::server_admin") %>
|
|
<% end %>
|
|
ServerName <%= scope.lookupvar("storyboard::application::hostname") %>
|
|
|
|
LogLevel warn
|
|
ErrorLog ${APACHE_LOG_DIR}/storyboard-ssl-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/storyboard-ssl-access.log combined
|
|
|
|
SSLEngine on
|
|
|
|
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
|
|
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
|
|
|
|
SSLCertificateFile <%= scope.lookupvar("storyboard::cert::ssl_cert") %>
|
|
SSLCertificateKeyFile <%= scope.lookupvar("storyboard::cert::ssl_key") %>
|
|
<% if ! [nil, :undef].include?(scope.lookupvar("storyboard::cert::resolved_ssl_ca")) %>
|
|
SSLCertificateChainFile <%= scope.lookupvar("storyboard::cert::resolved_ssl_ca") %>
|
|
<% end %>
|
|
|
|
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
|
SSLOptions +StdEnvVars
|
|
</FilesMatch>
|
|
<Directory /usr/lib/cgi-bin>
|
|
SSLOptions +StdEnvVars
|
|
</Directory>
|
|
|
|
BrowserMatch "MSIE [2-6]" \
|
|
nokeepalive ssl-unclean-shutdown \
|
|
downgrade-1.0 force-response-1.0
|
|
# MSIE 7 and newer should be able to use keepalive
|
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
|
|
|
AllowEncodedSlashes on
|
|
|
|
DocumentRoot <%= scope.lookupvar("storyboard::application::www_root") %>
|
|
|
|
WSGIDaemonProcess storyboard user=<%= scope.lookupvar("storyboard::params::user") %> group=<%= scope.lookupvar("storyboard::params::group") %> threads=5 python-path=/usr/local/lib/python2.7/dist-packages
|
|
WSGIScriptAlias /api /var/lib/storyboard/storyboard.wsgi
|
|
WSGIPassAuthorization On
|
|
|
|
<Directory "<%= scope.lookupvar("storyboard::application::install_root") %>">
|
|
<% if scope.lookupvar("storyboard::application::new_vhost_perms") %>
|
|
Require all granted
|
|
<% else %>
|
|
Order allow,deny
|
|
Allow from all
|
|
<% end %>
|
|
</Directory>
|
|
</VirtualHost>
|
|
</IfModule>
|