2016-03-15 01:45:22 +00:00
|
|
|
# ************************************
|
|
|
|
# Managed by Puppet
|
|
|
|
# ************************************
|
|
|
|
|
|
|
|
<VirtualHost *:80>
|
|
|
|
ServerName <%= @vhost_name %>
|
|
|
|
<% if @serveraliases.is_a? Array -%>
|
|
|
|
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
2018-07-12 07:41:44 +00:00
|
|
|
<% elsif ! ['', nil].include?(@serveraliases) -%>
|
2016-03-15 01:45:22 +00:00
|
|
|
<%= " ServerAlias #{@serveraliases}" %>
|
|
|
|
<% end -%>
|
2016-12-07 20:09:46 +00:00
|
|
|
RewriteEngine On
|
|
|
|
RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent]
|
2016-03-15 01:45:22 +00:00
|
|
|
LogLevel warn
|
|
|
|
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
|
|
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
|
|
ServerSignature Off
|
|
|
|
</VirtualHost>
|
|
|
|
|
|
|
|
<IfModule mod_ssl.c>
|
|
|
|
<VirtualHost *:443>
|
|
|
|
ServerName <%= @vhost_name %>
|
|
|
|
DocumentRoot <%= @docroot %>
|
|
|
|
SSLEngine on
|
|
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
|
|
# Once the machine is using something to terminate TLS that supports ECDHE
|
|
|
|
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
|
|
|
# only is guarenteed.
|
|
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
|
|
SSLHonorCipherOrder on
|
|
|
|
SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %>
|
|
|
|
SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %>
|
|
|
|
<% if scope['openstack_project::static::chain_file'] != '' %>
|
|
|
|
SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %>
|
|
|
|
<% end %>
|
|
|
|
# Alias other folders
|
|
|
|
<% scope.lookupvar('openstack_project::static::governance_aliases').each do |a, d| -%>
|
|
|
|
Alias "<%= a %>" "<%= d %>"
|
|
|
|
<% end -%>
|
2016-11-30 10:09:29 +00:00
|
|
|
# Set up redirects
|
|
|
|
<% scope.lookupvar('openstack_project::static::governance_redirects').each do |a, d| -%>
|
|
|
|
Redirect "<%= a %>" "<%= d %>"
|
|
|
|
<% end -%>
|
2016-03-15 01:45:22 +00:00
|
|
|
<% scope.lookupvar('openstack_project::static::governance_directories').each do |dirname| -%>
|
|
|
|
<Directory <%= dirname %>>
|
|
|
|
Options Indexes FollowSymLinks MultiViews
|
2018-01-16 16:23:22 +00:00
|
|
|
AllowOverrideList Redirect RedirectMatch
|
2016-03-15 01:45:22 +00:00
|
|
|
Satisfy Any
|
|
|
|
Require all granted
|
|
|
|
</Directory>
|
|
|
|
<% end -%>
|
2016-11-18 16:40:47 +00:00
|
|
|
<Directory /srv/static/governance/badges>
|
|
|
|
Options Indexes FollowSymLinks MultiViews
|
|
|
|
AllowOverride None
|
|
|
|
Satisfy Any
|
|
|
|
Require all granted
|
2016-11-30 09:41:03 +00:00
|
|
|
<IfModule mod_headers.c>
|
|
|
|
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
|
|
|
|
Header set Pragma "no-cache"
|
|
|
|
</IfModule>
|
2016-11-18 16:40:47 +00:00
|
|
|
ErrorDocument 404 /badges/project-unofficial.svg
|
|
|
|
</Directory>
|
2016-03-15 01:45:22 +00:00
|
|
|
LogLevel warn
|
|
|
|
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
|
|
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
|
|
ServerSignature Off
|
|
|
|
</VirtualHost>
|
|
|
|
</IfModule>
|