# ************************************
# Managed by Puppet
# ************************************
ServerName <%= @name %>
<% if @aliases.is_a? Array -%>
<% @aliases.each do |alias_name| -%><%= " ServerAlias #{alias_name}\n" %><% end -%>
<% elsif @aliases != nil -%>
<%= " ServerAlias #{@aliases}" -%>
<% end -%>
RewriteEngine on
RewriteRule ^/(.*) https://<%= @name %>/$1 [last,redirect=permanent]
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
LogLevel warn
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
ServerSignature Off
ServerName <%= @name %>
<% if @aliases.is_a? Array -%>
<% @aliases.each do |alias_name| -%><%= " ServerAlias #{alias_name}\n" %><% end -%>
<% elsif @aliases != nil -%>
<%= " ServerAlias #{@aliases}" -%>
<% end -%>
RewriteEngine on
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Once the machine is using something to terminate TLS that supports ECDHE
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
# only is guarenteed.
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile <%= @ssl_cert_file_ %>
SSLCertificateKeyFile <%= @ssl_key_file_ %>
SSLCertificateChainFile <%= @ssl_chain_file_ %>
DocumentRoot <%= @docroot_ %>
>
Options Indexes FollowSymLinks MultiViews
Satisfy any
Require all granted
AllowOverride None
# Allow mod_rewrite rules
AllowOverrideList <%= @allow_override_list_ %>
ErrorDocument 404 /errorpage.html
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
LogLevel warn
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
ServerSignature Off