# ************************************ # Managed by Puppet # ************************************ ServerName <%= @name %> <% if @aliases.is_a? Array -%> <% @aliases.each do |alias_name| -%><%= " ServerAlias #{alias_name}\n" %><% end -%> <% elsif @aliases != nil -%> <%= " ServerAlias #{@aliases}" -%> <% end -%> RewriteEngine on RewriteRule ^/(.*) https://<%= @name %>/$1 [last,redirect=permanent] ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log LogLevel warn CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined ServerSignature Off ServerName <%= @name %> <% if @aliases.is_a? Array -%> <% @aliases.each do |alias_name| -%><%= " ServerAlias #{alias_name}\n" %><% end -%> <% elsif @aliases != nil -%> <%= " ServerAlias #{@aliases}" -%> <% end -%> RewriteEngine on SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # Once the machine is using something to terminate TLS that supports ECDHE # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS # only is guarenteed. SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on SSLCertificateFile <%= @ssl_cert_file_ %> SSLCertificateKeyFile <%= @ssl_key_file_ %> SSLCertificateChainFile <%= @ssl_chain_file_ %> DocumentRoot <%= @docroot_ %> > Options Indexes FollowSymLinks MultiViews Satisfy any Require all granted AllowOverride None # Allow mod_rewrite rules AllowOverrideList <%= @allow_override_list_ %> ErrorDocument 404 /errorpage.html ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log LogLevel warn CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined ServerSignature Off