# ************************************
# Managed by Puppet
# ************************************

<VirtualHost <%= @vhost_name %>:80>
  ServerName <%= @srvname %>
  ReWriteEngine On
  ReWriteRule ^/(.*) https://<%= @srvname %>/$1 [last,redirect=permanent]
  LogLevel warn
  ErrorLog /var/log/apache2/<%= @name %>_error.log
  CustomLog /var/log/apache2/<%= @name %>_access.log combined
  ServerSignature Off
</VirtualHost>

<VirtualHost <%= @vhost_name %>:<%= @port %>>
  ServerName <%= @srvname %>

  DocumentRoot <%= @docroot %>
  <Directory <%= @docroot %>>
    Options <%= @options %>
    AllowOverride None
    Order allow,deny
    allow from all
    Require all granted
  </Directory>

  <% if scope.lookupvar("openstack_project::survey::auth_openid") != nil %>
    <Location /index.php/admin/>
      AuthType OpenID
      AuthName "Welcome"
      AuthOpenIDSecureCookie On
      AuthOpenIDCookieLifespan 3600
      AuthOpenIDTrustRoot https://<%= @srvname %>
      AuthOpenIDServerName https://<%= @srvname %>
      AuthOpenIDSingleIdP https://openstackid.org
      AuthOpenIDTrusted ^https://openstackid.org/.*$
      Require valid-user
    </Location>
  <% end %>

  SSLEngine on
  SSLProtocol ALL -SSLv2 -SSLv3
  SSLCertificateFile <%= scope.lookupvar("openstack_project::survey::ssl_cert_file") %>
  SSLCertificateKeyFile <%= scope.lookupvar("openstack_project::survey::ssl_key_file") %>
  <% if scope.lookupvar("openstack_project::survey::ssl_chain_file") != "" %>
    SSLCertificateChainFile <%= scope.lookupvar("openstack_project::survey::ssl_chain_file") %>
  <% end %>

  ErrorLog /var/log/apache2/<%= @name %>_error.log
  LogLevel warn
  CustomLog /var/log/apache2/<%= @name %>_access.log combined
  ServerSignature Off
</VirtualHost>