# ************************************ # Managed by Puppet # ************************************ ServerName <%= @srvname %> LogLevel warn ErrorLog /var/log/apache2/<%= @srvname %>_error.log CustomLog /var/log/apache2/<%= @srvname %>_access.log combined ServerSignature Off Redirect / https://review.opendev.org/ ServerName <%= @srvname %> SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # Once the machine is using something to terminate TLS that supports ECDHE # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS # only is guarenteed. SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on SSLCertificateFile /etc/letsencrypt-certs/review.opendev.org/review.opendev.org.cer SSLCertificateKeyFile /etc/letsencrypt-certs/review.opendev.org/review.opendev.org.key SSLCertificateChainFile /etc/letsencrypt-certs/review.opendev.org/ca.cer LogLevel warn ErrorLog /var/log/apache2/<%= @srvname %>_error.log CustomLog /var/log/apache2/<%= @srvname %>_access.log combined ServerSignature Off Redirect / https://review.opendev.org/