# ************************************ # Managed by Puppet # ************************************ ServerName <%= @srvname %> <% if @serveraliases.is_a? Array -%> <% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%> <% elsif @serveraliases != nil -%> <%= " ServerAlias #{@serveraliases}" -%> <% end -%> RewriteEngine on RewriteRule ^/(.*) https://<%= @srvname %>/$1 [last,redirect=permanent] ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log LogLevel warn CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined ServerSignature Off ServerName <%= @srvname %> <% if @serveraliases.is_a? Array -%> <% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%> <% elsif @serveraliases != nil -%> <%= " ServerAlias #{@serveraliases}" -%> <% end -%> RewriteEngine on SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # Once the machine is using something to terminate TLS that supports ECDHE # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS # only is guarenteed. SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key SSLCertificateChainFile /etc/ssl/certs/<%= @name %>_intermediate.pem DocumentRoot <%= @docroot %> > Options Indexes FollowSymLinks MultiViews Satisfy any Require all granted AllowOverride None # Allow mod_rewrite rules AllowOverrideList Redirect RedirectMatch ErrorDocument 404 /errorpage.html ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log LogLevel warn CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined ServerSignature Off