# ************************************ # Managed by Puppet # ************************************ ServerName <%= @vhost_name %> <% if @serveraliases.is_a? Array -%> <% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%> <% elsif @serveraliases != '' -%> <%= " ServerAlias #{@serveraliases}" %> <% end -%> RewriteEngine On RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent] LogLevel warn ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined ServerSignature Off ServerName <%= @vhost_name %> DocumentRoot <%= @docroot %> SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # Once the machine is using something to terminate TLS that supports ECDHE # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS # only is guarenteed. SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %> SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %> <% if scope['openstack_project::static::chain_file'] != '' %> SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %> <% end %> # Alias other folders <% scope.lookupvar('openstack_project::static::governance_aliases').each do |a, d| -%> Alias "<%= a %>" "<%= d %>" <% end -%> # Set up redirects <% scope.lookupvar('openstack_project::static::governance_redirects').each do |a, d| -%> Redirect "<%= a %>" "<%= d %>" <% end -%> <% scope.lookupvar('openstack_project::static::governance_directories').each do |dirname| -%> > Options Indexes FollowSymLinks MultiViews AllowOverrideList Redirect RedirectMatch Satisfy Any Require all granted <% end -%> Options Indexes FollowSymLinks MultiViews AllowOverride None Satisfy Any Require all granted Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform" Header set Pragma "no-cache" ErrorDocument 404 /badges/project-unofficial.svg LogLevel warn ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined ServerSignature Off