# ************************************
# Managed by Puppet
# ************************************
ServerName <%= @vhost_name %>
<% if @serveraliases.is_a? Array -%>
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
<% elsif @serveraliases != '' -%>
<%= " ServerAlias #{@serveraliases}" %>
<% end -%>
RewriteEngine On
RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent]
LogLevel warn
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
ServerSignature Off
ServerName <%= @vhost_name %>
DocumentRoot <%= @docroot %>
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Once the machine is using something to terminate TLS that supports ECDHE
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
# only is guarenteed.
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %>
SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %>
<% if scope['openstack_project::static::chain_file'] != '' %>
SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %>
<% end %>
# Alias other folders
<% scope.lookupvar('openstack_project::static::governance_aliases').each do |a, d| -%>
Alias "<%= a %>" "<%= d %>"
<% end -%>
# Set up redirects
<% scope.lookupvar('openstack_project::static::governance_redirects').each do |a, d| -%>
Redirect "<%= a %>" "<%= d %>"
<% end -%>
<% scope.lookupvar('openstack_project::static::governance_directories').each do |dirname| -%>
>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch
Satisfy Any
Require all granted
<% end -%>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Satisfy Any
Require all granted
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
ErrorDocument 404 /badges/project-unofficial.svg
LogLevel warn
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
ServerSignature Off