b54344129d
We almost never define $serveraliases which means that it's always going to be empty. Puppet 4 is more strict about types and converting undef to nil so this change makes sure that an undefined variable doesn't accidentally get evaluated as existing and cause an invalid apache config. In the places where we're already just comparing @serveraliases to nil, just leave them alone. Nil should be the expected value for undefined variables going forward in puppet 4, so as long as it's working in puppet 3 let's keep it. Change-Id: I68ea8e1fde5d422f821453ff618d827e3cbe1c43
59 lines
2.1 KiB
Plaintext
59 lines
2.1 KiB
Plaintext
# ************************************
|
|
# Managed by Puppet
|
|
# ************************************
|
|
|
|
<VirtualHost *:80>
|
|
ServerName <%= @vhost_name %>
|
|
<% if @serveraliases.is_a? Array -%>
|
|
# Permanently redirect these ServerAlias entries to ServerName
|
|
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
|
<% elsif ! ['', nil].include?(@serveraliases) -%>
|
|
<%= " ServerAlias #{@serveraliases}" %>
|
|
RewriteEngine On
|
|
RewriteCond %{HTTP_HOST} !<%= @vhost_name %>$ [NC]
|
|
RewriteRule ^/(.*)$ http://<%= @vhost_name %>/$1 [L,R=301]
|
|
<% end -%>
|
|
DocumentRoot <%= @docroot %>
|
|
<Directory <%= @docroot %>>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverride None
|
|
AllowOverrideList Redirect RedirectMatch
|
|
Satisfy Any
|
|
Require all granted
|
|
</Directory>
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName <%= @vhost_name %>
|
|
DocumentRoot <%= @docroot %>
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Once the machine is using something to terminate TLS that supports ECDHE
|
|
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
|
# only is guarenteed.
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %>
|
|
SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %>
|
|
<% if scope['openstack_project::static::chain_file'] != '' %>
|
|
SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %>
|
|
<% end %>
|
|
<Directory <%= @docroot %>>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverride None
|
|
AllowOverrideList Redirect RedirectMatch
|
|
Satisfy Any
|
|
Require all granted
|
|
</Directory>
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
</IfModule>
|