b54344129d
We almost never define $serveraliases which means that it's always going to be empty. Puppet 4 is more strict about types and converting undef to nil so this change makes sure that an undefined variable doesn't accidentally get evaluated as existing and cause an invalid apache config. In the places where we're already just comparing @serveraliases to nil, just leave them alone. Nil should be the expected value for undefined variables going forward in puppet 4, so as long as it's working in puppet 3 let's keep it. Change-Id: I68ea8e1fde5d422f821453ff618d827e3cbe1c43
69 lines
2.6 KiB
Plaintext
69 lines
2.6 KiB
Plaintext
# ************************************
|
|
# Managed by Puppet
|
|
# ************************************
|
|
|
|
<VirtualHost *:80>
|
|
ServerName <%= @vhost_name %>
|
|
<% if @serveraliases.is_a? Array -%>
|
|
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
|
<% elsif ! ['', nil].include?(@serveraliases) -%>
|
|
<%= " ServerAlias #{@serveraliases}" %>
|
|
<% end -%>
|
|
RewriteEngine On
|
|
RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent]
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName <%= @vhost_name %>
|
|
DocumentRoot <%= @docroot %>
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Once the machine is using something to terminate TLS that supports ECDHE
|
|
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
|
# only is guarenteed.
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %>
|
|
SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %>
|
|
<% if scope['openstack_project::static::chain_file'] != '' %>
|
|
SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %>
|
|
<% end %>
|
|
# Alias other folders
|
|
<% scope.lookupvar('openstack_project::static::governance_aliases').each do |a, d| -%>
|
|
Alias "<%= a %>" "<%= d %>"
|
|
<% end -%>
|
|
# Set up redirects
|
|
<% scope.lookupvar('openstack_project::static::governance_redirects').each do |a, d| -%>
|
|
Redirect "<%= a %>" "<%= d %>"
|
|
<% end -%>
|
|
<% scope.lookupvar('openstack_project::static::governance_directories').each do |dirname| -%>
|
|
<Directory <%= dirname %>>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverrideList Redirect RedirectMatch
|
|
Satisfy Any
|
|
Require all granted
|
|
</Directory>
|
|
<% end -%>
|
|
<Directory /srv/static/governance/badges>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverride None
|
|
Satisfy Any
|
|
Require all granted
|
|
<IfModule mod_headers.c>
|
|
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
|
|
Header set Pragma "no-cache"
|
|
</IfModule>
|
|
ErrorDocument 404 /badges/project-unofficial.svg
|
|
</Directory>
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
</IfModule>
|