system-config/modules/openstack_project/templates/static-governance.vhost.erb
Colleen Murphy b54344129d Fix template variables
We almost never define $serveraliases which means that it's always going
to be empty. Puppet 4 is more strict about types and converting undef to
nil so this change makes sure that an undefined variable doesn't
accidentally get evaluated as existing and cause an invalid apache
config.

In the places where we're already just comparing @serveraliases to nil,
just leave them alone. Nil should be the expected value for undefined
variables going forward in puppet 4, so as long as it's working in
puppet 3 let's keep it.

Change-Id: I68ea8e1fde5d422f821453ff618d827e3cbe1c43
2018-07-18 09:32:36 +02:00

69 lines
2.6 KiB
Plaintext

# ************************************
# Managed by Puppet
# ************************************
<VirtualHost *:80>
ServerName <%= @vhost_name %>
<% if @serveraliases.is_a? Array -%>
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
<% elsif ! ['', nil].include?(@serveraliases) -%>
<%= " ServerAlias #{@serveraliases}" %>
<% end -%>
RewriteEngine On
RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent]
LogLevel warn
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
ServerSignature Off
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName <%= @vhost_name %>
DocumentRoot <%= @docroot %>
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Once the machine is using something to terminate TLS that supports ECDHE
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
# only is guarenteed.
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %>
SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %>
<% if scope['openstack_project::static::chain_file'] != '' %>
SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %>
<% end %>
# Alias other folders
<% scope.lookupvar('openstack_project::static::governance_aliases').each do |a, d| -%>
Alias "<%= a %>" "<%= d %>"
<% end -%>
# Set up redirects
<% scope.lookupvar('openstack_project::static::governance_redirects').each do |a, d| -%>
Redirect "<%= a %>" "<%= d %>"
<% end -%>
<% scope.lookupvar('openstack_project::static::governance_directories').each do |dirname| -%>
<Directory <%= dirname %>>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch
Satisfy Any
Require all granted
</Directory>
<% end -%>
<Directory /srv/static/governance/badges>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Satisfy Any
Require all granted
<IfModule mod_headers.c>
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</IfModule>
ErrorDocument 404 /badges/project-unofficial.svg
</Directory>
LogLevel warn
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
ServerSignature Off
</VirtualHost>
</IfModule>