puppet-zanata/templates/zanata.vhost.erb

<VirtualHost *:80>
  ServerName <%= scope.lookupvar("zanata::apache::vhost_name") %>
  ServerAdmin <%= scope.lookupvar("zanata::apache::serveradmin") %>

  ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("zanata::apache::vhost_name") %>-error.log

  LogLevel warn

  CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("zanata::apache::vhost_name") %>-access.log combined

  Redirect / https://<%= scope.lookupvar("zanata::apache::vhost_name") %>/

</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName <%= scope.lookupvar("zanata::apache::vhost_name") %>
  ServerAdmin <%= scope.lookupvar("zanata::apache::serveradmin") %>

  ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("zanata::apache::vhost_name") %>-error.log

  LogLevel warn

  CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("zanata::apache::vhost_name") %>-access.log combined

  SSLEngine on
  SSLProtocol All -SSLv2 -SSLv3

  SSLCertificateFile <%= scope.lookupvar("zanata::apache::ssl_cert_file") %>
  SSLCertificateKeyFile <%= scope.lookupvar("zanata::apache::ssl_key_file") %>
  <% if scope.lookupvar("zanata::apache::ssl_chain_file") != "" %>
    SSLCertificateChainFile <%= scope.lookupvar("zanata::apache::ssl_chain_file") %>
  <% end -%>

  # CVE-2018-12532 https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html
  RewriteEngine on
  RewriteRule .*(/DATA/|org\.richfaces\.resource\.MediaOutputResource).* - [F,L]

  ProxyPass / ajp://127.0.0.1:8009/ retry=0

</VirtualHost>
</IfModule>