ServerName {{ inventory_hostname }} ErrorLog /var/log/apache2/nodepool_error.log LogLevel warn CustomLog /var/log/apache2/nodepool_access.log combined ServerSignature Off Redirect / https://{{ inventory_hostname }}/ ServerName nb01.openstack.org SSLEngine on SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer SSLProtocol All -SSLv2 -SSLv3 # Note: this list should ensure ciphers that provide forward secrecy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on DocumentRoot /var/log/nodepool/builds Options Indexes FollowSymLinks MultiViews AllowOverride None Require all granted # Allow access to image files Alias /images /opt/nodepool_dib Options Indexes FollowSymLinks MultiViews AllowOverride None Require all granted # Only allow access to the qcow2 files as they are smallest Require all denied # Exclude the dib build dir as well. Require all denied AddType text/plain .log SetOutputFilter DEFLATE ErrorLog /var/log/apache2/nodepool_error.log LogLevel warn CustomLog /var/log/apache2/nodepool_access.log combined ServerSignature Off