a167ed03c1
This reverts commit 91dcb510bace2f3a14745c18e945f8504a325c15. The implementation ignored that the referenced template is being used by many vhosts but the lists for aliases and directories were defined at (and referenced from) the containing class scope. This coupled with the newly introduced conditional for the directories array caused all other vhosts using this template to no longer get Directory blocks for their docroots. Change-Id: I808e654a6fb77440e7aecbde4456ddc720fe0d9a
57 lines
2.0 KiB
Plaintext
57 lines
2.0 KiB
Plaintext
# ************************************
|
|
# Managed by Puppet
|
|
# ************************************
|
|
|
|
<VirtualHost *:80>
|
|
ServerName <%= @vhost_name %>
|
|
<% if @serveraliases.is_a? Array -%>
|
|
# Permanently redirect these ServerAlias entries to ServerName
|
|
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
|
<% elsif @serveraliases != '' -%>
|
|
<%= " ServerAlias #{@serveraliases}" %>
|
|
RewriteEngine On
|
|
RewriteCond %{HTTP_HOST} !<%= @vhost_name %>$ [NC]
|
|
RewriteRule ^/(.*)$ http://<%= @vhost_name %>/$1 [L,R=301]
|
|
<% end -%>
|
|
DocumentRoot <%= @docroot %>
|
|
<Directory <%= @docroot %>>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverride None
|
|
Satisfy Any
|
|
Require all granted
|
|
</Directory>
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName <%= @vhost_name %>
|
|
DocumentRoot <%= @docroot %>
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Once the machine is using something to terminate TLS that supports ECDHE
|
|
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
|
# only is guarenteed.
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %>
|
|
SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %>
|
|
<% if scope['openstack_project::static::chain_file'] != '' %>
|
|
SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %>
|
|
<% end %>
|
|
<Directory <%= @docroot %>>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverride None
|
|
Satisfy Any
|
|
Require all granted
|
|
</Directory>
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
</IfModule>
|