760d1dfd51
Initial testing failed to turn up some hard-coding of the server name in the Apache mod_auth_openid configuration options. Replace these with ERB variable expansions for the site name as used elsewhere in that file. Change-Id: I80793e34962ac9b6659e4ed05a6a7d5029c79429
54 lines
1.7 KiB
Plaintext
54 lines
1.7 KiB
Plaintext
# ************************************
|
|
# Managed by Puppet
|
|
# ************************************
|
|
|
|
<VirtualHost <%= @vhost_name %>:80>
|
|
ServerName <%= @srvname %>
|
|
ReWriteEngine On
|
|
ReWriteRule ^/(.*) https://<%= @srvname %>/$1 [last,redirect=permanent]
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/<%= @name %>_error.log
|
|
CustomLog /var/log/apache2/<%= @name %>_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<VirtualHost <%= @vhost_name %>:<%= @port %>>
|
|
ServerName <%= @srvname %>
|
|
|
|
DocumentRoot <%= @docroot %>
|
|
<Directory <%= @docroot %>>
|
|
Options <%= @options %>
|
|
AllowOverride None
|
|
Order allow,deny
|
|
allow from all
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<% if @auth_openid != nil %>
|
|
<Location /index.php/admin/>
|
|
AuthType OpenID
|
|
AuthName "Welcome"
|
|
AuthOpenIDSecureCookie On
|
|
AuthOpenIDCookieLifespan 3600
|
|
AuthOpenIDTrustRoot https://<%= @srvname %>
|
|
AuthOpenIDServerName https://<%= @srvname %>
|
|
AuthOpenIDSingleIdP https://openstackid.org
|
|
AuthOpenIDTrusted ^https://openstackid.org/.*$
|
|
Require valid-user
|
|
</Location>
|
|
<% end %>
|
|
|
|
SSLEngine on
|
|
SSLProtocol ALL -SSLv2 -SSLv3
|
|
SSLCertificateFile <%= scope.lookupvar("openstack_project::survey::ssl_cert_file") %>
|
|
SSLCertificateKeyFile <%= scope.lookupvar("openstack_project::survey::ssl_key_file") %>
|
|
<% if scope.lookupvar("openstack_project::survey::ssl_chain_file") != "" %>
|
|
SSLCertificateChainFile <%= scope.lookupvar("openstack_project::survey::ssl_chain_file") %>
|
|
<% end %>
|
|
|
|
ErrorLog /var/log/apache2/<%= @name %>_error.log
|
|
LogLevel warn
|
|
CustomLog /var/log/apache2/<%= @name %>_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|