opendev/system-config
Code Issues Proposed changes
9c7136448a
system-config/modules/openstack_project/templates/website.vhost.erb
Clark Boylan 9ea8edc341 Evaluate files website vhosts in context of website not vhost 
To deal with puppet scoping fun we evaluate the template for our
files.o.o website vhosts in the context of the website define and not in
the context of httpd::vhost.

Change-Id: I90bb881eb6ad78cede3a8a2548e1dfcf24e1160b
2019-06-06 15:12:15 -07:00

61 lines
2.1 KiB
Plaintext
Raw Blame History

# ************************************
# Managed by Puppet
# ************************************
<VirtualHost *:80>
ServerName <%= @name %>
<% if @aliases.is_a? Array -%>
<% @aliases.each do |alias_name| -%><%= " ServerAlias #{alias_name}\n" %><% end -%>
<% elsif @aliases != nil -%>
<%= " ServerAlias #{@aliases}" -%>
<% end -%>
RewriteEngine on
RewriteRule ^/(.*) https://<%= @name %>/$1 [last,redirect=permanent]
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
LogLevel warn
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
ServerSignature Off
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName <%= @name %>
<% if @aliases.is_a? Array -%>
<% @aliases.each do |alias_name| -%><%= " ServerAlias #{alias_name}\n" %><% end -%>
<% elsif @aliases != nil -%>
<%= " ServerAlias #{@aliases}" -%>
<% end -%>
RewriteEngine on
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Once the machine is using something to terminate TLS that supports ECDHE
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
# only is guarenteed.
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile <%= @ssl_cert_file_ %>
SSLCertificateKeyFile <%= @ssl_key_file_ %>
SSLCertificateChainFile <%= @ssl_chain_file_ %>
DocumentRoot <%= @docroot_ %>
<Directory <%= @docroot_ %>>
Options Indexes FollowSymLinks MultiViews
Satisfy any
Require all granted
AllowOverride None
# Allow mod_rewrite rules
AllowOverrideList Redirect RedirectMatch
ErrorDocument 404 /errorpage.html
</Directory>
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
LogLevel warn
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
ServerSignature Off
</VirtualHost>
</IfModule>
View Git Blame Copy Permalink