opendev/system-config
Code Issues Proposed changes
d9d9a53cb7
system-config/playbooks/roles/static/files/50-security.openstack.org.conf
Jeremy Stanley 8924835baf Update static Apache configs to 2.4 ACL primitives 
We don't need to keep using the old Apache 2.2 Satisfy ACL primitive
because we are now running Apache 2.4 everywhere. Stick to Require
as it simplifies understanding of ACLs by being consistent.

Change-Id: Ib2f7ea1909b9798279efc77a42b632e7129bd1d0
2020-10-16 16:15:00 +00:00

41 lines
1.4 KiB
Plaintext
Raw Blame History

Define AFS_ROOT /afs/openstack.org/project/security.openstack.org
<VirtualHost *:80>
ServerName security.openstack.org
RewriteEngine On
RewriteRule ^/(.*) https://security.openstack.org/$1 [last,redirect=permanent]
LogLevel warn
ErrorLog /var/log/apache2/security.openstack.org_error.log
CustomLog /var/log/apache2/security.openstack.org_access.log combined
ServerSignature Off
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName security.openstack.org
DocumentRoot ${AFS_ROOT}
SSLCertificateFile /etc/letsencrypt-certs/security.openstack.org/security.openstack.org.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/security.openstack.org/security.openstack.org.key
SSLCertificateChainFile /etc/letsencrypt-certs/security.openstack.org/ca.cer
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
<Directory ${AFS_ROOT}>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch
Require all granted
</Directory>
LogLevel warn
ErrorLog /var/log/apache2/security.openstack.org_error.log
CustomLog /var/log/apache2/security.openstack.org_access.log combined
ServerSignature Off
</VirtualHost>
</IfModule>
View Git Blame Copy Permalink