From fcabcef11b0067e702257658a01896525f99348e Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Mon, 21 Mar 2016 19:01:41 +0000 Subject: [PATCH] forgot that qadevel was using the virtualhost template, reverting that part of cf503fe --- files/httpd/newvirtualhost.conf.j2 | 72 +++++++++++++++++++++++++++++- 1 file changed, 71 insertions(+), 1 deletion(-) diff --git a/files/httpd/newvirtualhost.conf.j2 b/files/httpd/newvirtualhost.conf.j2 index 3bae09726b..18c7a2e8ad 100644 --- a/files/httpd/newvirtualhost.conf.j2 +++ b/files/httpd/newvirtualhost.conf.j2 @@ -1,5 +1,75 @@ + + # Change this to the domain which points to your host. + ServerName {{ item.name }} + + # Use separate log files for the SSL virtual host; note that LogLevel + # is not inherited from httpd.conf. + ErrorLog logs/{{ item.name }}_error_log + TransferLog logs/{{ item.name }}_access_log + LogLevel warn + + # SSL Engine Switch: + # Enable/Disable SSL for this virtual host. + SSLEngine on + + # SSL Protocol support: + # List the enable protocol levels with which clients will be able to + # connect. Disable SSLv2 access by default: + SSLProtocol all -SSLv2 + + # SSL Cipher Suite: + # List the ciphers that the client is permitted to negotiate. + # See the mod_ssl documentation for a complete list. + #SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW + SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 + + # Server Certificate: + # Point SSLCertificateFile at a PEM encoded certificate. If + # the certificate is encrypted, then you will be prompted for a + # pass phrase. Note that a kill -HUP will prompt again. A new + # certificate can be generated using the genkey(1) command. + SSLCertificateFile /etc/pki/tls/certs/{{ sslcertfile }} + + # Server Private Key: + # If the key is not combined with the certificate, use this + # directive to point at the key file. Keep in mind that if + # you've both a RSA and a DSA private key you can configure + # both in parallel (to also allow the use of DSA ciphers, etc.) + SSLCertificateKeyFile /etc/pki/tls/private/{{ sslkeyfile }} + + # Server Certificate Chain: + # Point SSLCertificateChainFile at a file containing the + # concatenation of PEM encoded CA certificates which form the + # certificate chain for the server certificate. Alternatively + # the referenced file can be the same as SSLCertificateFile + # when the CA certificates are directly appended to the server + # certificate for convinience. + #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + {% if sslintermediatecertfile != '' %} + SSLCertificateChainFile /etc/pki/tls/certs/{{ sslintermediatecertfile }} + {% endif %} + + # Certificate Authority (CA): + # Set the CA certificate verification path where to find CA + # certificates for client authentication or alternatively one + # huge file containing all of them (file must be PEM encoded) + #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + + DocumentRoot {{ item.document_root }} + + Options Indexes FollowSymLinks + + + + # Change this to the domain which points to your host. ServerName {{ item.name }} - Options Indexes FollowSymLinks + {% if sslonly %} + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] + {% else %} + Options Indexes FollowSymLinks + {% endif %}