91 lines
3.3 KiB
Django/Jinja
91 lines
3.3 KiB
Django/Jinja
<VirtualHost *:443>
|
|
# Change this to the domain which points to your host.
|
|
ServerName phab.{{external_hostname}}
|
|
|
|
# Use separate log files for the SSL virtual host; note that LogLevel
|
|
# is not inherited from httpd.conf.
|
|
ErrorLog logs/phab_error_log
|
|
TransferLog logs/phab_access_log
|
|
LogLevel warn
|
|
|
|
# SSL Engine Switch:
|
|
# Enable/Disable SSL for this virtual host.
|
|
SSLEngine on
|
|
|
|
# SSL Protocol support:
|
|
# List the enable protocol levels with which clients will be able to
|
|
# connect. Disable SSLv2 access by default:
|
|
SSLProtocol all -SSLv2
|
|
|
|
# SSL Cipher Suite:
|
|
# List the ciphers that the client is permitted to negotiate.
|
|
# See the mod_ssl documentation for a complete list.
|
|
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
|
|
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
|
|
|
|
# Server Certificate:
|
|
# Point SSLCertificateFile at a PEM encoded certificate. If
|
|
# the certificate is encrypted, then you will be prompted for a
|
|
# pass phrase. Note that a kill -HUP will prompt again. A new
|
|
# certificate can be generated using the genkey(1) command.
|
|
SSLCertificateFile /etc/pki/tls/certs/{{ sslcertfile }}
|
|
|
|
# Server Private Key:
|
|
# If the key is not combined with the certificate, use this
|
|
# directive to point at the key file. Keep in mind that if
|
|
# you've both a RSA and a DSA private key you can configure
|
|
# both in parallel (to also allow the use of DSA ciphers, etc.)
|
|
SSLCertificateKeyFile /etc/pki/tls/private/{{ sslkeyfile }}
|
|
|
|
# Server Certificate Chain:
|
|
# Point SSLCertificateChainFile at a file containing the
|
|
# concatenation of PEM encoded CA certificates which form the
|
|
# certificate chain for the server certificate. Alternatively
|
|
# the referenced file can be the same as SSLCertificateFile
|
|
# when the CA certificates are directly appended to the server
|
|
# certificate for convinience.
|
|
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
|
|
{% if sslintermediatecertfile is defined and sslintermediatecertfile != '' %}
|
|
SSLCertificateChainFile /etc/pki/tls/certs/{{ sslintermediatecertfile }}
|
|
{% endif %}
|
|
|
|
# Certificate Authority (CA):
|
|
# Set the CA certificate verification path where to find CA
|
|
# certificates for client authentication or alternatively one
|
|
# huge file containing all of them (file must be PEM encoded)
|
|
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
|
|
|
|
# Change this to the path where you put 'phabricator' when you checked it
|
|
# out from GitHub when following the Installation Guide.
|
|
#
|
|
# Make sure you include "/webroot" at the end!
|
|
DocumentRoot {{phabroot}}/phabricator/webroot
|
|
|
|
RewriteEngine on
|
|
RewriteRule ^/rsrc/(.*) - [L,QSA]
|
|
RewriteRule ^/favicon.ico - [L,QSA]
|
|
RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA]
|
|
</VirtualHost>
|
|
|
|
|
|
<VirtualHost *:80>
|
|
# Change this to the domain which points to your host.
|
|
ServerName phab.{{external_hostname}}
|
|
|
|
RewriteEngine on
|
|
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
|
|
</VirtualHost>
|
|
|
|
|
|
<Directory "{{ phabroot }}/phabricator/webroot">
|
|
AllowOverride None
|
|
#Require all granted
|
|
<IfModule mod_authz_core.c>
|
|
# Apache 2.4
|
|
Require all granted
|
|
</IfModule>
|
|
<IfModule !mod_auth_core.c>
|
|
Order allow,deny
|
|
Allow from all
|
|
</IfModule>
|
|
</Directory>
|