63 lines
1.7 KiB
Text
63 lines
1.7 KiB
Text
<VirtualHost *:80>
|
|
ServerName {{ name }}
|
|
{% if server_aliases %}
|
|
ServerAlias {{ server_aliases | join(" ") }}
|
|
{% endif %}
|
|
ServerAdmin {{ server_admin }}
|
|
TraceEnable Off
|
|
|
|
{% if gzip %}
|
|
SetOutputFilter DEFLATE
|
|
{% endif %}
|
|
|
|
{% if certbot %}
|
|
ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
|
|
{% endif %}
|
|
|
|
{% if sslonly %}
|
|
RewriteEngine On
|
|
RewriteCond %{HTTPS} off
|
|
RewriteCond %{REQUEST_URI} !/.well-known/acme-challenge/.*
|
|
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
|
|
{% else %}
|
|
Include "conf.d/{{ name }}/*.conf"
|
|
{% endif %}
|
|
</VirtualHost>
|
|
|
|
{% if ssl %}
|
|
<VirtualHost *:443>
|
|
ServerName {{ name }}
|
|
{% if server_aliases %}
|
|
ServerAlias {{ server_aliases | join(" ") }}
|
|
{% endif %}
|
|
ServerAdmin {{ server_admin }}
|
|
|
|
{% if ansible_distribution == 'Fedora' %}
|
|
# Protocols h2 http/1.1
|
|
{% endif %}
|
|
|
|
{% if gzip %}
|
|
SetOutputFilter DEFLATE
|
|
{% endif %}
|
|
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/pki/tls/certs/{{ cert_name }}.cert
|
|
SSLCertificateKeyFile /etc/pki/tls/private/{{ cert_name }}.key
|
|
{% if SSLCertificateChainFile %}
|
|
SSLCertificateChainFile /etc/pki/tls/certs/{{ SSLCertificateChainFile }}
|
|
{% endif %}
|
|
SSLHonorCipherOrder On
|
|
|
|
# https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14
|
|
# If you change the protocols or cipher suites, you should probably update
|
|
# modules/squid/files/squid.conf-el6 too, to keep it in sync.
|
|
SSLProtocol {{ ssl_protocols }}
|
|
SSLCipherSuite {{ ssl_ciphers }}
|
|
|
|
{% if sslonly %}
|
|
Header always add Strict-Transport-Security "max-age=31536000; {% if stssubdomains %}includeSubDomains; {% endif %}preload"
|
|
{% endif %}
|
|
Include "conf.d/{{ name }}/*.conf"
|
|
</VirtualHost>
|
|
{% endif %}
|
|
|