75 lines
2.7 KiB
Django/Jinja
75 lines
2.7 KiB
Django/Jinja
<VirtualHost *:443>
|
|
# Change this to the domain which points to your host.
|
|
ServerName {{ item.name }}
|
|
|
|
# Use separate log files for the SSL virtual host; note that LogLevel
|
|
# is not inherited from httpd.conf.
|
|
ErrorLog logs/{{ item.name }}_error_log
|
|
TransferLog logs/{{ item.name }}_access_log
|
|
LogLevel warn
|
|
|
|
# SSL Engine Switch:
|
|
# Enable/Disable SSL for this virtual host.
|
|
SSLEngine on
|
|
|
|
# SSL Protocol support:
|
|
# List the enable protocol levels with which clients will be able to
|
|
# connect. Disable SSLv2 access by default:
|
|
SSLProtocol all -SSLv2
|
|
|
|
# SSL Cipher Suite:
|
|
# List the ciphers that the client is permitted to negotiate.
|
|
# See the mod_ssl documentation for a complete list.
|
|
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
|
|
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
|
|
|
|
# Server Certificate:
|
|
# Point SSLCertificateFile at a PEM encoded certificate. If
|
|
# the certificate is encrypted, then you will be prompted for a
|
|
# pass phrase. Note that a kill -HUP will prompt again. A new
|
|
# certificate can be generated using the genkey(1) command.
|
|
SSLCertificateFile /etc/pki/tls/certs/{{ sslcertfile }}
|
|
|
|
# Server Private Key:
|
|
# If the key is not combined with the certificate, use this
|
|
# directive to point at the key file. Keep in mind that if
|
|
# you've both a RSA and a DSA private key you can configure
|
|
# both in parallel (to also allow the use of DSA ciphers, etc.)
|
|
SSLCertificateKeyFile /etc/pki/tls/private/{{ sslkeyfile }}
|
|
|
|
# Server Certificate Chain:
|
|
# Point SSLCertificateChainFile at a file containing the
|
|
# concatenation of PEM encoded CA certificates which form the
|
|
# certificate chain for the server certificate. Alternatively
|
|
# the referenced file can be the same as SSLCertificateFile
|
|
# when the CA certificates are directly appended to the server
|
|
# certificate for convinience.
|
|
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
|
|
{% if sslintermediatecertfile != '' %}
|
|
SSLCertificateChainFile /etc/pki/tls/certs/{{ sslintermediatecertfile }}
|
|
{% endif %}
|
|
|
|
# Certificate Authority (CA):
|
|
# Set the CA certificate verification path where to find CA
|
|
# certificates for client authentication or alternatively one
|
|
# huge file containing all of them (file must be PEM encoded)
|
|
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
|
|
|
|
DocumentRoot {{ item.document_root }}
|
|
|
|
Options Indexes FollowSymLinks
|
|
|
|
</VirtualHost>
|
|
|
|
|
|
<VirtualHost *:80>
|
|
# Change this to the domain which points to your host.
|
|
ServerName {{ item.name }}
|
|
{% if sslonly %}
|
|
RewriteEngine On
|
|
RewriteCond %{HTTPS} off
|
|
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
|
|
{% else %}
|
|
Options Indexes FollowSymLinks
|
|
{% endif %}
|
|
</VirtualHost>
|