blob: 804942a55772335417b105610c730569cfe4c14c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
<VirtualHost *:80>
ServerName {{ name }}
{% if server_aliases %}
ServerAlias {{ server_aliases | join(" ") }}
{% endif %}
ServerAdmin {{ server_admin }}
TraceEnable Off
{% if gzip %}
SetOutputFilter DEFLATE
{% endif %}
{% if certbot %}
ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
{% endif %}
{% if sslonly %}
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !/.well-known/acme-challenge/.*
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
{% else %}
Include "conf.d/{{ name }}/*.conf"
{% endif %}
</VirtualHost>
{% if ssl %}
<VirtualHost *:443>
ServerName {{ name }}
{% if server_aliases %}
ServerAlias {{ server_aliases | join(" ") }}
{% endif %}
ServerAdmin {{ server_admin }}
{% if gzip %}
SetOutputFilter DEFLATE
{% endif %}
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/{{ cert_name }}.cert
SSLCertificateKeyFile /etc/pki/tls/private/{{ cert_name }}.key
{% if SSLCertificateChainFile %}
SSLCertificateChainFile /etc/pki/tls/certs/{{ SSLCertificateChainFile }}
{% endif %}
SSLHonorCipherOrder On
# https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14
# If you change the protocols or cipher suites, you should probably update
# modules/squid/files/squid.conf-el6 too, to keep it in sync.
SSLProtocol {{ ssl_protocols }}
SSLCipherSuite {{ ssl_ciphers }}
{% if sslonly %}
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
{% endif %}
Include "conf.d/{{ name }}/*.conf"
</VirtualHost>
{% endif %}
|
