###############################################################################
#####  virtual_host file created by puppet, changes will be overwritten  ######
###############################################################################

<VirtualHost *:443>

    ServerAdmin root@localhost
    DocumentRoot /var/www/html
    ServerName <%= @ng_webserver_name %>
    DirectoryIndex index.html
    ErrorLog /var/log/httpd/nagios_ssl_error_log
#    ErrorLog syslog:local1
    TransferLog /var/log/httpd/nagios_ssl_transfer_log
    LogLevel warn

    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"

<% if @ng_use_certbot == true -%>
    SSLCertificateFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/cert.pem
    SSLCertificateKeyFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/privkey.pem
    SSLCACertificateFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/fullchain.pem
<% elsif @ng_use_certbot != true -%>
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
<% end -%>
    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
    </Files>
    <Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
    </Directory>

    SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0


     CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>