45 lines
1.7 KiB
Plaintext
45 lines
1.7 KiB
Plaintext
###############################################################################
|
|
##### virtual_host file created by puppet, changes will be overwritten ######
|
|
###############################################################################
|
|
|
|
<VirtualHost *:443>
|
|
|
|
ServerAdmin root@localhost
|
|
DocumentRoot /var/www/html
|
|
ServerName <%= @ng_webserver_name %>
|
|
DirectoryIndex index.html
|
|
ErrorLog /var/log/httpd/nagios_ssl_error_log
|
|
# ErrorLog syslog:local1
|
|
TransferLog /var/log/httpd/nagios_ssl_transfer_log
|
|
LogLevel warn
|
|
|
|
SSLEngine on
|
|
SSLProtocol all -SSLv2 -SSLv3
|
|
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
|
|
|
|
<% if @js_use_certbot == true -%>
|
|
SSLCertificateFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/cert.pem
|
|
SSLCertificateKeyFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/privkey.pem
|
|
SSLCACertificateFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/fullchain.pem
|
|
<% elsif @js_use_certbot != true -%>
|
|
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
|
|
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
|
|
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
|
|
<% end -%>
|
|
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
|
|
SSLOptions +StdEnvVars
|
|
</Files>
|
|
<Directory "/var/www/cgi-bin">
|
|
SSLOptions +StdEnvVars
|
|
</Directory>
|
|
|
|
SetEnvIf User-Agent ".*MSIE.*" \
|
|
nokeepalive ssl-unclean-shutdown \
|
|
downgrade-1.0 force-response-1.0
|
|
|
|
|
|
CustomLog logs/ssl_request_log \
|
|
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
|
|
|
</VirtualHost>
|