playbooks/debian/roles/add-apache-vhost/templates/vhost.conf

   1 <VirtualHost 127.0.0.1:80 {{ ansible_facts.default_ipv4.address }}:80>
   2 ServerName {{ virtual_host }}
   3 Redirect permanent / https://{{ virtual_host }}/
   4 ErrorLog /var/log/apache2/{{ virtual_host }}/error_log
   5 CustomLog /var/log/apache2/{{ virtual_host }}/access_log common
   6 </VirtualHost>
   7
   8 <VirtualHost 127.0.0.1:80 {{ ansible_facts.default_ipv4.address }}:80>
   9 ServerName www.{{ virtual_host }}
  10 Redirect permanent / https://{{ virtual_host }}/
  11 ErrorLog /var/log/apache2/{{ virtual_host }}/error_log
  12 CustomLog /var/log/apache2/{{ virtual_host }}/access_log common
  13 </VirtualHost>
  14
  15 <VirtualHost 127.0.0.1:443 {{ ansible_facts.default_ipv4.address }}:443>
  16 ServerName {{ virtual_host }}
  17
  18 DocumentRoot /usr/local/apache2/htdocs/{{ virtual_host }}
  19 ScriptAlias /cgi-bin /usr/local/apache2/cgi-bin/{{ virtual_host }}
  20 ErrorLog /var/log/apache2/{{ virtual_host }}/error_log
  21 CustomLog /var/log/apache2/{{ virtual_host }}/access_log common
  22
  23 <Directory /usr/local/apache2/htdocs/{{ virtual_host }}>
  24 Require all granted
  25 </Directory>
  26
  27 <Directory /usr/local/apache2/cgi-bin/{{ virtual_host }}>
  28 Require all granted
  29 </Directory>
  30
  31 <Location /Bookmarks>
  32 ErrorDocument 404 http://{{ virtual_host }}/Bookmarks/notfound.html
  33 </Location>
  34
  35 <Location /Software/Python/m_librarian/docs>
  36 AddDefaultCharset utf-8
  37 </Location>
  38
  39 <IfModule mod_proxy.c>
  40 <Proxy *>
  41    Require all denied
  42 </Proxy>
  43
  44 ProxyRequests Off
  45 </IfModule>
  46
  47 SSLEngine off
  48 #Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
  49 #Header always set X-Content-Type-Options nosniff
  50 #Header always set X-Frame-Options DENY
  51 #SSLCipherSuite HIGH:MEDIUM:RSA:!EXP:!aNULL:!NULL:+SHA1:+HIGH:+MEDIUM:-LOW
  52 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
  53 SSLCompression off
  54 SSLHonorCipherOrder On
  55 SSLOptions +StrictRequire
  56 SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
  57 SSLProxyEngine off
  58 #SSLRandomSeed connect file:/dev/urandom 1024
  59 #SSLRandomSeed startup file:/dev/urandom 1024
  60 #SSLSessionCache shm:/var/log/apache2/ssl_cache_shm
  61 #SSLSessionCacheTimeout 600
  62 #SSLSessionTickets Off
  63 #SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
  64 #SSLUseStapling on
  65 SSLVerifyClient none
  66
  67 #SSLCACertificateFile /etc/apache2/ssl/CA.crt
  68 #SSLCertificateFile /etc/apache2/ssl/{{ virtual_host }}.crt
  69 #SSLCertificateKeyFile /etc/apache2/ssl/{{ virtual_host }}.key
  70
  71 <Directory />
  72    SSLRequireSSL
  73 </Directory>
  74
  75 <Directory /usr/local/apache2/cgi-bin/{{ virtual_host }}>
  76    SSLOptions +StdEnvVars
  77 </Directory>
  78
  79 #<IfModule mime.c>
  80 #   AddType application/x-x509-ca-cert      .crt
  81 #   AddType application/x-pkcs7-crl         .crl
  82 #</IfModule>
  83
  84 BrowserMatch "MSIE [2-6]" \
  85    nokeepalive ssl-unclean-shutdown \
  86    downgrade-1.0 force-response-1.0
  87 # MSIE 7 and newer should be able to use keepalive
  88 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
  89 </VirtualHost>
  90
  91 <VirtualHost 127.0.0.1:443 {{ ansible_facts.default_ipv4.address }}:443>
  92 ServerName www.{{ virtual_host }}
  93 Redirect permanent / https://{{ virtual_host }}/
  94 ErrorLog /var/log/apache2/{{ virtual_host }}/error_log
  95 CustomLog /var/log/apache2/{{ virtual_host }}/access_log common
  96 </VirtualHost>