ServerName <%= scope.lookupvar("openstackid::vhost_name") %> ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %> ErrorLog ${APACHE_LOG_DIR}/openstackid-error.log LogLevel warn Redirect / https://<%= scope.lookupvar("openstackid::vhost_name") %>/ ServerName <%= scope.lookupvar("openstackid::vhost_name") %> ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %> ErrorLog ${APACHE_LOG_DIR}/openstackid-ssl-error.log LogLevel warn SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # Once the machine is using something to terminate TLS that supports ECDHE # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS # only is guarenteed. SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %> SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %> <% if scope.lookupvar("openstackid::ssl_chain_file") != "" %> SSLCertificateChainFile <%= scope.lookupvar("openstackid::ssl_chain_file") %> <% end %> RewriteEngine on RewriteRule ^/lost-password/?$ <%= scope.lookupvar("openstackid::assets_base_url") %>Security/lostpassword [R=301,NC,L] # Permanent Move RewriteRule ^/registration/?$ <%= scope.lookupvar("openstackid::assets_base_url") %>join/register [R=301,NC,L] # Permanent Move RewriteRule ^/registration-mobile/?$ <%= scope.lookupvar("openstackid::assets_base_url") %>join/register/mobile/community [R=301,NC,L] # Permanent Move RewriteRule ^/resend-verification/?$ <%= scope.lookupvar("openstackid::assets_base_url") %>members/verification/resend [R=301,NC,L] # Permanent Move RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("openstackid::vhost_name") %> RewriteRule ^.*$ <%= scope.lookupvar("openstackid::canonicalweburl") %> # send basic auth header RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] DocumentRoot <%= @docroot %> /> Options -Indexes +FollowSymLinks +MultiViews AllowOverride All ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000<%= @docroot %>/$1 retry=0 timeout=1800