Commit 802d6193 authored by Oyvind.Gjesdal's avatar Oyvind.Gjesdal
Browse files

add ssl options to template

parent 6fc432b8
......@@ -10,9 +10,6 @@
{% if vhost.documentroot is defined %}
DocumentRoot "{{ vhost.documentroot }}"
{% endif %}
{% if apache_vhosts_version == "2.4" %}
SSLCompression off
{% endif %}
{% set letsencrypt_vhost_path = '/etc/letsencrypt/live/' + vhost.servername + '/' %}
{% set default_cert_file = letsencrypt_vhost_path + 'cert.pem' %}
{% set default_cert_key = letsencrypt_vhost_path + 'privkey.pem' %}
......@@ -21,13 +18,26 @@
{% if vhost.ssl_type is undefined or vhost.ssl_type == 'letsencrypt' %}
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCompression off
SSLCertificateFile {{ vhost.certificate_file | default(default_cert_file) }}
SSLCertificateKeyFile {{ vhost.certificate_key_file | default(default_cert_key) }}
SSLCertificateChainFile {{vhost.certificate_chain_file | default(default_chain_file) }}
{% endif %}
{# block for setting sertificate for uib host #}
{% if vhost.ssl_type == 'uib' %} /etc/pki/tls/certs/domene.uib.no.crt
{% if vhost.ssl_type == 'uib' %}
{# ssl config copied from letsencrypt options #}
SSLEngine on
# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLOptions +StrictRequire
SSLCompression off
SSLCertificateFile {{ vhost.certificate_file | default('/etc/pki/tls/certs/'+ vhost.servername + '.pem') }}
SSLCertificateKeyFile {{ vhost.certificate_key_file | default('/etc/pki/tls/private/' + vhost.servername + '.key') }}
{% endif %}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment