20 lines
552 B
Django/Jinja
20 lines
552 B
Django/Jinja
<VirtualHost *:443>
|
|
ServerName {{ inventory_hostname }}
|
|
DocumentRoot /srv/web/{{ inventory_hostname }}
|
|
|
|
Protocols h2 http/1.1
|
|
|
|
SSLEngine on
|
|
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
|
SSLCipherSuite {{ tls_ciphers }}
|
|
SSLHonorCipherOrder off
|
|
SSLSessionTickets off
|
|
|
|
# Server certificates
|
|
SSLCertificateKeyFile {{ tls_private }}/{{ inventory_hostname }}.key
|
|
SSLCertificateFile {{ tls_certs }}/{{ inventory_hostname }}.crt
|
|
|
|
# Client certificate auth
|
|
SSLCACertificateFile {{ tls_certs }}/ca.crt
|
|
SSLVerifyClient require
|
|
</VirtualHost>
|