templates/default/appserver.apache2.passenger.conf.erb

<% unless @out[:port] == 80 %>
Listen <%= @out[:port] %>
<% end -%>

ServerTokens Prod
ServerSignature Off
Header always unset "X-Powered-By"

<VirtualHost *:<%= @out[:port] %>>
  ServerName <%= node['hostname'] %>
  ServerAlias <%= @application[:domains].join(" ") %>

<% if @application[:enable_ssl] && @out[:force_ssl] %>
<% if @out[:ssl_port].to_i == 443 %>
  RewriteEngine On
  RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
<% else %>
  RewriteEngine On
  RewriteRule ^/?(.*) https://%{SERVER_NAME}:<%= @out[:ssl_port] %>/$1 [R=301,L]
<% end %>

<% else %>
  # http support
  DocumentRoot <%= File.join(@deploy_dir, 'current', 'public') %>

  <Directory <%= File.join(@deploy_dir, 'current') %>>
    Require all granted
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>

  LogLevel <%= @out[:log_level] %>
  ErrorLog <%= @out[:log_dir] %>/<%= @application[:domains].first %>.error.log
  CustomLog <%= @out[:log_dir] %>/<%= @application[:domains].first %>.access.log combined

  FileETag none
  LimitRequestBody <%= @out[:limit_request_body] || '1048576' %>
  KeepAliveTimeout <%= @out[:keepalive_timeout] || '15' %>

  <Location "/assets/">
    ExpiresActive on

    Header set Cache-Control "public"
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET, PUT, POST, DELETE"
    Header set Access-Control-Expose-Headers "ETag"
    Header set X-Content-Type-Options "nosniff"
    </Location>

<% if @appserver_config[:max_pool_size] -%>
  PassengerMaxPoolSize <%= @appserver_config[:max_pool_size] %>
<% end %>
<% if @appserver_config[:min_instances] -%>
  PassengerMinInstances <%= @appserver_config[:min_instances] %>
<% end %>
<% if @appserver_config[:pool_idle_time] -%>
  PassengerPoolIdleTime <%= @appserver_config[:pool_idle_time] %>
<% end %>
<% if @appserver_config[:max_request_queue_size] -%>
  PassengerMaxRequestQueueSize <%= @appserver_config[:max_request_queue_size] %>
<% end %>

  <Location <%= @appserver_config[:mount_point] %>>
    PassengerAppEnv <%= @deploy_env %>
    PassengerBaseURI <%= @appserver_config[:mount_point] %>
    PassengerAppRoot <%= File.join(@deploy_dir, 'current') %>
  </Location>

  RewriteEngine on

  <% if @appserver_config[:error_document] -%>
  PassengerErrorOverride on
  <% @appserver_config[:error_document].each do | status, file | %>
  ErrorDocument <%= status %> "/<%= file %>"
  <% end %>
  <% end %>
<% end %>

  <%= @out[:extra_config] %>

</VirtualHost>

<% if @application[:enable_ssl] %>
<% unless @out[:ssl_port].to_i == 443 %>
Listen <%= @out[:ssl_port] %>
<% end -%>

SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
<VirtualHost *:<%= @out[:ssl_port] %>>
  ServerName <%= node['hostname'] %>
  ServerAlias <%= @application[:domains].join(" ") %>

  DocumentRoot <%= File.join(@deploy_dir, 'current', 'public') %>

  <Directory <%= File.join(@deploy_dir, 'current') %>>
    Require all granted
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>

  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile <%= @ssl_cert_dir %>/<%= @application[:domains].first %>.crt
  SSLCertificateKeyFile <%= @ssl_cert_dir %>/<%= @application[:domains].first %>.key
  <% if @application[:ssl_configuration][:chain] -%>
  SSLCACertificateFile <%= @ssl_cert_dir %>/<%= @application[:domains].first %>.ca
  <% end %>
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

  <% if @out[:ssl_for_legacy_browsers] -%>
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
  SSLProtocol All -SSLv2 -SSLv3
  <% else %>
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
  SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
  <% end %>

  SSLHonorCipherOrder On
  SSLCompression off
  SSLUseStapling on

  <% if @out[:dhparams].present? -%>
  SSLOpenSSLConfCmd DHParameters "/etc/apache2/ssl/<%= @application[:domains].first %>.dhparams.pem"
  <% end %>

  LogLevel <%= @out[:log_level] %>
  ErrorLog <%= @out[:log_dir] %>/<%= @application[:domains].first %>.error.log
  CustomLog <%= @out[:log_dir] %>/<%= @application[:domains].first %>.access.log combined

  FileETag none
  LimitRequestBody <%= @out[:client_max_body_size] || '1048576' %>
  KeepAliveTimeout <%= @out[:keepalive_timeout] || '15' %>

  <Location "/assets/">
    ExpiresActive on

    Header set Cache-Control "public"
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET, PUT, POST, DELETE"
    Header set Access-Control-Expose-Headers "ETag"
    Header set X-Content-Type-Options "nosniff"
  </Location>

<% if @appserver_config[:max_pool_size] -%>
  PassengerMaxPoolSize <%= @appserver_config[:max_pool_size] %>
<% end %>
<% if @appserver_config[:min_instances] -%>
  PassengerMinInstances <%= @appserver_config[:min_instances] %>
<% end %>
<% if @appserver_config[:pool_idle_time] -%>
  PassengerPoolIdleTime <%= @appserver_config[:pool_idle_time] %>
<% end %>
<% if @appserver_config[:max_request_queue_size] -%>
  PassengerMaxRequestQueueSize <%= @appserver_config[:max_request_queue_size] %>
<% end %>

  <Location <%= @appserver_config[:mount_point] %>>
    PassengerAppEnv <%= @deploy_env %>
    PassengerBaseURI <%= @appserver_config[:mount_point] %>
    PassengerAppRoot <%= File.join(@deploy_dir, 'current') %>
  </Location>

  RequestHeader set X-Forwarded-Proto "https"

  RewriteEngine on

  <% if @appserver_config[:error_document] -%>
  PassengerErrorOverride on
  <% @appserver_config[:error_document].each do | status, file | %>
  ErrorDocument <%= status %> "/<%= file %>"
  <% end %>
  <% end %>

  <%= @out[:extra_config_ssl] %>

</VirtualHost>
<% end %>