ssl.template.erb 3.36 KB
Newer Older
Steve Kemp's avatar
Steve Kemp committed
1
2
3
4
####
##
#
#  This file is automatically generated from the template located at
5
#  /etc/symbiosis/apache.d/ssl.template.erb.
Steve Kemp's avatar
Steve Kemp committed
6
#
7
8
#  Feel free to make changes to this file, and thereafter it will not be
#  automatically updated if the template, or SSL configuration changes.
Steve Kemp's avatar
Steve Kemp committed
9
10
11
12
13
14
15
16
#
#  For SSL documenation please consult:
#
#  http://symbiosis.bytemark.co.uk/docs/ch-ssl-hosting.html
#
##
###

17
% ips.each do |ip|
18
NameVirtualHost <%= ip %>:443
19
NameVirtualHost <%= ip %>:80
20
% end
Steve Kemp's avatar
Steve Kemp committed
21

22
<VirtualHost <%= ips.collect{|ip| ip+":443"}.join(" ") %>>
23

24
25
26
        #
        # Put our server name 
        #
27
        ServerName  <%= domain %>
28
29
30
31

        #
        # And server alias in place
        #
32
        ServerAlias www.<%= domain %>
Steve Kemp's avatar
Steve Kemp committed
33

34

Steve Kemp's avatar
Steve Kemp committed
35
        SSLEngine On
36
37
38
39

        #
        # The certificate, key, and intermediate bundle (if needed)
        #
40
41
        <%= ssl_config %>

42
43
44
45
46
47
48
49
50

        #
        # Sane SSL ciphers.
        #
        SSLCipherSuite ALL:!LOW:!SSLv2:!EXP:!aNULL

        #
        # And some options
        #
Steve Kemp's avatar
Steve Kemp committed
51
52
53
54
55
56
        SSLOptions +StrictRequire


        #
        #  Allow users to override settings via .htaccess
        #
57
        <Directory <%=domain_directory%> >
Steve Kemp's avatar
Steve Kemp committed
58
59
60
61
62
63
                AllowOverride all
        </Directory>

        #
        #  The document root
        #
64
        DocumentRoot <%= domain_directory %>/public/htdocs
Steve Kemp's avatar
Steve Kemp committed
65
66
67
68

        #
        # General CGI Handling
        #
69
        ScriptAlias /cgi-bin/ <%= domain_directory %>/public/cgi-bin/
Steve Kemp's avatar
Steve Kemp committed
70
71
72
73
74
        <Location /cgi-bin>
                Options +ExecCGI
        </Location>

        #
75
        # We need to log the virtual hostname the incoming request was
Steve Kemp's avatar
Steve Kemp committed
76
77
78
        # made against, so that the cron-job in /etc/cron.daily may generate
        # statistics for each domain.
        #
79
80
        ErrorLog   "|| /usr/sbin/symbiosis-apache-logger -s -u <%= domain.uid %> -g <%= domain.gid %> <%= domain.log_dir %>/ssl_error.log"
        CustomLog  "|| /usr/sbin/symbiosis-apache-logger -s -u <%= domain.uid %> -g <%= domain.gid %> <%= domain.log_dir %>/ssl_access.log" combined
Steve Kemp's avatar
Steve Kemp committed
81
82
</VirtualHost>

83
<VirtualHost <%= ips.collect{|ip| ip+":80"}.join(" ") %>>
Steve Kemp's avatar
Steve Kemp committed
84

85
86
87
88
89
90
91
92
93
94
        #
        # Put our server name 
        #
        ServerName  <%= domain %>

        #
        # And server alias in place
        #
        ServerAlias www.<%= domain %>

95
% if mandatory_ssl?
Steve Kemp's avatar
Steve Kemp committed
96
97
98
99
        #
        #  All accesses redirect to the HTTPS version of
        # the site.
        #
100
        Redirect / https://<%= domain %>/
Steve Kemp's avatar
Steve Kemp committed
101

102
% else
Steve Kemp's avatar
Steve Kemp committed
103
104
105
106

        #
        #  Allow users to override settings via .htaccess
        #
107
        <Directory <%=domain_directory%> >
Steve Kemp's avatar
Steve Kemp committed
108
109
110
111
112
113
                AllowOverride all
        </Directory>

        #
        #  The document root
        #
114
        DocumentRoot     <%= domain_directory %>/public/htdocs/
Steve Kemp's avatar
Steve Kemp committed
115
116
117
118

        #
        # General CGI Handling
        #
119
        ScriptAlias /cgi-bin/ <%= domain_directory %>/public/cgi-bin/
Steve Kemp's avatar
Steve Kemp committed
120
121
122
123
124
125
126
127
128
        <Location /cgi-bin>
                Options +ExecCGI
        </Location>

        #
        #  We need to log the virtual hostname the incoming request was
        # made against, so that the cron-job in /etc/cron.daily may generate
        # statistics for each domain.
        #
129
130
131
        ErrorLog   "|| /usr/sbin/symbiosis-apache-logger -s -u <%= domain.uid %> -g <%= domain.gid %> <%= domain.log_dir %>/error.log"
        CustomLog  "|| /usr/sbin/symbiosis-apache-logger -s -u <%= domain.uid %> -g <%= domain.gid %> <%= domain.log_dir %>/access.log" combined

132
% end
Steve Kemp's avatar
Steve Kemp committed
133
134
</VirtualHost>