non_ssl.template.erb 3.34 KB
Newer Older
Paul Cammish's avatar
Paul Cammish committed
1
###
2
3
##
#  This file is automatically generated from the template located at
4
#  /etc/sympl/apache.d/non_ssl.template.erb.
5
#
Paul Cammish's avatar
Paul Cammish committed
6
#  Any extra Apache configurations can be added as .conf files in
7
#  /srv/<%= domain %>/config/apache.d/
Paul Cammish's avatar
Paul Cammish committed
8
9
10
11
12
#  which will be read after the base configuration has been read.
#  Warning: Ensure these are valid, as you may break Apache!
#
#  Alternatively, feel free to make changes to this file, however this
#  file will NOT be updated automatically when the template changes.
13
14
15
16
17
##
###

<VirtualHost <%= ips.collect{|ip| ip+":80"}.join(" ") %>>

Paul Cammish's avatar
Paul Cammish committed
18
  # Set the ServerName to this sites domain name.
Paul Cammish's avatar
Paul Cammish committed
19
20
  ServerName  <%= domain %>

Paul Cammish's avatar
Paul Cammish committed
21
  # Add the testing alias and any others.
Paul Cammish's avatar
Paul Cammish committed
22
23
24
  ServerAlias <%= domain %>.testing.<%= hostname() %>
  <%= server_aliases %>

Paul Cammish's avatar
Paul Cammish committed
25
26
  # This provides a helpful error message when the root of the
  #   site has no content or is inaccessible.
Paul Cammish's avatar
Paul Cammish committed
27
28
29
30
31
32
33
34
35
36
37
  Alias /__sympl/ "/usr/share/sympl/static/"

  <Directory "/usr/share/sympl/static/">
    DirectoryIndex index.html
    AllowOverride none
    Require all granted
  </Directory>

  <LocationMatch "^/+$">
    Options -Indexes
    ErrorDocument 403 /__sympl/index.html
Paul Cammish's avatar
Paul Cammish committed
38
    ErrorDocument 404 /__sympl/index.html
Paul Cammish's avatar
Paul Cammish committed
39
40
  </LocationMatch>

Paul Cammish's avatar
Paul Cammish committed
41
42
  # Allow users to override settings via .htaccess
  <Directory "/srv">
Paul Cammish's avatar
Paul Cammish committed
43
44
45
    AllowOverride all
    Require all granted
  </Directory>
46

47
% if php_security_disabled?
Paul Cammish's avatar
Paul Cammish committed
48
  # Set a unique php_tmp/ and php_sessions/ directory for the site.
Paul Cammish's avatar
Paul Cammish committed
49
50
  php_admin_value upload_tmp_dir <%=domain_directory%>/php_tmp/
  php_admin_value session.save_path <%=domain_directory%>/php_sessions/
Paul Cammish's avatar
Paul Cammish committed
51
  # WARNING: Further PHP restrictions are disabled.
52
% else
Paul Cammish's avatar
Paul Cammish committed
53
54
  # Restrict PHP from leaving the public directory.
  #   and set a unique php_tmp/ and php_sessions/ directories.
Paul Cammish's avatar
Paul Cammish committed
55
56
57
58
59
  php_admin_value open_basedir <%=domain_directory%>/public/:<%=domain_directory%>/php_tmp/:<%=domain_directory%>/php_sessions/
  php_admin_value upload_tmp_dir <%=domain_directory%>/php_tmp/
  php_admin_value session.save_path <%=domain_directory%>/php_sessions/

  # Prevent executing anything from a WordPress uploads directory,
Paul Cammish's avatar
Paul Cammish committed
60
  #   and block access to any PHP files in that directory.
Paul Cammish's avatar
Paul Cammish committed
61
  <LocationMatch "wp-content/uploads/">
Paul Cammish's avatar
Paul Cammish committed
62
     php_admin_flag engine off
Paul Cammish's avatar
Paul Cammish committed
63
64
  </LocationMatch>
  <LocationMatch "wp-content/uploads/.*\.php">
Paul Cammish's avatar
Paul Cammish committed
65
     deny from all
Paul Cammish's avatar
Paul Cammish committed
66
67
  </LocationMatch>
% end
Paul Cammish's avatar
Paul Cammish committed
68
69

  # Set the DocumentRoot
Paul Cammish's avatar
Paul Cammish committed
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
  DocumentRoot <%= htdocs_directory %>/

  <IfModule cgi_module>
    # General CGI Handling
    ScriptAlias /cgi-bin/ <%= cgibin_directory %>/
    <Location /cgi-bin>
      Options +ExecCGI
    </Location>
  </IfModule>

  # Disable indexes by default on the top-level.
  <LocationMatch "^/+$">
    Options -Indexes
  </LocationMatch>

  # Disable any restrictions or rewrites to /.well-known/acme-challenge
Paul Cammish's avatar
Paul Cammish committed
86
87
  #   This ensures Let's Encrypt can validate domain ownership.
  <Directory /srv/*/public/htdocs/.well-known/acme-challenge/ >
Paul Cammish's avatar
Paul Cammish committed
88
89
90
91
92
93
    Require all granted
    <IfModule rewrite_module>
      RewriteEngine off
    </IfModule>
  </Directory>

Paul Cammish's avatar
Paul Cammish committed
94
  # Write logs directly.
Paul Cammish's avatar
Paul Cammish committed
95
96
  ErrorLog   "<%= domain.log_dir %>/error.log"
  CustomLog  "<%= domain.log_dir %>/access.log" combined
Paul Cammish's avatar
Paul Cammish committed
97
  
98
  # Read the directory /srv/<%= domain %>/config/apache.d for any other Apache  
Paul Cammish's avatar
Paul Cammish committed
99
  # configuration files.
100
  IncludeOptional /srv/<%= domain %>/[c]onfig/[a]pache.d/*.conf
Paul Cammish's avatar
Paul Cammish committed
101
102
  # Ensure these are valid as they will break Apache if they are incorrect!

103
104
</VirtualHost>

Paul Cammish's avatar
Paul Cammish committed
105
106
# Vim Defaults: //vim: ts=2:tw=78: et: