ssl.template.erb 3.35 KB
Newer Older
Steve Kemp's avatar
Steve Kemp committed
1
2
3
4
####
##
#
#  This file is automatically generated from the template located at
5
#  /etc/symbiosis/apache.d/ssl.template.erb.
Steve Kemp's avatar
Steve Kemp committed
6
#
7
8
#  Feel free to make changes to this file, and thereafter it will not be
#  automatically updated if the template, or SSL configuration changes.
Steve Kemp's avatar
Steve Kemp committed
9
10
11
12
13
14
15
16
#
#  For SSL documenation please consult:
#
#  http://symbiosis.bytemark.co.uk/docs/ch-ssl-hosting.html
#
##
###

17
% ips.each do |ip|
18
NameVirtualHost <%= ip %>:443
19
NameVirtualHost <%= ip %>:80
20
% end
Steve Kemp's avatar
Steve Kemp committed
21

22
<VirtualHost <%= ips.collect{|ip| ip+":443"}.join(" ") %>>
23

24
25
26
        #
        # Put our server name 
        #
27
        ServerName  <%= domain %>
28

29

30
31
32
        #
        # And server alias in place
        #
33
        <%= server_aliases %>
Steve Kemp's avatar
Steve Kemp committed
34

35

Steve Kemp's avatar
Steve Kemp committed
36
        SSLEngine On
37
38
39
40

        #
        # The certificate, key, and intermediate bundle (if needed)
        #
41
42
        <%= ssl_config %>

43
44
45
46
47
48
49
50
51

        #
        # Sane SSL ciphers.
        #
        SSLCipherSuite ALL:!LOW:!SSLv2:!EXP:!aNULL

        #
        # And some options
        #
Steve Kemp's avatar
Steve Kemp committed
52
53
54
55
56
57
        SSLOptions +StrictRequire


        #
        #  Allow users to override settings via .htaccess
        #
58
        <Directory <%=domain_directory%> >
Steve Kemp's avatar
Steve Kemp committed
59
60
61
62
63
64
                AllowOverride all
        </Directory>

        #
        #  The document root
        #
65
        DocumentRoot <%= domain_directory %>/public/htdocs
Steve Kemp's avatar
Steve Kemp committed
66
67
68
69

        #
        # General CGI Handling
        #
70
        ScriptAlias /cgi-bin/ <%= domain_directory %>/public/cgi-bin/
Steve Kemp's avatar
Steve Kemp committed
71
72
73
74
75
        <Location /cgi-bin>
                Options +ExecCGI
        </Location>

        #
76
        # We need to log the virtual hostname the incoming request was
Steve Kemp's avatar
Steve Kemp committed
77
78
79
        # made against, so that the cron-job in /etc/cron.daily may generate
        # statistics for each domain.
        #
80
81
        ErrorLog   "|| /usr/sbin/symbiosis-apache-logger -s -u <%= domain.uid %> -g <%= domain.gid %> <%= domain.log_dir %>/ssl_error.log"
        CustomLog  "|| /usr/sbin/symbiosis-apache-logger -s -u <%= domain.uid %> -g <%= domain.gid %> <%= domain.log_dir %>/ssl_access.log" combined
Steve Kemp's avatar
Steve Kemp committed
82
83
</VirtualHost>

84
<VirtualHost <%= ips.collect{|ip| ip+":80"}.join(" ") %>>
Steve Kemp's avatar
Steve Kemp committed
85

86
87
88
89
90
        #
        # Put our server name 
        #
        ServerName  <%= domain %>

91

92
93
94
        #
        # And server alias in place
        #
95
96
        <%= server_aliases %>

97

98
% if mandatory_ssl?
Steve Kemp's avatar
Steve Kemp committed
99
100
101
102
        #
        #  All accesses redirect to the HTTPS version of
        # the site.
        #
103
        Redirect / https://<%= domain %>/
Steve Kemp's avatar
Steve Kemp committed
104

105
% else
Steve Kemp's avatar
Steve Kemp committed
106
107
108
109

        #
        #  Allow users to override settings via .htaccess
        #
110
        <Directory <%=domain_directory%> >
Steve Kemp's avatar
Steve Kemp committed
111
112
113
114
115
116
                AllowOverride all
        </Directory>

        #
        #  The document root
        #
117
        DocumentRoot     <%= domain_directory %>/public/htdocs/
Steve Kemp's avatar
Steve Kemp committed
118
119
120
121

        #
        # General CGI Handling
        #
122
        ScriptAlias /cgi-bin/ <%= domain_directory %>/public/cgi-bin/
Steve Kemp's avatar
Steve Kemp committed
123
124
125
126
127
128
129
130
131
        <Location /cgi-bin>
                Options +ExecCGI
        </Location>

        #
        #  We need to log the virtual hostname the incoming request was
        # made against, so that the cron-job in /etc/cron.daily may generate
        # statistics for each domain.
        #
132
133
134
        ErrorLog   "|| /usr/sbin/symbiosis-apache-logger -s -u <%= domain.uid %> -g <%= domain.gid %> <%= domain.log_dir %>/error.log"
        CustomLog  "|| /usr/sbin/symbiosis-apache-logger -s -u <%= domain.uid %> -g <%= domain.gid %> <%= domain.log_dir %>/access.log" combined

135
% end
Steve Kemp's avatar
Steve Kemp committed
136
137
</VirtualHost>