non_ssl.template.erb 2.87 KB
Newer Older
Paul Cammish's avatar
Paul Cammish committed
1
###
2
3
##
#  This file is automatically generated from the template located at
4
#  /etc/sympl/apache.d/non_ssl.template.erb.
5
#
Paul Cammish's avatar
Paul Cammish committed
6
7
#  Feel free to make changes to this file, however this file
#  will NOT be updated automatically when the template changes.
8
9
10
11
12
##
###

<VirtualHost <%= ips.collect{|ip| ip+":80"}.join(" ") %>>

Paul Cammish's avatar
Paul Cammish committed
13
  # Set the ServerName to this sites domain name.
Paul Cammish's avatar
Paul Cammish committed
14
15
  ServerName  <%= domain %>

Paul Cammish's avatar
Paul Cammish committed
16
  # Add the testing alias and any others.
Paul Cammish's avatar
Paul Cammish committed
17
18
19
  ServerAlias <%= domain %>.testing.<%= hostname() %>
  <%= server_aliases %>

Paul Cammish's avatar
Paul Cammish committed
20
21
  # This provides a helpful error message when the root of the
  #   site has no content or is inaccessible.
Paul Cammish's avatar
Paul Cammish committed
22
23
24
25
26
27
28
29
30
31
32
  Alias /__sympl/ "/usr/share/sympl/static/"

  <Directory "/usr/share/sympl/static/">
    DirectoryIndex index.html
    AllowOverride none
    Require all granted
  </Directory>

  <LocationMatch "^/+$">
    Options -Indexes
    ErrorDocument 403 /__sympl/index.html
Paul Cammish's avatar
Paul Cammish committed
33
    ErrorDocument 404 /__sympl/index.html
Paul Cammish's avatar
Paul Cammish committed
34
35
  </LocationMatch>

Paul Cammish's avatar
Paul Cammish committed
36
37
  # Allow users to override settings via .htaccess
  <Directory "/srv">
Paul Cammish's avatar
Paul Cammish committed
38
39
40
    AllowOverride all
    Require all granted
  </Directory>
41

42
% if php_security_disabled?
Paul Cammish's avatar
Paul Cammish committed
43
  # Set a unique php_tmp/ and php_sessions/ directory for the site.
Paul Cammish's avatar
Paul Cammish committed
44
45
  php_admin_value upload_tmp_dir <%=domain_directory%>/php_tmp/
  php_admin_value session.save_path <%=domain_directory%>/php_sessions/
Paul Cammish's avatar
Paul Cammish committed
46
  # WARNING: Further PHP restrictions are disabled.
47
% else
Paul Cammish's avatar
Paul Cammish committed
48
49
  # Restrict PHP from leaving the public directory.
  #   and set a unique php_tmp/ and php_sessions/ directories.
Paul Cammish's avatar
Paul Cammish committed
50
51
52
53
54
  php_admin_value open_basedir <%=domain_directory%>/public/:<%=domain_directory%>/php_tmp/:<%=domain_directory%>/php_sessions/
  php_admin_value upload_tmp_dir <%=domain_directory%>/php_tmp/
  php_admin_value session.save_path <%=domain_directory%>/php_sessions/

  # Prevent executing anything from a WordPress uploads directory,
Paul Cammish's avatar
Paul Cammish committed
55
  #   and block access to any PHP files in that directory.
Paul Cammish's avatar
Paul Cammish committed
56
  <LocationMatch "wp-content/uploads/">
Paul Cammish's avatar
Paul Cammish committed
57
     php_admin_flag engine off
Paul Cammish's avatar
Paul Cammish committed
58
59
  </LocationMatch>
  <LocationMatch "wp-content/uploads/.*\.php">
Paul Cammish's avatar
Paul Cammish committed
60
     deny from all
Paul Cammish's avatar
Paul Cammish committed
61
62
  </LocationMatch>
% end
Paul Cammish's avatar
Paul Cammish committed
63
64

  # Set the DocumentRoot
Paul Cammish's avatar
Paul Cammish committed
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
  DocumentRoot <%= htdocs_directory %>/

  <IfModule cgi_module>
    # General CGI Handling
    ScriptAlias /cgi-bin/ <%= cgibin_directory %>/
    <Location /cgi-bin>
      Options +ExecCGI
    </Location>
  </IfModule>

  # Disable indexes by default on the top-level.
  <LocationMatch "^/+$">
    Options -Indexes
  </LocationMatch>

  # Disable any restrictions or rewrites to /.well-known/acme-challenge
Paul Cammish's avatar
Paul Cammish committed
81
82
  #   This ensures Let's Encrypt can validate domain ownership.
  <Directory /srv/*/public/htdocs/.well-known/acme-challenge/ >
Paul Cammish's avatar
Paul Cammish committed
83
84
85
86
87
88
    Require all granted
    <IfModule rewrite_module>
      RewriteEngine off
    </IfModule>
  </Directory>

Paul Cammish's avatar
Paul Cammish committed
89
90
91
92
  # Write logs directly.
  ErrorLog   "<%= domain.log_dir %>/ssl_error.log"
  CustomLog  "<%= domain.log_dir %>/ssl_access.log" combined
  
93
94
</VirtualHost>

Paul Cammish's avatar
Paul Cammish committed
95
96
# Vim Defaults: //vim: ts=2:tw=78: et: