<%- ## ## An apache config for static websites. ## def location_directory(name, location) if location['format'] == 'amber' File.join(@base_dir, name, 'public') else File.join(@base_dir, name) end end document_root = '/var/www' @locations.each do |name, location| if location['path'] == '/' document_root = location_directory(name, location) end end document_root = document_root.gsub(%r{^/|/$}, '') -%> ServerName <%= @domain %> ServerAlias www.<%= @domain %> RewriteEngine On RewriteRule ^.*$ https://<%= @domain -%>%{REQUEST_URI} [R=permanent,L] ServerName <%= @domain %> ServerAlias www.<%= @domain %> #RewriteLog "/var/log/apache2/rewrite.log" #RewriteLogLevel 3 SSLEngine on SSLProtocol all -SSLv2 SSLHonorCipherOrder on SSLCompression off SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK" Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" Header set X-Frame-Options "deny" SSLCertificateKeyFile /etc/x509/keys/<%= @domain %>.key SSLCertificateFile /etc/x509/certs/<%= @domain %>.crt SSLCertificateChainFile /etc/ssl/certs/<%= @domain %>_ca.pem RequestHeader set X_FORWARDED_PROTO 'https' DocumentRoot "/<%= document_root %>/" AccessFileName .htaccess <%- @locations.each do |name, location| -%> <%- path = location['path'].gsub(%r{^/|/$}, '') -%> <%- directory = location_directory(name, location) -%> ## ## <%= name %> ## <%- if path == '' -%> /"> AllowOverride FileInfo Indexes Options=All,MultiViews Order deny,allow Allow from all <%- else -%> AliasMatch ^/[a-z]{2}/<%=path%>(/.+|/|)$ "/<%=directory%>/$1" Alias /<%=path%> "/<%=directory%>/" /"> AllowOverride FileInfo Indexes Options=All,MultiViews Order deny,allow Allow from all <%- end -%> <%- end -%>