diff options
author | mh <mh@immerda.ch> | 2010-01-30 17:42:45 +0100 |
---|---|---|
committer | mh <mh@immerda.ch> | 2010-01-30 17:42:45 +0100 |
commit | 8871e2da47edf635bc2835c6abaec61086258a3d (patch) | |
tree | c5544ea2f2e58d5219662f54ffd5f4f4062fff4f | |
parent | 7aafb4dbfe33f19d0a2a82d5bab79d77deb27853 (diff) |
migrate missing parts
- migrate missing (newly introduced) vhosts
- pass relevant_only stuff to subdefines
-rw-r--r-- | manifests/vhost/modperl.pp | 1 | ||||
-rw-r--r-- | manifests/vhost/passenger.pp | 1 | ||||
-rw-r--r-- | manifests/vhost/php/drupal.pp | 1 | ||||
-rw-r--r-- | manifests/vhost/php/gallery2.pp | 2 | ||||
-rw-r--r-- | manifests/vhost/php/joomla.pp | 1 | ||||
-rw-r--r-- | manifests/vhost/php/mediawiki.pp | 1 | ||||
-rw-r--r-- | manifests/vhost/php/silverstripe.pp | 2 | ||||
-rw-r--r-- | manifests/vhost/php/simplemachine.pp | 1 | ||||
-rw-r--r-- | manifests/vhost/php/spip.pp | 1 | ||||
-rw-r--r-- | manifests/vhost/php/standard.pp | 1 | ||||
-rw-r--r-- | manifests/vhost/php/typo3.pp | 1 | ||||
-rw-r--r-- | manifests/vhost/php/webapp.pp | 1 | ||||
-rw-r--r-- | manifests/vhost/php/wordpress.pp | 1 | ||||
-rw-r--r-- | manifests/vhost/static.pp | 1 | ||||
l---------[-rw-r--r--] | templates/vhosts/php_gallery2/CentOS.erb | 163 | ||||
l--------- | templates/vhosts/php_gallery2/Debian.erb | 1 | ||||
-rw-r--r-- | templates/vhosts/php_gallery2/php_gallery.erb | 166 | ||||
l---------[-rw-r--r--] | templates/vhosts/php_silverstripe/CentOS.erb | 184 | ||||
l--------- | templates/vhosts/php_silverstripe/Debian.erb | 1 | ||||
-rw-r--r-- | templates/vhosts/php_silverstripe/php_silverstripe.erb | 191 |
20 files changed, 377 insertions, 345 deletions
diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index 88e7e52..98876e4 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -90,6 +90,7 @@ define apache::vhost::modperl( htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, } } diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 0279374..732758e 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -72,6 +72,7 @@ define apache::vhost::passenger( htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, } } diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index 9bd5f2e..f23a434 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -87,6 +87,7 @@ define apache::vhost::php::drupal( additional_options => $additional_options, default_charset => $default_charset, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index 924e322..19240e9 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -34,6 +34,7 @@ define apache::vhost::php::gallery2( $additional_options = 'absent', $default_charset = 'absent', $mod_security = true, + $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -94,6 +95,7 @@ define apache::vhost::php::gallery2( additional_options => $additional_options, default_charset => $default_charset, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index 2239f52..280792e 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -81,6 +81,7 @@ define apache::vhost::php::joomla( additional_options => $additional_options, default_charset => $default_charset, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/mediawiki.pp b/manifests/vhost/php/mediawiki.pp index e2f6827..d24ada9 100644 --- a/manifests/vhost/php/mediawiki.pp +++ b/manifests/vhost/php/mediawiki.pp @@ -67,6 +67,7 @@ define apache::vhost::php::mediawiki( additional_options => $additional_options, default_charset => $default_charset, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/silverstripe.pp b/manifests/vhost/php/silverstripe.pp index 16f9d32..3838d55 100644 --- a/manifests/vhost/php/silverstripe.pp +++ b/manifests/vhost/php/silverstripe.pp @@ -34,6 +34,7 @@ define apache::vhost::php::silverstripe( $additional_options = 'absent', $default_charset = 'absent', $mod_security = true, + $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -78,6 +79,7 @@ define apache::vhost::php::silverstripe( additional_options => $additional_options, default_charset => $default_charset, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index 0f76528..f1ea170 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -79,6 +79,7 @@ define apache::vhost::php::simplemachine( additional_options => $additional_options, default_charset => $default_charset, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/spip.pp b/manifests/vhost/php/spip.pp index 7b04b41..5064e77 100644 --- a/manifests/vhost/php/spip.pp +++ b/manifests/vhost/php/spip.pp @@ -76,6 +76,7 @@ define apache::vhost::php::spip( additional_options => $additional_options, default_charset => $default_charset, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 249f25f..a6e2ff0 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -150,6 +150,7 @@ define apache::vhost::php::standard( htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, use_mod_macro => $use_mod_macro, } } diff --git a/manifests/vhost/php/typo3.pp b/manifests/vhost/php/typo3.pp index 28edb84..dec227c 100644 --- a/manifests/vhost/php/typo3.pp +++ b/manifests/vhost/php/typo3.pp @@ -79,6 +79,7 @@ define apache::vhost::php::typo3( additional_options => $additional_options, default_charset => $default_charset, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/webapp.pp b/manifests/vhost/php/webapp.pp index 929f20e..22e932a 100644 --- a/manifests/vhost/php/webapp.pp +++ b/manifests/vhost/php/webapp.pp @@ -107,6 +107,7 @@ define apache::vhost::php::webapp( additional_options => $additional_options, default_charset => $default_charset, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp index 31e66e8..c4e77f2 100644 --- a/manifests/vhost/php/wordpress.pp +++ b/manifests/vhost/php/wordpress.pp @@ -80,6 +80,7 @@ define apache::vhost::php::wordpress( additional_options => $additional_options, default_charset => $default_charset, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/static.pp b/manifests/vhost/static.pp index 6a1228a..307dfbe 100644 --- a/manifests/vhost/static.pp +++ b/manifests/vhost/static.pp @@ -58,6 +58,7 @@ define apache::vhost::static( htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, } } diff --git a/templates/vhosts/php_gallery2/CentOS.erb b/templates/vhosts/php_gallery2/CentOS.erb index 93d6596..99be70b 100644..120000 --- a/templates/vhosts/php_gallery2/CentOS.erb +++ b/templates/vhosts/php_gallery2/CentOS.erb @@ -1,162 +1 @@ -# <%= servername %> -<%- unless ssl_mode.to_s == 'only' then -%> -<VirtualHost *:80> - Include conf.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ - - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> - <%- if run_mode.to_s == 'itk' -%> - <IfModule mpm_itk_module> - AssignUserId <%= run_uid+" "+run_gid %> - </IfModule> - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - <Directory "<%= documentroot %>/"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> - php_admin_flag engine on - php_admin_flag safe_mode Off - php_admin_value output_buffering Off - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - # Always rewrite login's - # Source: http://gallery.menalto.com/node/30558 - RewriteEngine On - RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] - RewriteCond %{QUERY_STRING} subView=core\.UserLogin - RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] - # https -> see below - # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS): - # $gallery->setConfig('baseUri', ''); - </Directory> - <%- end -%> - - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> -</VirtualHost> -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> -<VirtualHost *:443> - Include conf.d/defaults.inc - Include conf.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ - - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- if run_mode.to_s == 'itk' -%> - <IfModule mpm_itk_module> - AssignUserId <%= run_uid+" "+run_gid %> - </IfModule> - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> - <Directory "<%= documentroot %>/"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> - php_admin_flag engine on - php_admin_flag safe_mode Off - php_admin_value output_buffering Off - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - # turn allow_url_fopen on for the extension manager fetch - php_admin_value allow_url_fopen On - - # Always rewrite login's (see above) - RewriteEngine On - RewriteCond %{HTTP_COOKIE} ="" - RewriteCond %{REQUEST_METHOD} =GET - RewriteCond %{QUERY_STRING} !subView=core\.UserLogin - RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] - </Directory> - - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - </IfModule> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> -</VirtualHost> -<%- end -%> +php_gallery.erb
\ No newline at end of file diff --git a/templates/vhosts/php_gallery2/Debian.erb b/templates/vhosts/php_gallery2/Debian.erb new file mode 120000 index 0000000..99be70b --- /dev/null +++ b/templates/vhosts/php_gallery2/Debian.erb @@ -0,0 +1 @@ +php_gallery.erb
\ No newline at end of file diff --git a/templates/vhosts/php_gallery2/php_gallery.erb b/templates/vhosts/php_gallery2/php_gallery.erb new file mode 100644 index 0000000..522b53c --- /dev/null +++ b/templates/vhosts/php_gallery2/php_gallery.erb @@ -0,0 +1,166 @@ +# <%= servername %> +<%- unless ssl_mode.to_s == 'only' then -%> +<VirtualHost *:80> + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if not ssl_mode.to_s == 'force' then -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + php_admin_flag safe_mode Off + php_admin_value output_buffering Off + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + # Always rewrite login's + # Source: http://gallery.menalto.com/node/30558 + RewriteEngine On + RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] + RewriteCond %{QUERY_STRING} subView=core\.UserLogin + RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] + # https -> see below + # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS): + # $gallery->setConfig('baseUri', ''); + </Directory> + <%- end -%> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> +<VirtualHost *:443> + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + php_admin_flag safe_mode Off + php_admin_value output_buffering Off + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + # turn allow_url_fopen on for the extension manager fetch + php_admin_value allow_url_fopen On + + # Always rewrite login's (see above) + RewriteEngine On + RewriteCond %{HTTP_COOKIE} ="" + RewriteCond %{REQUEST_METHOD} =GET + RewriteCond %{QUERY_STRING} !subView=core\.UserLogin + RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] + </Directory> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> diff --git a/templates/vhosts/php_silverstripe/CentOS.erb b/templates/vhosts/php_silverstripe/CentOS.erb index 920f2be..9ac244f 100644..120000 --- a/templates/vhosts/php_silverstripe/CentOS.erb +++ b/templates/vhosts/php_silverstripe/CentOS.erb @@ -1,183 +1 @@ -# <%= servername %> -<%- unless ssl_mode.to_s == 'only' then -%> -<VirtualHost *:80> - Include conf.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ - - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ - <%- end -%> - # silverstripe - RedirectMatch /admin(.*) https://<%= servername %>/admin$1 - RedirectMatch /Security(.*) https://<%= servername %>/Security$1 - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> - <%- if run_mode.to_s == 'itk' -%> - <IfModule mpm_itk_module> - AssignUserId <%= run_uid+" "+run_gid %> - </IfModule> - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - <Directory "<%= documentroot %>/"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - # silverstripe .htaccess - <Files *.ss> - Order deny,allow - Deny from all - #Allow from 127.0.0.1 - </Files> - <IfModule mod_rewrite.c> - RewriteEngine On - #RewriteBase / - - RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) - - RewriteCond %{REQUEST_URI} ^(.*)$ - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] - </IfModule> - </Directory> - <%- end -%> - - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - </IfModule> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> -</VirtualHost> -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> -<VirtualHost *:443> - Include conf.d/defaults.inc - Include conf.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ - - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- if run_mode.to_s == 'itk' -%> - <IfModule mpm_itk_module> - AssignUserId <%= run_uid+" "+run_gid %> - </IfModule> - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> - <Directory "<%= documentroot %>/"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - # turn allow_url_fopen on for the extension manager fetch - php_admin_value allow_url_fopen On - - # silverstripe .htaccess - <Files *.ss> - Order deny,allow - Deny from all - #Allow from 127.0.0.1 - </Files> - <IfModule mod_rewrite.c> - RewriteEngine On - #RewriteBase / - - RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) - - RewriteCond %{REQUEST_URI} ^(.*)$ - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] - </IfModule> - </Directory> - - <IfModule mod_security2.c> - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - </IfModule> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> -</VirtualHost> -<%- end -%> +php_silverstripe.erb
\ No newline at end of file diff --git a/templates/vhosts/php_silverstripe/Debian.erb b/templates/vhosts/php_silverstripe/Debian.erb new file mode 120000 index 0000000..9ac244f --- /dev/null +++ b/templates/vhosts/php_silverstripe/Debian.erb @@ -0,0 +1 @@ +php_silverstripe.erb
\ No newline at end of file diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb new file mode 100644 index 0000000..671fc5c --- /dev/null +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -0,0 +1,191 @@ +# <%= servername %> +<%- unless ssl_mode.to_s == 'only' then -%> +<VirtualHost *:80> + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + <%- end -%> + # silverstripe + RedirectMatch /admin(.*) https://<%= servername %>/admin$1 + RedirectMatch /Security(.*) https://<%= servername %>/Security$1 + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if not ssl_mode.to_s == 'force' then -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + + # silverstripe .htaccess + <Files *.ss> + Order deny,allow + Deny from all + #Allow from 127.0.0.1 + </Files> + <IfModule mod_rewrite.c> + RewriteEngine On + #RewriteBase / + + RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) + + RewriteCond %{REQUEST_URI} ^(.*)$ + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] + </IfModule> + </Directory> + <%- end -%> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + SecRuleRemoveById "960010" + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> +<VirtualHost *:443> + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + # turn allow_url_fopen on for the extension manager fetch + php_admin_value allow_url_fopen On + + # silverstripe .htaccess + <Files *.ss> + Order deny,allow + Deny from all + #Allow from 127.0.0.1 + </Files> + <IfModule mod_rewrite.c> + RewriteEngine On + #RewriteBase / + + RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) + + RewriteCond %{REQUEST_URI} ^(.*)$ + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] + </IfModule> + </Directory> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + SecRuleRemoveById "960010" + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> |