add php_additional_open_basedirs and php_additional_options in php vhost (fully implemented in standard template only, for now)

1 files changed, 164 insertions, 1 deletions

diff --git a/templates/vhosts/php/Debian.erb b/templates/vhosts/php/Debian.erb
index ef6a366..1f24fec 120000..100644
--- a/templates/vhosts/php/Debian.erb
+++ b/templates/vhosts/php/Debian.erb
@@ -1 +1,164 @@
-php.erb
\ No newline at end of file
+# <%= servername %>
+<%- unless ssl_mode.to_s == 'only'  then -%>
+<VirtualHost *:80>
+    Include include.d/defaults.inc
+
+    ServerName <%= servername %>
+    <%- unless serveralias.to_s.empty? then -%>
+    ServerAlias <%= serveralias %>
+    <%- end -%> 
+    <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+    ServerAdmin <%= server_admin %>
+    <%- end -%>
+    DocumentRoot <%= documentroot %>/
+
+    ErrorLog <%= logdir %>/error_log
+    CustomLog <%= logdir %>/access_log combined
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Redirect permanent / https://<%= servername %>/
+    <%- end -%>
+    <%- if default_charset.to_s != 'absent' then -%>
+    AddDefaultCharset <%= default_charset %>
+    <%- end -%>
+    <%- if run_mode.to_s == 'itk' -%>
+    <IfModule mpm_itk_module>
+        AssignUserId <%= run_uid+" "+run_gid %>
+    </IfModule>
+    <%- end -%>
+    <%- if not ssl_mode.to_s == 'force' then -%>
+    <Directory "<%= documentroot %>/">
+        AllowOverride <%= allow_override %>
+        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+        <%- end -%>
+        <%- unless htpasswd_file.to_s == 'absent' then -%>
+        AuthType Basic
+        AuthName "Access fuer <%= servername %>"
+        AuthUserFile <%= real_htpasswd_path %>
+        require valid-user
+        <%- end -%>
+        php_admin_flag engine on
+        <%- if php_safe_mode.to_s == 'false' -%>
+        php_admin_flag safe_mode Off
+        <%- end -%>
+        <%- unless php_default_charset.to_s == 'absent' then -%>
+        php_admin_value default_charset <%= php_default_charset %>
+        <%- end -%>
+        php_admin_value open_basedir <%- if php_use_smarty.to_s == 'true' || php_use_pear.to_s == 'true' -%>/usr/share/php:<%- end -%><%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %><% unless php_additional_open_basedirs.to_s == 'absent' %><%- php_additional_open_basedirs.each do |php_additional_open_basedir| -%>:<%= php_additional_open_basedir %><%- end -%><%- end %>
+        php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %>
+        php_admin_value session.save_path <%= real_php_session_save_path %>
+        <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%>
+        php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %>
+        <%- end -%>
+        <%- unless php_additional_options.to_s == 'absent' then -%>
+        <%- php_additional_options.each do |php_additional_option| -%>
+        <%= php_additional_option %>
+        <%- end -%>
+        <%- end -%>
+    </Directory>
+    <%- end -%>
+
+    <IfModule mod_security2.c>
+        <%- if mod_security.to_s == 'true' then -%>
+        SecRuleEngine On
+        <%- if mod_security_relevantonly.to_s == 'true' then -%>
+        SecAuditEngine RelevantOnly
+        <%- else -%>
+        SecAuditEngine On
+        <%- end -%>
+        <%- else -%>
+        SecRuleEngine Off
+        SecAuditEngine Off
+        <%- end -%>
+        SecAuditLogType Concurrent
+        SecAuditLogStorageDir <%= logdir %>/
+        SecAuditLog <%= logdir %>/mod_security_audit.log
+        SecDebugLog <%= logdir %>/mod_security_debug.log
+    </IfModule>
+
+    <%- unless additional_options.to_s == 'absent' then -%>
+    <%= additional_options %>
+    <%- end -%>
+</VirtualHost>
+<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false'  then -%>
+<VirtualHost *:443>
+    Include include.d/defaults.inc
+    Include include.d/ssl_defaults.inc
+
+    ServerName <%= servername %>
+    <%- unless serveralias.to_s.empty? then -%>
+    ServerAlias <%= serveralias %>
+    <%- end -%> 
+    <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+    ServerAdmin <%= server_admin %>
+    <%- end -%>
+    DocumentRoot <%= documentroot %>/
+
+    ErrorLog <%= logdir %>/error_log
+    CustomLog <%= logdir %>/access_log combined
+    <%- if run_mode.to_s == 'itk' -%>
+    <IfModule mpm_itk_module>
+        AssignUserId <%= run_uid+" "+run_gid %>
+    </IfModule>
+    <%- end -%>
+    <%- if default_charset.to_s != 'absent' then -%>
+    AddDefaultCharset <%= default_charset %>
+    <%- end -%>
+    <Directory "<%= documentroot %>/">
+        AllowOverride <%= allow_override %>
+        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+        <%- end -%>
+        <%- unless htpasswd_file.to_s == 'absent' then -%>
+        AuthType Basic
+        AuthName "Access fuer <%= servername %>"
+        AuthUserFile <%= real_htpasswd_path %>
+        require valid-user
+        <%- end -%>
+        php_admin_flag engine on
+        <%- if php_safe_mode.to_s == 'false' -%>
+        php_admin_flag safe_mode Off
+        <%- end -%>
+        <%- unless php_default_charset.to_s == 'absent' then -%>
+        php_admin_value default_charset <%= php_default_charset %>
+        <%- end -%>
+        php_admin_value open_basedir <%- if php_use_smarty.to_s == 'true' || php_use_pear.to_s == 'true' -%>/usr/share/php:<%- end -%><%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %><% unless php_additional_open_basedirs.to_s == 'absent' %><%- php_additional_open_basedirs.each do |php_additional_open_basedir| -%>:<%= php_additional_open_basedir %><%- end -%><%- end %>
+        php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %>
+        php_admin_value session.save_path <%= real_php_session_save_path %>
+        <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%>
+        php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %>
+        <%- end -%>
+        <%- unless php_additional_options.to_s == 'absent' then -%>
+        <%- php_additional_options.each do |php_additional_option| -%>
+        <%= php_additional_option %>
+        <%- end -%>
+        <%- end -%>
+    </Directory>
+
+    <IfModule mod_security2.c>
+        <%- if mod_security.to_s == 'true' then -%>
+        SecRuleEngine On
+        <%- if mod_security_relevantonly.to_s == 'true' then -%>
+        SecAuditEngine RelevantOnly
+        <%- else -%>
+        SecAuditEngine On
+        <%- end -%>
+        <%- else -%>
+        SecRuleEngine Off
+        SecAuditEngine Off
+        <%- end -%>
+        SecAuditLogType Concurrent
+        SecAuditLogStorageDir <%= logdir %>/
+        SecAuditLog <%= logdir %>/mod_security_audit.log
+        SecDebugLog <%= logdir %>/mod_security_debug.log
+    </IfModule>
+
+    <%- unless additional_options.to_s == 'absent' then -%>
+    <%= additional_options %>
+    <%- end -%>
+</VirtualHost>
+<%- end -%>