diff options
| -rw-r--r-- | manifests/defaultdavdbdir.pp | 9 | ||||
| -rw-r--r-- | manifests/vhost/davdbdir.pp | 40 | ||||
| -rw-r--r-- | manifests/vhost/php/drupal.pp | 3 | ||||
| -rw-r--r-- | manifests/vhost/php/gallery2.pp | 109 | ||||
| -rw-r--r-- | manifests/vhost/php/safe_mode_bin.pp | 14 | ||||
| -rw-r--r-- | manifests/vhost/php/silverstripe.pp | 94 | ||||
| -rw-r--r-- | manifests/vhost/php/standard.pp | 6 | ||||
| -rw-r--r-- | manifests/vhost/template.pp | 8 | ||||
| -rw-r--r-- | manifests/vhost/webdav.pp | 13 | ||||
| -rw-r--r-- | templates/vhosts/php_gallery2/CentOS.erb | 162 | ||||
| -rw-r--r-- | templates/vhosts/php_silverstripe/CentOS.erb | 183 | ||||
| -rw-r--r-- | templates/vhosts/php_typo3/php_typo3.erb | 4 | ||||
| -rw-r--r-- | templates/vhosts/webdav/webdav.erb | 2 |
13 files changed, 636 insertions, 11 deletions
diff --git a/manifests/defaultdavdbdir.pp b/manifests/defaultdavdbdir.pp new file mode 100644 index 0000000..8b5e00f --- /dev/null +++ b/manifests/defaultdavdbdir.pp @@ -0,0 +1,9 @@ +# manifests/defaultphpdirs.pp + +class apache::defaultdavdbdir { + file{'/var/www/dav_db_dir': + ensure => directory, + require => Package['apache'], + owner => root, group => 0, mode => 0755; + } +} diff --git a/manifests/vhost/davdbdir.pp b/manifests/vhost/davdbdir.pp new file mode 100644 index 0000000..a9528f7 --- /dev/null +++ b/manifests/vhost/davdbdir.pp @@ -0,0 +1,40 @@ +define apache::vhost::davdbdir( + $ensure = present, + $dav_db_dir = 'absent', + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = 0750, + $run_mode = 'normal', + $run_uid = 'absent' +){ + # php db dir + case $dav_db_dir { + 'absent': { + include apache::defaultdavdbdir + $real_dav_db_dir = "/var/www/dav_db_dir/$name" + } + default: { $real_dav_db_dir = $dav_db_dir } + } + + case $ensure { + absent: { + file{$real_dav_db_dir: + ensure => absent, + purge => true, + force => true, + recurse => true, + } + } + default: { + file{$real_dav_db_dir: + ensure => directory, + owner => $run_mode ? { + 'itk' => $run_uid, + default => $documentroot_owner + }, + group => $documentroot_group, mode => $documentroot_mode; + } + } + } +} + diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index 9c8382a..9bd5f2e 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -41,6 +41,9 @@ define apache::vhost::php::drupal( $vhost_destination = 'absent', $htpasswd_file = 'absent', $htpasswd_path = 'absent', + $manage_directories = true, + $config_webwriteable = false, + $manage_config = true, $manage_cron = true ){ $documentroot = $path ? { diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp new file mode 100644 index 0000000..924e322 --- /dev/null +++ b/manifests/vhost/php/gallery2.pp @@ -0,0 +1,109 @@ +# run_mode: +# - normal: nothing special (*default*) +# - itk: apache is running with the itk module +# and run_uid and run_gid are used as vhost users +# run_uid: the uid the vhost should run as with the itk module +# run_gid: the gid the vhost should run as with the itk module +# php_safe_mode_exec_bins: An array of local binaries which should be linked in the +# safe_mode_exec_bin for this hosting +# *default*: None +# php_default_charset: default charset header for php. +# *default*: absent, which will set the same as default_charset +# of apache +define apache::vhost::php::gallery2( + $ensure = present, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $path = 'absent', + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = 0640, + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'None', + $php_upload_tmp_dir = 'absent', + $php_session_save_path = 'absent', + $php_safe_mode_exec_bins = 'absent', + $php_default_charset = 'absent', + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = true, + $ssl_mode = false, + $vhost_mode = 'template', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $manage_config = true, + $config_webwriteable = false, + $manage_directories = true +){ + $documentroot = $path ? { + 'absent' => $operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/www", + default => "/var/www/vhosts/${name}/www" + }, + default => "${path}/www" + } + $gdatadir = $path ? { + 'absent' => $operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/g2data", + default => "/var/www/vhosts/${name}/g2data" + }, + default => "${path}/g2data" + } + file{$gdatadir: + ensure => $ensure ? { + 'present' => directory, + default => absent + }, + owner => $documentroot_owner, + group => $documentroot_group, + mode => 0660; + } + + # create vhost configuration file + ::apache::vhost::php::webapp{$name: + ensure => $ensure, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + path => $path, + template_mode => 'php_gallery2', + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + php_upload_tmp_dir => $php_upload_tmp_dir, + php_session_save_path => $php_session_save_path, + php_safe_mode_exec_bins => $real_php_safe_mode_exec_bins, + php_default_charset => $php_default_charset, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + mod_security => $mod_security, + ssl_mode => $ssl_mode, + vhost_mode => $vhost_mode, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + manage_directories => $manage_directories, + manage_config => $manage_config, + config_file => 'config.php', + } + +} + diff --git a/manifests/vhost/php/safe_mode_bin.pp b/manifests/vhost/php/safe_mode_bin.pp index aad4a29..e04557c 100644 --- a/manifests/vhost/php/safe_mode_bin.pp +++ b/manifests/vhost/php/safe_mode_bin.pp @@ -5,12 +5,16 @@ # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module define apache::vhost::php::safe_mode_bin( - $path + $ensure = 'present', + $path ){ - $substr=regsubst($name,'^.*\/','','G') - $real_path = "$path/$substr" - link{ "$real_path": - target => regsubst($name,'^.*_','') + $substr=regsubst($name,'^.*\/','','G') + $real_path = "$path/$substr" + file{$real_path: + ensure => $ensure ? { + 'present' => regsubst($name,'^.*_',''), + default => absent, } + } } diff --git a/manifests/vhost/php/silverstripe.pp b/manifests/vhost/php/silverstripe.pp new file mode 100644 index 0000000..16f9d32 --- /dev/null +++ b/manifests/vhost/php/silverstripe.pp @@ -0,0 +1,94 @@ +# run_mode: +# - normal: nothing special (*default*) +# - itk: apache is running with the itk module +# and run_uid and run_gid are used as vhost users +# run_uid: the uid the vhost should run as with the itk module +# run_gid: the gid the vhost should run as with the itk module +# php_safe_mode_exec_bins: An array of local binaries which should be linked in the +# safe_mode_exec_bin for this hosting +# *default*: None +# php_default_charset: default charset header for php. +# *default*: absent, which will set the same as default_charset +# of apache +define apache::vhost::php::silverstripe( + $ensure = present, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $path = 'absent', + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = 0640, + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'None', + $php_upload_tmp_dir = 'absent', + $php_session_save_path = 'absent', + $php_safe_mode_exec_bins = 'absent', + $php_default_charset = 'absent', + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = true, + $ssl_mode = false, + $vhost_mode = 'template', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $manage_config = true, + $config_webwriteable = false, + $manage_directories = true +){ + $documentroot = $path ? { + 'absent' => $operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/www", + default => "/var/www/vhosts/${name}/www" + }, + default => "${path}/www" + } + + # create vhost configuration file + ::apache::vhost::php::webapp{$name: + ensure => $ensure, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + path => $path, + template_mode => 'php_silverstripe', + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + php_upload_tmp_dir => $php_upload_tmp_dir, + php_session_save_path => $php_session_save_path, + php_safe_mode_exec_bins => $php_safe_mode_exec_bins, + php_default_charset => $php_default_charset, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + mod_security => $mod_security, + ssl_mode => $ssl_mode, + vhost_mode => $vhost_mode, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + manage_directories => $manage_directories, + managed_directories => [ "$documentroot/assets" + ], + manage_config => $manage_config, + } + +} + diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index d9359bc..249f25f 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -83,12 +83,16 @@ define apache::vhost::php::standard( } if $php_safe_mode_exec_bins != 'absent' { File[$php_safe_mode_exec_bin_dir]{ - ensure => directory, + ensure => $ensure ? { + 'present' => directory, + default => absent, + }, source => "puppet://$server/modules/common/empty", owner => $documentroot_owner, group => $documentroot_group, mode => 0750, } $php_safe_mode_exec_bins_subst = regsubst($php_safe_mode_exec_bins,"(.+)","${name}_\\1") apache::vhost::php::safe_mode_bin{ $php_safe_mode_exec_bins_subst: + ensure => $ensure, path => $php_safe_mode_exec_bin_dir } }else{ diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index cca04f1..b0b2e8d 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -32,6 +32,7 @@ define apache::vhost::template( $php_safe_mode_exec_bin_dir = 'absent', $php_upload_tmp_dir = 'absent', $php_session_save_path = 'absent', + $dav_db_dir = 'absent', $cgi_binpath = 'absent', $do_includes = false, $options = 'absent', @@ -123,6 +124,13 @@ define apache::vhost::template( } default: { $real_php_session_save_path = $php_session_save_path } } + # dav db dir + case $dav_db_dir { + 'absent': { + $real_dav_db_dir = "/var/www/dav_db_dir/$name" + } + default: { $real_dav_db_dir = $dav_db_dir } + } apache::vhost::file{$name: ensure => $ensure, diff --git a/manifests/vhost/webdav.pp b/manifests/vhost/webdav.pp index 5f0aad2..73c4a7a 100644 --- a/manifests/vhost/webdav.pp +++ b/manifests/vhost/webdav.pp @@ -34,8 +34,19 @@ define apache::vhost::webdav( $htpasswd_file = 'absent', $htpasswd_path = 'absent', $ldap_auth = false, - $ldap_user = 'any' + $ldap_user = 'any', + $dav_db_dir = 'absent' ){ + ::apache::vhost::davdbdir{"${name}": + ensure => $ensure, + dav_db_dir => $dav_db_dir, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + } + if $manage_webdir { # create webdir ::apache::vhost::webdir{$name: diff --git a/templates/vhosts/php_gallery2/CentOS.erb b/templates/vhosts/php_gallery2/CentOS.erb new file mode 100644 index 0000000..93d6596 --- /dev/null +++ b/templates/vhosts/php_gallery2/CentOS.erb @@ -0,0 +1,162 @@ +# <%= servername %> +<%- unless ssl_mode.to_s == 'only' then -%> +<VirtualHost *:80> + Include conf.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if not ssl_mode.to_s == 'force' then -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + php_admin_flag safe_mode Off + php_admin_value output_buffering Off + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + # Always rewrite login's + # Source: http://gallery.menalto.com/node/30558 + RewriteEngine On + RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] + RewriteCond %{QUERY_STRING} subView=core\.UserLogin + RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] + # https -> see below + # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS): + # $gallery->setConfig('baseUri', ''); + </Directory> + <%- end -%> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> +<VirtualHost *:443> + Include conf.d/defaults.inc + Include conf.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + php_admin_flag safe_mode Off + php_admin_value output_buffering Off + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + # turn allow_url_fopen on for the extension manager fetch + php_admin_value allow_url_fopen On + + # Always rewrite login's (see above) + RewriteEngine On + RewriteCond %{HTTP_COOKIE} ="" + RewriteCond %{REQUEST_METHOD} =GET + RewriteCond %{QUERY_STRING} !subView=core\.UserLogin + RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] + </Directory> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> diff --git a/templates/vhosts/php_silverstripe/CentOS.erb b/templates/vhosts/php_silverstripe/CentOS.erb new file mode 100644 index 0000000..920f2be --- /dev/null +++ b/templates/vhosts/php_silverstripe/CentOS.erb @@ -0,0 +1,183 @@ +# <%= servername %> +<%- unless ssl_mode.to_s == 'only' then -%> +<VirtualHost *:80> + Include conf.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + <%- end -%> + # silverstripe + RedirectMatch /admin(.*) https://<%= servername %>/admin$1 + RedirectMatch /Security(.*) https://<%= servername %>/Security$1 + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if not ssl_mode.to_s == 'force' then -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + + # silverstripe .htaccess + <Files *.ss> + Order deny,allow + Deny from all + #Allow from 127.0.0.1 + </Files> + <IfModule mod_rewrite.c> + RewriteEngine On + #RewriteBase / + + RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) + + RewriteCond %{REQUEST_URI} ^(.*)$ + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] + </IfModule> + </Directory> + <%- end -%> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + SecRuleRemoveById "960010" + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> +<VirtualHost *:443> + Include conf.d/defaults.inc + Include conf.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + # turn allow_url_fopen on for the extension manager fetch + php_admin_value allow_url_fopen On + + # silverstripe .htaccess + <Files *.ss> + Order deny,allow + Deny from all + #Allow from 127.0.0.1 + </Files> + <IfModule mod_rewrite.c> + RewriteEngine On + #RewriteBase / + + RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) + + RewriteCond %{REQUEST_URI} ^(.*)$ + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] + </IfModule> + </Directory> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + SecRuleRemoveById "960010" + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index 4ad4022..126dbb1 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -3,8 +3,6 @@ <VirtualHost *:80> Include include.d/defaults.inc - AddDefaultCharset utf-8 - ServerName <%= servername %> <%- unless serveralias.to_s.empty? then -%> ServerAlias <%= serveralias %> @@ -95,8 +93,6 @@ Include include.d/defaults.inc Include include.d/ssl_defaults.inc - AddDefaultCharset utf-8 - ServerName <%= servername %> <%- unless serveralias.to_s.empty? then -%> ServerAlias <%= serveralias %> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index 336c5f6..e24cb31 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -26,6 +26,7 @@ </IfModule> <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> + DAVLockDB <%= real_dav_db_dir %>/DAVLock <Directory "<%= documentroot %>/"> Dav on AllowOverride None @@ -104,6 +105,7 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> + DAVLockDB <%= real_dav_db_dir %>/DAVLock <Directory "<%= documentroot %>/"> Dav on AllowOverride None |