diff options
Diffstat (limited to 'templates/vhosts/partials')
-rw-r--r-- | templates/vhosts/partials/authentication.erb | 12 | ||||
-rw-r--r-- | templates/vhosts/partials/header_default.erb | 24 | ||||
-rw-r--r-- | templates/vhosts/partials/logs.erb | 16 | ||||
-rw-r--r-- | templates/vhosts/partials/mod_security.erb | 24 | ||||
-rw-r--r-- | templates/vhosts/partials/php_settings.erb | 31 | ||||
-rw-r--r-- | templates/vhosts/partials/ssl.erb | 8 | ||||
-rw-r--r-- | templates/vhosts/partials/std_override_options.erb | 8 |
7 files changed, 69 insertions, 54 deletions
diff --git a/templates/vhosts/partials/authentication.erb b/templates/vhosts/partials/authentication.erb index 6ca1b03..ed83221 100644 --- a/templates/vhosts/partials/authentication.erb +++ b/templates/vhosts/partials/authentication.erb @@ -1,6 +1,6 @@ -<% unless htpasswd_file.to_s == 'absent' -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user -<% end -%>
\ No newline at end of file +<% unless @htpasswd_file.to_s == 'absent' -%> + AuthType Basic + AuthName "Access fuer <%= @servername %>" + AuthUserFile <%= @real_htpasswd_path %> + require valid-user +<% end -%> diff --git a/templates/vhosts/partials/header_default.erb b/templates/vhosts/partials/header_default.erb index d6d8c86..cd4d04c 100644 --- a/templates/vhosts/partials/header_default.erb +++ b/templates/vhosts/partials/header_default.erb @@ -1,20 +1,22 @@ Include include.d/defaults.inc <% if vhost_part == :ssl -%> Include include.d/ssl_defaults.inc +<%= scope.function_templatewlv(['apache/vhosts/partials/ssl.erb', + {'configuration' => configuration}]) %> <% end -%> - ServerName <%= servername %> -<% unless serveralias.empty? || (serveralias == 'absent') -%> - ServerAlias <%= serveralias %> + ServerName <%= @servername %> +<% unless @serveralias.empty? || (@serveralias == 'absent') -%> + ServerAlias <%= Array(@serveralias).sort.join(' ') %> <% end -%> -<% unless server_admin.empty? || (server_admin == 'absent') -%> - ServerAdmin <%= server_admin %> +<% unless @server_admin.empty? || (@server_admin == 'absent') -%> + ServerAdmin <%= @server_admin %> <% end -%> -<% unless documentroot == 'really_absent' -%> - DocumentRoot <%= documentroot %>/ +<% unless @documentroot == 'really_absent' -%> + DocumentRoot <%= @documentroot %>/ <% end -%> -<% if default_charset != 'absent' then -%> - AddDefaultCharset <%= default_charset %> +<% if @default_charset != 'absent' -%> + AddDefaultCharset <%= @default_charset %> <% end -%> -<% if passing_extension != 'absent' -%> - DirectoryIndex index.htm index.html index.<%= passing_extension %> +<% if @passing_extension != 'absent' -%> + DirectoryIndex index.htm index.html index.<%= @passing_extension %> <% end -%> diff --git a/templates/vhosts/partials/logs.erb b/templates/vhosts/partials/logs.erb index 68403a8..136508f 100644 --- a/templates/vhosts/partials/logs.erb +++ b/templates/vhosts/partials/logs.erb @@ -1,14 +1,18 @@ -<% case logmode.to_s +<% case @logmode.to_s when 'nologs' -%> ErrorLog /dev/null CustomLog /dev/null +<% when 'noaccess' -%> + ErrorLog <%= @logdir %>/<%= @logprefix %>error_log + CustomLog /dev/null noip <% when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logprefix %>error_log - CustomLog <%= logdir %>/<%= logprefix %>access_log noip + ErrorLog <%= @logdir %>/<%= @logprefix %>error_log + CustomLog <%= @logdir %>/<%= @logprefix %>access_log noip <% when 'anonym' -%> ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logprefix %>access_log noip + CustomLog <%= @logdir %>/<%= @logprefix %>access_log noip <% else -%> - ErrorLog <%= logdir %>/<%= logprefix %>error_log - CustomLog <%= logdir %>/<%= logprefix %>access_log combined + ErrorLog <%= @logdir %>/<%= @logprefix %>error_log + CustomLog <%= @logdir %>/<%= @logprefix %>access_log combined <% end -%> + diff --git a/templates/vhosts/partials/mod_security.erb b/templates/vhosts/partials/mod_security.erb index 5b4fca8..380e78f 100644 --- a/templates/vhosts/partials/mod_security.erb +++ b/templates/vhosts/partials/mod_security.erb @@ -1,27 +1,27 @@ <IfModule mod_security2.c> -<% if mod_security.to_s == 'true' then -%> +<% if @mod_security.to_s == 'true' -%> SecRuleEngine On -<% if mod_security_relevantonly.to_s == 'true' then -%> +<% if @mod_security_relevantonly.to_s == 'true' -%> SecAuditEngine RelevantOnly -<% else -%> +<% else -%> SecAuditEngine On -<% end -%> +<% end -%> <% else -%> SecRuleEngine Off SecAuditEngine Off <% end -%> SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log -<% unless mod_security_rules_to_disable.to_a.empty? -%> + SecAuditLogStorageDir <%= @logdir %>/ + SecAuditLog <%= @logdir %>/mod_security_audit.log + SecDebugLog <%= @logdir %>/mod_security_debug.log +<% unless (disabled_rules=Array(@mod_security_rules_to_disable)).empty? -%> -<% mod_security_rules_to_disable.to_a.each do |rule| -%> +<% disabled_rules.each do |rule| -%> SecRuleRemoveById "<%= rule %>" +<% end -%> <% end -%> -<% end -%> -<% unless mod_security_additional_options.to_s == 'absent' -%> +<% unless (s=@mod_security_additional_options).to_s == 'absent' -%> - <%= mod_security_additional_options %> + <%= s %> <% end -%> </IfModule> diff --git a/templates/vhosts/partials/php_settings.erb b/templates/vhosts/partials/php_settings.erb index 7840987..74f6ecf 100644 --- a/templates/vhosts/partials/php_settings.erb +++ b/templates/vhosts/partials/php_settings.erb @@ -1,19 +1,20 @@ -<% if run_mode != 'fcgid' - php_settings.reject{|k,v| v == :undef }.keys.sort.each do |key| - dvalue = php_settings[key].to_s.downcase +<% if @run_mode != 'fcgid' + @php_settings.reject{|k,v| (v == :undef) || v.nil? }.keys.sort.each do |key| + dvalue = @php_settings[key].to_s.downcase munged_value = if dvalue == 'true' - 'on' - elsif dvalue == 'false' - 'off' - elsif ['on','off'].include?(dvalue) - dvalue - else - php_settings[key] - end - if ['on','off' ].include?(munged_value) -%> + 'on' + elsif dvalue == 'false' + 'off' + elsif ['on','off'].include?(dvalue) + dvalue + else + @php_settings[key] + end + + if ['on','off' ].include?(munged_value) -%> php_admin_flag <%= key %> <%= munged_value %> -<% else -%> +<% else -%> php_admin_value <%= key %> <%= munged_value %> -<% end -%> -<% end -%> +<% end -%> +<% end -%> <% end -%> diff --git a/templates/vhosts/partials/ssl.erb b/templates/vhosts/partials/ssl.erb new file mode 100644 index 0000000..c9f3933 --- /dev/null +++ b/templates/vhosts/partials/ssl.erb @@ -0,0 +1,8 @@ + SSLCertificateFile <%= configuration['ssl_certificate_file'] || scope.lookupvar('apache::default_ssl_certificate_file') %> + SSLCertificateKeyFile <%= configuration['ssl_certificate_key_file'] || scope.lookupvar('apache::default_ssl_certificate_key_file') %> +<% if configuration['ssl_certificate_chain_file'] || scope.lookupvar('apache::default_ssl_certificate_chain_file') != 'absent' -%> + SSLCertificateChainFile <%= configuration['ssl_certificate_chain_file'] || scope.lookupvar('apache::default_ssl_certificate_chain_file') %> +<% end -%> +<% if configuration['hsts'] -%> + Header add Strict-Transport-Security "max-age=<%= (configuration['hsts']['age'] || 15768000) rescue 15768000 %>" +<% end -%> diff --git a/templates/vhosts/partials/std_override_options.erb b/templates/vhosts/partials/std_override_options.erb index 95a5e6a..6d8b74f 100644 --- a/templates/vhosts/partials/std_override_options.erb +++ b/templates/vhosts/partials/std_override_options.erb @@ -1,4 +1,4 @@ - AllowOverride <%= allow_override %> - <% if options.to_s != 'absent' || do_includes.to_s == 'true' || run_mode == 'fcgid' -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><% end -%><% if do_includes.to_s == 'true' && !options.include?('+Includes') -%> +Includes<% end -%><% if run_mode == 'fcgid' && !options.include?('+ExecCGI') -%> +ExecCGI<% end -%> - <% end -%> + AllowOverride <%= @allow_override %> +<% if @options.to_s != 'absent' || @do_includes.to_s == 'true' || @run_mode == 'fcgid' -%> + Options <%- unless @options.to_s == 'absent' -%><%= @options %><% end -%><% if @do_includes.to_s == 'true' && !@options.include?('+Includes') -%> +Includes<% end -%><% if @run_mode == 'fcgid' && !@options.include?('+ExecCGI') -%> +ExecCGI<% end -%> +<% end -%> |