diff options
Diffstat (limited to 'templates/vhosts/php_silverstripe/php_silverstripe.erb')
-rw-r--r-- | templates/vhosts/php_silverstripe/php_silverstripe.erb | 248 |
1 files changed, 243 insertions, 5 deletions
diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index 8b739b7..888c066 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -1,4 +1,7 @@ # <%= servername %> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> +<IfDefine HttpdLocal> +<%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> <VirtualHost *:80> Include include.d/defaults.inc @@ -26,19 +29,24 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ + <%- end -%> # silverstripe RedirectMatch /admin(.*) https://<%= servername %>/admin$1 RedirectMatch /Security(.*) https://<%= servername %>/Security$1 + <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> <IfModule mpm_itk_module> AssignUserId <%= run_uid+" "+run_gid %> </IfModule> + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> <Directory "<%= documentroot %>/"> @@ -70,6 +78,7 @@ Deny from all #Allow from 127.0.0.1 </Files> + <IfModule mod_rewrite.c> RewriteEngine On #RewriteBase / @@ -83,6 +92,7 @@ </Directory> <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -102,6 +112,7 @@ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html SecRuleRemoveById "960010" </IfModule> + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -136,14 +147,18 @@ <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + + <%- end -%> + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> <IfModule mpm_itk_module> AssignUserId <%= run_uid+" "+run_gid %> </IfModule> - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + <%- end -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> @@ -188,6 +203,7 @@ </IfModule> </Directory> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <IfModule mod_security2.c> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -207,9 +223,231 @@ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html SecRuleRemoveById "960010" </IfModule> + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> </VirtualHost> <%- end -%> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> +</IfDefine> +<IfDefine !HttpdLocal> +<%- unless ssl_mode.to_s == 'only' then -%> +<VirtualHost *:80> + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 + <%- else -%> + ProxyPass / http://127.0.0.1/ + <%- end -%> + ProxyPassReverse / http://127.0.0.1/ + + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + + <%- end -%> + # silverstripe + RedirectMatch /admin(.*) https://<%= servername %>/admin$1 + RedirectMatch /Security(.*) https://<%= servername %>/Security$1 + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' then -%> + <%- if not ssl_mode.to_s == 'force' then -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + # silverstripe .htaccess + <Files *.ss> + Order deny,allow + Deny from all + #Allow from 127.0.0.1 + </Files> + + <IfModule mod_rewrite.c> + RewriteEngine On + #RewriteBase / + + RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) + + RewriteCond %{REQUEST_URI} ^(.*)$ + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] + </IfModule> + </Directory> + <%- end -%> + <%- end -%> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + SecRuleRemoveById "960010" + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> +<VirtualHost *:443> + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + # silverstripe .htaccess + <Files *.ss> + Order deny,allow + Deny from all + #Allow from 127.0.0.1 + </Files> + <IfModule mod_rewrite.c> + RewriteEngine On + #RewriteBase / + + RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) + + RewriteCond %{REQUEST_URI} ^(.*)$ + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] + </IfModule> + </Directory> + <%- end -%> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + SecRuleRemoveById "960010" + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> +</IfDefine> +<%- end -%> + |