summaryrefslogtreecommitdiff
path: root/templates/vhosts/php_wordpress
diff options
context:
space:
mode:
Diffstat (limited to 'templates/vhosts/php_wordpress')
-rw-r--r--templates/vhosts/php_wordpress/php_wordpress.erb202
1 files changed, 197 insertions, 5 deletions
diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb
index 5dbf9dc..2a90c69 100644
--- a/templates/vhosts/php_wordpress/php_wordpress.erb
+++ b/templates/vhosts/php_wordpress/php_wordpress.erb
@@ -1,4 +1,7 @@
# <%= servername %>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+<IfDefine HttpdLocal>
+<%- end -%>
<%- unless ssl_mode.to_s == 'only' then -%>
<VirtualHost *:80>
Include include.d/defaults.inc
@@ -26,16 +29,20 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
+
<%- if ssl_mode.to_s == 'force' then -%>
Redirect permanent / https://<%= servername %>/
+
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<%- if not ssl_mode.to_s == 'force' then -%>
<Directory "<%= documentroot %>/">
@@ -63,6 +70,7 @@
</Directory>
<%- end -%>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -79,6 +87,7 @@
SecRuleRemoveById "960010"
SecRuleRemoveById "950018"
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -114,13 +123,16 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
- <%- end -%>
- <%- if default_charset.to_s != 'absent' then -%>
- AddDefaultCharset <%= default_charset %>
+
<%- end -%>
<Directory "<%= documentroot %>/">
AllowOverride <%= allow_override %>
@@ -146,6 +158,99 @@
<%- end -%>
</Directory>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ SecAuditEngine On
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+ SecRuleRemoveById "960010"
+ SecRuleRemoveById "950018"
+ </IfModule>
+ <%- end -%>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+</IfDefine>
+<IfDefine !HttpdLocal>
+<%- unless ssl_mode.to_s == 'only' then -%>
+<VirtualHost *:80>
+ Include include.d/defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / http://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / http://127.0.0.1/
+
+ <%- if ssl_mode.to_s == 'force' then -%>
+ Redirect permanent / https://<%= servername %>/
+
+ <%- end -%>
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' then -%>
+ <%- if not ssl_mode.to_s == 'force' then -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <%- end -%>
+ <%- end -%>
+
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -168,3 +273,90 @@
<%- end -%>
</VirtualHost>
<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false' then -%>
+<VirtualHost *:443>
+ Include include.d/defaults.inc
+ Include include.d/ssl_defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / https://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / https://127.0.0.1/
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ SecAuditEngine On
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+ SecRuleRemoveById "960010"
+ SecRuleRemoveById "950018"
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+</IfDefine>
+<%- end -%>
+