summaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
Diffstat (limited to 'templates')
-rw-r--r--templates/itk_plus/CentOS/00-listen.conf.erb8
-rw-r--r--templates/vhosts/perl/perl.erb218
-rw-r--r--templates/vhosts/php/php.erb204
-rw-r--r--templates/vhosts/php_drupal/php_drupal.erb238
-rw-r--r--templates/vhosts/php_gallery2/php_gallery.erb215
-rw-r--r--templates/vhosts/php_joomla/php_joomla.erb244
-rw-r--r--templates/vhosts/php_mediawiki/php_mediawiki.erb189
-rw-r--r--templates/vhosts/php_silverstripe/php_silverstripe.erb248
-rw-r--r--templates/vhosts/php_simplemachine/php_simplemachine.erb203
-rw-r--r--templates/vhosts/php_spip/php_spip.erb203
-rw-r--r--templates/vhosts/php_typo3/php_typo3.erb239
-rw-r--r--templates/vhosts/php_wordpress/php_wordpress.erb202
-rw-r--r--templates/vhosts/webdav/webdav.erb153
13 files changed, 2508 insertions, 56 deletions
diff --git a/templates/itk_plus/CentOS/00-listen.conf.erb b/templates/itk_plus/CentOS/00-listen.conf.erb
new file mode 100644
index 0000000..9f2c626
--- /dev/null
+++ b/templates/itk_plus/CentOS/00-listen.conf.erb
@@ -0,0 +1,8 @@
+<IfDefine HttpdLocal>
+Listen 127.0.0.1:80
+PidFile run/httpdlocal.pid
+</IfDefine>
+<IfDefine !HttpdLocal>
+Listen <%= ipaddress %>:80
+PidFile run/httpd.pid
+</IfDefine>
diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb
index 5be25fa..5cb30bc 100644
--- a/templates/vhosts/perl/perl.erb
+++ b/templates/vhosts/perl/perl.erb
@@ -1,4 +1,7 @@
# <%= servername %>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+<IfDefine HttpdLocal>
+<%- end -%>
<%- unless ssl_mode.to_s == 'only' then -%>
<VirtualHost *:80>
Include include.d/defaults.inc
@@ -26,16 +29,20 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
+
<%- if ssl_mode.to_s == 'force' then -%>
Redirect permanent / https://<%= servername %>/
+
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<%- if not ssl_mode.to_s == 'force' then -%>
<Directory "<%= documentroot %>/">
@@ -63,6 +70,7 @@
ScriptAlias /cgi-bin/ <%= cgi_binpath %>/
<%- end -%>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -80,6 +88,7 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -115,13 +124,16 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
+
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<Directory "<%= documentroot %>/">
AllowOverride <%= allow_override %>
@@ -147,6 +159,7 @@
</Directory>
<%- end -%>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -164,9 +177,210 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
<%- end -%>
</VirtualHost>
<%- end -%>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+</IfDefine>
+<IfDefine !HttpdLocal>
+<%- unless ssl_mode.to_s == 'only' then -%>
+<VirtualHost *:80>
+
+ Include include.d/defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.pl
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.pl/?.*)$ http://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / http://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / http://127.0.0.1/
+
+ <%- if ssl_mode.to_s == 'force' then -%>
+ Redirect permanent / https://<%= servername %>/
+
+ <%- end -%>
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' then -%>
+ <%- if not ssl_mode.to_s == 'force' then -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ <Directory "<%= cgi_binpath %>/">
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ </Directory>
+ <%- end -%>
+ ScriptAlias /cgi-bin/ <%= cgi_binpath %>/
+ <%- end -%>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false' then -%>
+<VirtualHost *:443>
+ Include include.d/defaults.inc
+ Include include.d/ssl_defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.pl
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.pl/?.*)$ https://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / https://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / https://127.0.0.1/
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- unless run_mode.to_s == 'static-itk' -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+
+ <%- if htpasswd_file.to_s == 'absent' then -%>
+ <Directory "<%= cgi_binpath %>/">
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ </Directory>
+ <%- end -%>
+ ScriptAlias /cgi-bin/ <%= cgi_binpath %>/
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+</IfDefine>
+<%- end -%>
diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb
index 99c94e2..4d5d984 100644
--- a/templates/vhosts/php/php.erb
+++ b/templates/vhosts/php/php.erb
@@ -1,4 +1,7 @@
# <%= servername %>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+<IfDefine HttpdLocal>
+<%- end -%>
<%- unless ssl_mode.to_s == 'only' then -%>
<VirtualHost *:80>
Include include.d/defaults.inc
@@ -26,16 +29,20 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
+
<%- if ssl_mode.to_s == 'force' then -%>
Redirect permanent / https://<%= servername %>/
+
<%- end -%>
- <%- if default_charset.to_s != 'absent' then -%>
- AddDefaultCharset <%= default_charset %>
- <%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
+ <%- end -%>
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
<%- end -%>
<%- if not ssl_mode.to_s == 'force' then -%>
<Directory "<%= documentroot %>/">
@@ -66,6 +73,7 @@
</Directory>
<%- end -%>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -83,6 +91,7 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -117,14 +126,17 @@
<%- else -%>
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
<Directory "<%= documentroot %>/">
AllowOverride <%= allow_override %>
@@ -153,6 +165,185 @@
<%- end -%>
</Directory>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+ <%- end -%>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+</IfDefine>
+<IfDefine !HttpdLocal>
+<%- unless ssl_mode.to_s == 'only' then -%>
+<VirtualHost *:80>
+ Include include.d/defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / http://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / http://127.0.0.1/
+
+ <%- if ssl_mode.to_s == 'force' then -%>
+ Redirect permanent / https://<%= servername %>/
+
+ <%- end -%>
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' then -%>
+ <%- if not ssl_mode.to_s == 'force' then -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <%- end -%>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false' then -%>
+<VirtualHost *:443>
+ Include include.d/defaults.inc
+ Include include.d/ssl_defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / https://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / https://127.0.0.1/
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <%- end -%>
+
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -176,3 +367,6 @@
<%- end -%>
</VirtualHost>
<%- end -%>
+</IfDefine>
+<%- end -%>
+
diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb
index 9b6c3ef..db01248 100644
--- a/templates/vhosts/php_drupal/php_drupal.erb
+++ b/templates/vhosts/php_drupal/php_drupal.erb
@@ -1,4 +1,7 @@
# <%= servername %>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+<IfDefine HttpdLocal>
+<%- end -%>
<%- unless ssl_mode.to_s == 'only' then -%>
<VirtualHost *:80>
Include include.d/defaults.inc
@@ -31,11 +34,13 @@
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<%- if not ssl_mode.to_s == 'force' then -%>
<Directory "<%= documentroot %>/">
@@ -88,6 +93,7 @@
</Directory>
<%- end -%>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -105,6 +111,7 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -140,13 +147,16 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
- <%- end -%>
- <%- if default_charset.to_s != 'absent' then -%>
- AddDefaultCharset <%= default_charset %>
+
<%- end -%>
<Directory "<%= documentroot %>/">
AllowOverride <%= allow_override %>
@@ -197,6 +207,119 @@
Options +FollowSymLinks
</Directory>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+ <%- end -%>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+</IfDefine>
+<IfDefine !HttpdLocal>
+<%- unless ssl_mode.to_s == 'only' then -%>
+<VirtualHost *:80>
+ Include include.d/defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / http://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / http://127.0.0.1/
+
+ <%- if ssl_mode.to_s == 'force' then -%>
+ Redirect permanent / https://<%= servername %>/
+
+ <%- end -%>
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' then -%>
+ <%- if not ssl_mode.to_s == 'force' then -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+
+ # Protect files and directories from prying eyes.
+ <FilesMatch "\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template)$">
+ Order allow,deny
+ </FilesMatch>
+
+ # Customized error messages.
+ ErrorDocument 404 /index.php
+
+ RewriteEngine on
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
+ </Directory>
+ <Directory "<%= documentroot %>/files/">
+ SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
+ Options None
+ Options +FollowSymLinks
+ </Directory>
+ <%- end -%>
+ <%- end -%>
+
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -220,3 +343,108 @@
<%- end -%>
</VirtualHost>
<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false' then -%>
+<VirtualHost *:443>
+ Include include.d/defaults.inc
+ Include include.d/ssl_defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / https://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / https://127.0.0.1/
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+
+ # Protect files and directories from prying eyes.
+ <FilesMatch "\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template)$">
+ Order allow,deny
+ </FilesMatch>
+
+ # Customized error messages.
+ ErrorDocument 404 /index.php
+
+ RewriteEngine on
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
+ </Directory>
+ <Directory "<%= documentroot %>/files/">
+ SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
+ Options None
+ Options +FollowSymLinks
+ </Directory>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+</IfDefine>
+<%- end -%>
diff --git a/templates/vhosts/php_gallery2/php_gallery.erb b/templates/vhosts/php_gallery2/php_gallery.erb
index 8d10d02..fdcc89b 100644
--- a/templates/vhosts/php_gallery2/php_gallery.erb
+++ b/templates/vhosts/php_gallery2/php_gallery.erb
@@ -1,4 +1,7 @@
# <%= servername %>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+<IfDefine HttpdLocal>
+<%- end -%>
<%- unless ssl_mode.to_s == 'only' then -%>
<VirtualHost *:80>
Include include.d/defaults.inc
@@ -26,16 +29,20 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
+
<%- if ssl_mode.to_s == 'force' then -%>
Redirect permanent / https://<%= servername %>/
+
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<%- if not ssl_mode.to_s == 'force' then -%>
<Directory "<%= documentroot %>/">
@@ -74,6 +81,7 @@
</Directory>
<%- end -%>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -91,6 +99,7 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -126,13 +135,16 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
- <%- end -%>
- <%- if default_charset.to_s != 'absent' then -%>
- AddDefaultCharset <%= default_charset %>
+
<%- end -%>
<Directory "<%= documentroot %>/">
AllowOverride <%= allow_override %>
@@ -169,6 +181,7 @@
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
</Directory>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -182,9 +195,201 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
<%- end -%>
</VirtualHost>
<%- end -%>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+</IfDefine>
+<IfDefine !HttpdLocal>
+<%- unless ssl_mode.to_s == 'only' then -%>
+<VirtualHost *:80>
+ Include include.d/defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / http://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / http://127.0.0.1/
+
+ <%- if ssl_mode.to_s == 'force' then -%>
+ Redirect permanent / https://<%= servername %>/
+
+ <%- end -%>
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' then -%>
+ <%- if not ssl_mode.to_s == 'force' then -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+
+ # Always rewrite login's
+ # Source: http://gallery.menalto.com/node/30558
+ RewriteEngine On
+ RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR]
+ RewriteCond %{QUERY_STRING} subView=core\.UserLogin
+ RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
+ # https -> see below
+ # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS):
+ # $gallery->setConfig('baseUri', '');
+ </Directory>
+ <%- end -%>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false' then -%>
+<VirtualHost *:443>
+ Include include.d/defaults.inc
+ Include include.d/ssl_defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / https://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / https://127.0.0.1/
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ # Always rewrite login's (see above)
+ RewriteEngine On
+ RewriteCond %{HTTP_COOKIE} =""
+ RewriteCond %{REQUEST_METHOD} =GET
+ RewriteCond %{QUERY_STRING} !subView=core\.UserLogin
+ RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
+ </Directory>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ SecAuditEngine On
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+</IfDefine>
+<%- end -%>
diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb
index 8803765..9911a15 100644
--- a/templates/vhosts/php_joomla/php_joomla.erb
+++ b/templates/vhosts/php_joomla/php_joomla.erb
@@ -1,4 +1,7 @@
# <%= servername %>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+<IfDefine HttpdLocal>
+<%- end -%>
<%- unless ssl_mode.to_s == 'only' then -%>
<VirtualHost *:80>
Include include.d/defaults.inc
@@ -26,16 +29,20 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
+
<%- if ssl_mode.to_s == 'force' then -%>
Redirect permanent / https://<%= servername %>/
+
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<%- if not ssl_mode.to_s == 'force' then -%>
<Directory "<%= documentroot %>/">
@@ -75,6 +82,7 @@
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
</Directory>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -106,6 +114,7 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -141,13 +150,16 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
- <%- end -%>
- <%- if default_charset.to_s != 'absent' then -%>
- AddDefaultCharset <%= default_charset %>
+
<%- end -%>
<Directory "<%= documentroot %>/">
Include include.d/joomla.inc
@@ -175,6 +187,226 @@
<%- end -%>
</Directory>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+ # Exceptions for Joomla Root Directory
+ <LocationMatch '^/'>
+ SecRuleRemoveById 950013
+ </LocationMatch>
+
+ # Exceptions for Joomla Administration Panel
+ SecRule REQUEST_FILENAME "/administrator/index2.php" \
+ "allow,phase:1,nolog,ctl:ruleEngine=Off"
+
+ # Exceptions for Joomla Component Expose
+ <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'>
+ SecRuleRemoveById 960010
+ </LocationMatch>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+ <%- end -%>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+</IfDefine>
+<IfDefine !HttpdLocal>
+<%- unless ssl_mode.to_s == 'only' then -%>
+<VirtualHost *:80>
+ Include include.d/defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / http://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / http://127.0.0.1/
+
+ <%- if ssl_mode.to_s == 'force' then -%>
+ Redirect permanent / https://<%= servername %>/
+
+ <%- end -%>
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' then -%>
+ <%- if not ssl_mode.to_s == 'force' then -%>
+ <Directory "<%= documentroot %>/">
+ Include include.d/joomla.inc
+
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <Directory "<%= documentroot %>/administrator/">
+ RewriteEngine on
+
+ # Rewrite URLs to https that go for the admin area
+ RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$
+ RewriteCond %{HTTPS} !=on
+ RewriteCond %{REQUEST_URI} (.*/administrator/.*)
+ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
+ </Directory>
+ <%- end -%>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+ # Exceptions for Joomla Root Directory
+ <LocationMatch '^/'>
+ SecRuleRemoveById 950013
+ </LocationMatch>
+
+ # Exceptions for Joomla Administration Panel
+ SecRule REQUEST_FILENAME "/administrator/index2.php" \
+ "allow,phase:1,nolog,ctl:ruleEngine=Off"
+
+ # Exceptions for Joomla Component Expose
+ <LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'>
+ SecRuleRemoveById 960010
+ </LocationMatch>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false' then -%>
+<VirtualHost *:443>
+ Include include.d/defaults.inc
+ Include include.d/ssl_defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / https://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / https://127.0.0.1/
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ <Directory "<%= documentroot %>/">
+ Include include.d/joomla.inc
+
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <%- end -%>
+
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -212,3 +444,5 @@
<%- end -%>
</VirtualHost>
<%- end -%>
+</IfDefine>
+<%- end -%>
diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb
index 45a19c8..ac51dcc 100644
--- a/templates/vhosts/php_mediawiki/php_mediawiki.erb
+++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb
@@ -1,4 +1,7 @@
# <%= servername %>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+<IfDefine HttpdLocal>
+<%- end -%>
<%- unless ssl_mode.to_s == 'only' then -%>
<VirtualHost *:80>
Include include.d/defaults.inc
@@ -26,16 +29,20 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
+
<%- if ssl_mode.to_s == 'force' then -%>
Redirect permanent / https://<%= servername %>/
+
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<%- if not ssl_mode.to_s == 'force' then -%>
<Directory "<%= documentroot %>/">
@@ -61,6 +68,7 @@
</Directory>
<%- end -%>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -74,6 +82,7 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -109,13 +118,16 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
+
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<Directory "<%= documentroot %>/">
AllowOverride <%= allow_override %>
@@ -139,6 +151,7 @@
php_admin_value session.save_path <%= real_php_session_save_path %>
</Directory>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -152,9 +165,181 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
<%- end -%>
</VirtualHost>
<%- end -%>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+</IfDefine>
+<IfDefine !HttpdLocal>
+<%- unless ssl_mode.to_s == 'only' then -%>
+<VirtualHost *:80>
+ Include include.d/defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / http://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / http://127.0.0.1/
+
+ <%- if ssl_mode.to_s == 'force' then -%>
+ Redirect permanent / https://<%= servername %>/
+
+ <%- end -%>
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' then -%>
+ <%- if not ssl_mode.to_s == 'force' then -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%><%- unless options.to_s.include?('+FollowSymLinks') -%> +FollowSymLinks<% end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <%- end -%>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ SecAuditEngine On
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false' then -%>
+<VirtualHost *:443>
+ Include include.d/defaults.inc
+ Include include.d/ssl_defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / https://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / https://127.0.0.1/
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ SecAuditEngine On
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+</IfDefine>
+<%- end -%>
diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb
index 8b739b7..888c066 100644
--- a/templates/vhosts/php_silverstripe/php_silverstripe.erb
+++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb
@@ -1,4 +1,7 @@
# <%= servername %>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+<IfDefine HttpdLocal>
+<%- end -%>
<%- unless ssl_mode.to_s == 'only' then -%>
<VirtualHost *:80>
Include include.d/defaults.inc
@@ -26,19 +29,24 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
+
<%- if ssl_mode.to_s == 'force' then -%>
Redirect permanent / https://<%= servername %>/
+
<%- end -%>
# silverstripe
RedirectMatch /admin(.*) https://<%= servername %>/admin$1
RedirectMatch /Security(.*) https://<%= servername %>/Security$1
+
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<%- if not ssl_mode.to_s == 'force' then -%>
<Directory "<%= documentroot %>/">
@@ -70,6 +78,7 @@
Deny from all
#Allow from 127.0.0.1
</Files>
+
<IfModule mod_rewrite.c>
RewriteEngine On
#RewriteBase /
@@ -83,6 +92,7 @@
</Directory>
<%- end -%>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -102,6 +112,7 @@
# http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
SecRuleRemoveById "960010"
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -136,14 +147,18 @@
<%- else -%>
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
+
+ <%- end -%>
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
- <%- end -%>
- <%- if default_charset.to_s != 'absent' then -%>
- AddDefaultCharset <%= default_charset %>
+
<%- end -%>
<Directory "<%= documentroot %>/">
AllowOverride <%= allow_override %>
@@ -188,6 +203,7 @@
</IfModule>
</Directory>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -207,9 +223,231 @@
# http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
SecRuleRemoveById "960010"
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
<%- end -%>
</VirtualHost>
<%- end -%>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+</IfDefine>
+<IfDefine !HttpdLocal>
+<%- unless ssl_mode.to_s == 'only' then -%>
+<VirtualHost *:80>
+ Include include.d/defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / http://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / http://127.0.0.1/
+
+ <%- if ssl_mode.to_s == 'force' then -%>
+ Redirect permanent / https://<%= servername %>/
+
+ <%- end -%>
+ # silverstripe
+ RedirectMatch /admin(.*) https://<%= servername %>/admin$1
+ RedirectMatch /Security(.*) https://<%= servername %>/Security$1
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' then -%>
+ <%- if not ssl_mode.to_s == 'force' then -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ # silverstripe .htaccess
+ <Files *.ss>
+ Order deny,allow
+ Deny from all
+ #Allow from 127.0.0.1
+ </Files>
+
+ <IfModule mod_rewrite.c>
+ RewriteEngine On
+ #RewriteBase /
+
+ RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$)
+
+ RewriteCond %{REQUEST_URI} ^(.*)$
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L]
+ </IfModule>
+ </Directory>
+ <%- end -%>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+ SecRuleRemoveById "960010"
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false' then -%>
+<VirtualHost *:443>
+ Include include.d/defaults.inc
+ Include include.d/ssl_defaults.inc
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / https://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / https://127.0.0.1/
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+
+ # silverstripe .htaccess
+ <Files *.ss>
+ Order deny,allow
+ Deny from all
+ #Allow from 127.0.0.1
+ </Files>
+ <IfModule mod_rewrite.c>
+ RewriteEngine On
+ #RewriteBase /
+
+ RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$)
+
+ RewriteCond %{REQUEST_URI} ^(.*)$
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L]
+ </IfModule>
+ </Directory>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+ SecRuleRemoveById "960010"
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+</IfDefine>
+<%- end -%>
+
diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb
index b2b0419..7042647 100644
--- a/templates/vhosts/php_simplemachine/php_simplemachine.erb
+++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb
@@ -1,4 +1,7 @@
# <%= servername %>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+<IfDefine HttpdLocal>
+<%- end -%>
<%- unless ssl_mode.to_s == 'only' then -%>
<VirtualHost *:80>
Include include.d/defaults.inc
@@ -26,16 +29,20 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
+
<%- if ssl_mode.to_s == 'force' then -%>
Redirect permanent / https://<%= servername %>/
+
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<%- if not ssl_mode.to_s == 'force' then -%>
<Directory "<%= documentroot %>/">
@@ -60,6 +67,7 @@
</Directory>
<%- end -%>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -77,6 +85,7 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -112,13 +121,16 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
- <%- end -%>
- <%- if default_charset.to_s != 'absent' then -%>
- AddDefaultCharset <%= default_charset %>
+
<%- end -%>
<Directory "<%= documentroot %>/">
AllowOverride <%= allow_override %>
@@ -141,6 +153,7 @@
php_admin_value session.save_path <%= real_php_session_save_path %>
</Directory>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -158,9 +171,189 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
<%- end -%>
</VirtualHost>
<%- end -%>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+</IfDefine>
+<IfDefine !HttpdLocal>
+<%- unless ssl_mode.to_s == 'only' then -%>
+<VirtualHost *:80>
+ Include include.d/defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / http://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / http://127.0.0.1/
+
+ <%- if ssl_mode.to_s == 'force' then -%>
+ Redirect permanent / https://<%= servername %>/
+
+ <%- end -%>
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' then -%>
+ <%- if not ssl_mode.to_s == 'force' then -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <%- end -%>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false' then -%>
+<VirtualHost *:443>
+ Include include.d/defaults.inc
+ Include include.d/ssl_defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / https://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / https://127.0.0.1/
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+</IfDefine>
+<%- end -%>
diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb
index 99c94e2..c63cf77 100644
--- a/templates/vhosts/php_spip/php_spip.erb
+++ b/templates/vhosts/php_spip/php_spip.erb
@@ -1,4 +1,7 @@
# <%= servername %>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+<IfDefine HttpdLocal>
+<%- end -%>
<%- unless ssl_mode.to_s == 'only' then -%>
<VirtualHost *:80>
Include include.d/defaults.inc
@@ -26,16 +29,20 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
+
<%- if ssl_mode.to_s == 'force' then -%>
Redirect permanent / https://<%= servername %>/
+
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<%- if not ssl_mode.to_s == 'force' then -%>
<Directory "<%= documentroot %>/">
@@ -66,6 +73,7 @@
</Directory>
<%- end -%>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -83,6 +91,7 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -118,13 +127,16 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
- <%- end -%>
- <%- if default_charset.to_s != 'absent' then -%>
- AddDefaultCharset <%= default_charset %>
+
<%- end -%>
<Directory "<%= documentroot %>/">
AllowOverride <%= allow_override %>
@@ -153,6 +165,7 @@
<%- end -%>
</Directory>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -170,9 +183,189 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
<%- end -%>
</VirtualHost>
<%- end -%>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+</IfDefine>
+<IfDefine !HttpdLocal>
+<%- unless ssl_mode.to_s == 'only' then -%>
+<VirtualHost *:80>
+ Include include.d/defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / http://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / http://127.0.0.1/
+
+ <%- if ssl_mode.to_s == 'force' then -%>
+ Redirect permanent / https://<%= servername %>/
+
+ <%- end -%>
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' then -%>
+ <%- if not ssl_mode.to_s == 'force' then -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <%- end -%>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false' then -%>
+<VirtualHost *:443>
+ Include include.d/defaults.inc
+ Include include.d/ssl_defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / https://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / https://127.0.0.1/
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+</IfDefine>
+<%- end -%>
diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb
index c3bb0d4..6272576 100644
--- a/templates/vhosts/php_typo3/php_typo3.erb
+++ b/templates/vhosts/php_typo3/php_typo3.erb
@@ -1,4 +1,7 @@
# <%= servername %>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+<IfDefine HttpdLocal>
+<%- end -%>
<%- unless ssl_mode.to_s == 'only' then -%>
<VirtualHost *:80>
Include include.d/defaults.inc
@@ -26,16 +29,20 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
+
<%- if ssl_mode.to_s == 'force' then -%>
Redirect permanent / https://<%= servername %>/
+
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<%- if not ssl_mode.to_s == 'force' then -%>
<Directory "<%= documentroot %>/">
@@ -61,8 +68,6 @@
php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %>
<%- end -%>
</Directory>
- <%- end -%>
-
<Directory "<%= documentroot %>/typo3/">
RewriteEngine on
@@ -72,8 +77,17 @@
RewriteCond %{REQUEST_URI} (.*/typo3/.*)
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
</Directory>
+ <%- end -%>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+ <Location "/typo3">
+ <IfModule mod_security2.c>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ </IfModule>
+ </Location>
+
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -93,6 +107,7 @@
# http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
SecRuleRemoveById "960010"
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -128,13 +143,16 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
- <%- end -%>
- <%- if default_charset.to_s != 'absent' then -%>
- AddDefaultCharset <%= default_charset %>
+
<%- end -%>
<Directory "<%= documentroot %>/">
AllowOverride <%= allow_override %>
@@ -162,9 +180,11 @@
php_admin_value allow_url_fopen On
</Directory>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<Location "/typo3">
<IfModule mod_security2.c>
SecRuleEngine Off
+ SecAuditEngine Off
</IfModule>
</Location>
@@ -187,9 +207,214 @@
# http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
SecRuleRemoveById "960010"
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
<%- end -%>
</VirtualHost>
<%- end -%>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+</IfDefine>
+<IfDefine !HttpdLocal>
+<%- unless ssl_mode.to_s == 'only' then -%>
+<VirtualHost *:80>
+ Include include.d/defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / http://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / http://127.0.0.1/
+
+ <%- if ssl_mode.to_s == 'force' then -%>
+ Redirect permanent / https://<%= servername %>/
+
+ <%- end -%>
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' then -%>
+ <%- if not ssl_mode.to_s == 'force' then -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <Directory "<%= documentroot %>/typo3/">
+ RewriteEngine on
+
+ # Rewrite URLs to https that go for the admin area
+ RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$
+ RewriteCond %{HTTPS} !=on
+ RewriteCond %{REQUEST_URI} (.*/typo3/.*)
+ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
+ </Directory>
+ <%- end -%>
+ <%- end -%>
+
+ <Location "/typo3">
+ <IfModule mod_security2.c>
+ SecRuleEngine Off
+ </IfModule>
+ </Location>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+ SecRuleRemoveById "960010"
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false' then -%>
+<VirtualHost *:443>
+ Include include.d/defaults.inc
+ Include include.d/ssl_defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / https://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / https://127.0.0.1/
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <%- end -%>
+
+ <Location "/typo3">
+ <IfModule mod_security2.c>
+ SecRuleEngine Off
+ </IfModule>
+ </Location>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+ SecRuleRemoveById "960010"
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+</IfDefine>
+<%- end -%>
diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb
index 5dbf9dc..2a90c69 100644
--- a/templates/vhosts/php_wordpress/php_wordpress.erb
+++ b/templates/vhosts/php_wordpress/php_wordpress.erb
@@ -1,4 +1,7 @@
# <%= servername %>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+<IfDefine HttpdLocal>
+<%- end -%>
<%- unless ssl_mode.to_s == 'only' then -%>
<VirtualHost *:80>
Include include.d/defaults.inc
@@ -26,16 +29,20 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
+
<%- if ssl_mode.to_s == 'force' then -%>
Redirect permanent / https://<%= servername %>/
+
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<%- if not ssl_mode.to_s == 'force' then -%>
<Directory "<%= documentroot %>/">
@@ -63,6 +70,7 @@
</Directory>
<%- end -%>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -79,6 +87,7 @@
SecRuleRemoveById "960010"
SecRuleRemoveById "950018"
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -114,13 +123,16 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
- <%- end -%>
- <%- if default_charset.to_s != 'absent' then -%>
- AddDefaultCharset <%= default_charset %>
+
<%- end -%>
<Directory "<%= documentroot %>/">
AllowOverride <%= allow_override %>
@@ -146,6 +158,99 @@
<%- end -%>
</Directory>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ SecAuditEngine On
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+ SecRuleRemoveById "960010"
+ SecRuleRemoveById "950018"
+ </IfModule>
+ <%- end -%>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+</IfDefine>
+<IfDefine !HttpdLocal>
+<%- unless ssl_mode.to_s == 'only' then -%>
+<VirtualHost *:80>
+ Include include.d/defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / http://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / http://127.0.0.1/
+
+ <%- if ssl_mode.to_s == 'force' then -%>
+ Redirect permanent / https://<%= servername %>/
+
+ <%- end -%>
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' then -%>
+ <%- if not ssl_mode.to_s == 'force' then -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <%- end -%>
+ <%- end -%>
+
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -168,3 +273,90 @@
<%- end -%>
</VirtualHost>
<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false' then -%>
+<VirtualHost *:443>
+ Include include.d/defaults.inc
+ Include include.d/ssl_defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ DocumentRoot <%= documentroot %>/
+ DirectoryIndex index.htm index.html index.php
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ <%- if run_mode.to_s == 'static-itk' -%>
+ ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1
+ <%- else -%>
+ ProxyPass / https://127.0.0.1/
+ <%- end -%>
+ ProxyPassReverse / https://127.0.0.1/
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s == 'static-itk' -%>
+ <Directory "<%= documentroot %>/">
+ AllowOverride <%= allow_override %>
+ <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+ <%- end -%>
+ <%- unless htpasswd_file.to_s == 'absent' then -%>
+ AuthType Basic
+ AuthName "Access fuer <%= servername %>"
+ AuthUserFile <%= real_htpasswd_path %>
+ require valid-user
+ <%- end -%>
+ </Directory>
+ <%- end -%>
+
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ SecAuditEngine On
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+ SecRuleRemoveById "960010"
+ SecRuleRemoveById "950018"
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+</IfDefine>
+<%- end -%>
+
diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb
index 6e66f30..a7dfa37 100644
--- a/templates/vhosts/webdav/webdav.erb
+++ b/templates/vhosts/webdav/webdav.erb
@@ -1,4 +1,7 @@
# <%= servername %>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+<IfDefine HttpdLocal>
+<%- end -%>
<%- unless ssl_mode.to_s == 'only' then -%>
<VirtualHost *:80>
Include include.d/defaults.inc
@@ -26,16 +29,20 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
+
<%- if ssl_mode.to_s == 'force' then -%>
Redirect permanent / https://<%= servername %>/
+
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
+
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
+
<%- end -%>
<%- if not ssl_mode.to_s == 'force' then -%>
DAVLockDB <%= real_dav_db_dir %>/DAVLock
@@ -66,6 +73,7 @@
</Directory>
<%- end -%>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -83,6 +91,7 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
@@ -118,13 +127,16 @@
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
- <%- if run_mode.to_s == 'itk' -%>
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
<IfModule mpm_itk_module>
AssignUserId <%= run_uid+" "+run_gid %>
</IfModule>
- <%- end -%>
- <%- if default_charset.to_s != 'absent' then -%>
- AddDefaultCharset <%= default_charset %>
+
<%- end -%>
DAVLockDB <%= real_dav_db_dir %>/DAVLock
<Directory "<%= documentroot %>/">
@@ -153,6 +165,7 @@
<%- end -%>
</Directory>
+ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<IfModule mod_security2.c>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
@@ -170,9 +183,139 @@
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
</IfModule>
+ <%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
<%- end -%>
</VirtualHost>
<%- end -%>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+</IfDefine>
+<IfDefine !HttpdLocal>
+<%- unless ssl_mode.to_s == 'only' then -%>
+<VirtualHost *:80>
+ Include include.d/defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ ProxyPass / https://127.0.0.1/
+ ProxyPassReverse / https://127.0.0.1/
+
+ <%- if ssl_mode.to_s == 'force' then -%>
+ Redirect permanent / https://<%= servername %>/
+
+ <%- end -%>
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false' then -%>
+<VirtualHost *:443>
+ Include include.d/defaults.inc
+ Include include.d/ssl_defaults.inc
+
+ ServerName <%= servername %>
+ <%- unless serveralias.to_s.empty? then -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+ <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+ ServerAdmin <%= server_admin %>
+ <%- end -%>
+
+ <%- case logmode.to_s
+ when 'nologs' -%>
+ ErrorLog /dev/null
+ CustomLog /dev/null
+ <%- when 'semianonym' -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- when 'anonym' -%>
+ ErrorLog /dev/null
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+ <%- else -%>
+ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+ CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+ <%- end -%>
+
+ ProxyPreserveHost On
+ ProxyRequests off
+ ProxyPass / http://127.0.0.1/
+ ProxyPassReverse / http://127.0.0.1/
+
+ <%- if default_charset.to_s != 'absent' then -%>
+ AddDefaultCharset <%= default_charset %>
+
+ <%- end -%>
+ <IfModule mod_security2.c>
+ <%- if mod_security.to_s == 'true' then -%>
+ SecRuleEngine On
+ <%- if mod_security_relevantonly.to_s == 'true' then -%>
+ SecAuditEngine RelevantOnly
+ <%- else -%>
+ SecAuditEngine On
+ <%- end -%>
+ <%- else -%>
+ SecRuleEngine Off
+ SecAuditEngine Off
+ <%- end -%>
+ SecAuditLogType Concurrent
+ SecAuditLogStorageDir <%= logdir %>/
+ SecAuditLog <%= logdir %>/mod_security_audit.log
+ SecDebugLog <%= logdir %>/mod_security_debug.log
+ </IfModule>
+
+ <%- unless additional_options.to_s == 'absent' then -%>
+ <%= additional_options %>
+ <%- end -%>
+</VirtualHost>
+<%- end -%>
+</IfDefine>
+<%- end -%>