diff options
Diffstat (limited to 'templates')
-rw-r--r-- | templates/vhosts/php_gallery2/CentOS.erb | 162 | ||||
-rw-r--r-- | templates/vhosts/php_silverstripe/CentOS.erb | 183 | ||||
-rw-r--r-- | templates/vhosts/php_typo3/php_typo3.erb | 4 | ||||
-rw-r--r-- | templates/vhosts/webdav/webdav.erb | 2 |
4 files changed, 347 insertions, 4 deletions
diff --git a/templates/vhosts/php_gallery2/CentOS.erb b/templates/vhosts/php_gallery2/CentOS.erb new file mode 100644 index 0000000..93d6596 --- /dev/null +++ b/templates/vhosts/php_gallery2/CentOS.erb @@ -0,0 +1,162 @@ +# <%= servername %> +<%- unless ssl_mode.to_s == 'only' then -%> +<VirtualHost *:80> + Include conf.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if not ssl_mode.to_s == 'force' then -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + php_admin_flag safe_mode Off + php_admin_value output_buffering Off + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + # Always rewrite login's + # Source: http://gallery.menalto.com/node/30558 + RewriteEngine On + RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] + RewriteCond %{QUERY_STRING} subView=core\.UserLogin + RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] + # https -> see below + # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS): + # $gallery->setConfig('baseUri', ''); + </Directory> + <%- end -%> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> +<VirtualHost *:443> + Include conf.d/defaults.inc + Include conf.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + php_admin_flag safe_mode Off + php_admin_value output_buffering Off + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + # turn allow_url_fopen on for the extension manager fetch + php_admin_value allow_url_fopen On + + # Always rewrite login's (see above) + RewriteEngine On + RewriteCond %{HTTP_COOKIE} ="" + RewriteCond %{REQUEST_METHOD} =GET + RewriteCond %{QUERY_STRING} !subView=core\.UserLogin + RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] + </Directory> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> diff --git a/templates/vhosts/php_silverstripe/CentOS.erb b/templates/vhosts/php_silverstripe/CentOS.erb new file mode 100644 index 0000000..920f2be --- /dev/null +++ b/templates/vhosts/php_silverstripe/CentOS.erb @@ -0,0 +1,183 @@ +# <%= servername %> +<%- unless ssl_mode.to_s == 'only' then -%> +<VirtualHost *:80> + Include conf.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + <%- end -%> + # silverstripe + RedirectMatch /admin(.*) https://<%= servername %>/admin$1 + RedirectMatch /Security(.*) https://<%= servername %>/Security$1 + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if not ssl_mode.to_s == 'force' then -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + + # silverstripe .htaccess + <Files *.ss> + Order deny,allow + Deny from all + #Allow from 127.0.0.1 + </Files> + <IfModule mod_rewrite.c> + RewriteEngine On + #RewriteBase / + + RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) + + RewriteCond %{REQUEST_URI} ^(.*)$ + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] + </IfModule> + </Directory> + <%- end -%> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + SecRuleRemoveById "960010" + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> +<VirtualHost *:443> + Include conf.d/defaults.inc + Include conf.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + # turn allow_url_fopen on for the extension manager fetch + php_admin_value allow_url_fopen On + + # silverstripe .htaccess + <Files *.ss> + Order deny,allow + Deny from all + #Allow from 127.0.0.1 + </Files> + <IfModule mod_rewrite.c> + RewriteEngine On + #RewriteBase / + + RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) + + RewriteCond %{REQUEST_URI} ^(.*)$ + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] + </IfModule> + </Directory> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + SecRuleRemoveById "960010" + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index 4ad4022..126dbb1 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -3,8 +3,6 @@ <VirtualHost *:80> Include include.d/defaults.inc - AddDefaultCharset utf-8 - ServerName <%= servername %> <%- unless serveralias.to_s.empty? then -%> ServerAlias <%= serveralias %> @@ -95,8 +93,6 @@ Include include.d/defaults.inc Include include.d/ssl_defaults.inc - AddDefaultCharset utf-8 - ServerName <%= servername %> <%- unless serveralias.to_s.empty? then -%> ServerAlias <%= serveralias %> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index 336c5f6..e24cb31 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -26,6 +26,7 @@ </IfModule> <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> + DAVLockDB <%= real_dav_db_dir %>/DAVLock <Directory "<%= documentroot %>/"> Dav on AllowOverride None @@ -104,6 +105,7 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> + DAVLockDB <%= real_dav_db_dir %>/DAVLock <Directory "<%= documentroot %>/"> Dav on AllowOverride None |