summaryrefslogtreecommitdiff
path: root/templates
AgeCommit message (Collapse)Author
2010-08-16fix various missing things for itk_plus modemh
2010-08-16impelement itk plus modemh
itk plus mode is an additional mode to deploy itk based hostings which should be a bit more performant. The idea is that we have two apache-instances running: A) prefork based, listening on the external interface B) itk based, listening on the loopback interface A) will serve all static webpages, as well as possibly serve all static content of dynamic websites. All requests to dynamic content will be redirected to B). The idea is that A) doesn't load any modules to server dynamic content at all. B) will serve all the dynamic scripts of a vhost. This will mean that for vhosts (static ones) as well as static content (all none dynamic scripts) we can benefit from the fast prefork model, while we can use itk's security model for all the dynamic scripts. There are two new additional run_modes: - proxy-itk: this just passes all requests to apache instance B). This one is similar to plain itk based mode and should be used for vhosts that shouldn't (yet) changed to the mixed mode. - static-itk: this passes only requests to dynamic scripts to B) while all static content is served by A). Beware that the user with which A) is running should be member of the run group of B) and all static files need to readable by the group. This reduces the security model you have with plain itk, as the prefork apache user will be able to read php (config-) files of any vhost that runs in static-itk mode. If you want to keep the level of security for a certain vhost, you need to run the specific vhost in proxy-itk mode. Note 1: you cannot run vhosts in itk mode and others in proxy or static itk mode. There is a duplicate file resource definition that blocks that possibility. Note 2: This mode works currently only on CentOS based systems, as no work have been done so far to implement an init.d script that's able to run 2 apache instances.
2010-08-11introduce logmode featuremh
We are now able to select how apache should log accesses. These modes are: * default: as you would use it * semianonym: no ips are logged for CustomLog, ErrorLog still logs ips * anonym: no ips are logged for CustomLog, ErrorLog is sent to /dev/null * nologs: all logs are sent to /dev/null
2010-06-12add upload_dir to open_base_dir if there is onemh
2010-03-16typo3 partial errors in backend -> disable modsec for /typo3. Errors like ↵Andreas
You don't have permission to access /typo3/alt_doc.php
2010-02-04add rule to be ignored for wordpress, as it prevents additional uploadsmh
2010-01-30migrate missing partsmh
- migrate missing (newly introduced) vhosts - pass relevant_only stuff to subdefines
2010-01-30merged with lavamindmh
2010-01-27typoAndreas
2010-01-27silverstripe htaccess errorsAndreas
2010-01-27silverstripe .htaccessAndreas
2010-01-26module silverstripeAndreas
2010-01-04add $mod_security_relevantonly flag, enabled by default, logs only on ↵Jerome Charaoui
suspicious requests, set to 'false' to log all requests (as before)
2010-01-04source of last change (https logins)Andreas
2010-01-04gallery redirect user logins to httpsAndreas
2010-01-03we have already a default charset flag we manageAndreas
2010-01-02we have already a default charset flag we managemh
2010-01-01php settings for gallery2Andreas
2010-01-01gallery2 moduleAndreas
2009-12-26lockfile name must be specifiedAndreas
2009-12-26DAV needs a writable dir for the db (with itk, with the correct user settings)Andreas
2009-12-23introduce config::global for global configs in conf.d and config::include ↵Jerome Charaoui
for vhost snippets in include.d
2009-12-23change OS-specific vhost templates into links, add Debian (though not all ↵Jerome Charaoui
are tested on Debian)
2009-12-21missing AllowOverride lineAndreas
2009-11-21purge bin dir, only add php option if we actually added binariesmh
2009-11-21introduce php_default_charset to set charset header in phpmh
2009-11-19Merge branch 'master' of ipuppet@git.puppet.immerda.ch:module-apacheAndreas
2009-11-19allow_url_fopen for extmangerAndreas
2009-11-18introduce safe mode exec as well for the other vhost typesmh
2009-11-18renames and proc move from webhosting for php_safe_mode_exec_binsAndreas
2009-11-18add php_bin_dir for typo3Andreas
2009-11-18added a dir for binaries (php safe_mode_exec_dir)Andreas
2009-11-03add utf-8 as default charsetAndreas
2009-11-01typo3 centos template for vhostAndreas Maag
2009-08-19add spip vhost configmh
2009-08-17added a redirect vhost defineng
2009-07-25ending dash to prevent empty linemh
2009-07-25add variable to tweak php safe_modemh
2009-06-24unified mod_sec stuff, turn audit engine off as wellmh
2009-06-23added correct options for git vhost templateMarcel Haerry
2009-06-21fixing if then end blockmh
2009-06-16set mod_sec block as well for static hostingsMarcel Haerry
2009-06-13introcuded ssl_mode onlymh
2009-06-13we can now also enable the usage of pearmh
2009-06-05add passenger vhost variantSimon Josi
2009-05-26only enable smarty when told toMarcel Haerry
and include smarty then
2009-05-23allow to include smarty templates from systemmh
2009-05-23turn safe_mode off for media wikismh
according to http://www.mediawiki.org/wiki/Safe_mode it's safe to turn crappy safe_mode off. I had the problem that LocalSettings.php was thought to not exist, as in safe_mode this can happen: http://ch2.php.net/manual/en/function.file-exists.php
2009-05-23we need the safe_mode_include_dirmh
2009-05-23added mediawiki path to the openbasedirmh