From 2fa748dcc92e34b13bd4b6f7e452ef89b29490c4 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 19:22:40 +0200 Subject: introduce a new template style, less duplicated things, more handy options --- files/include.d/silverstripe.inc | 17 ++ manifests/include/joomla.pp | 3 + manifests/include/silverstripe.pp | 3 + manifests/joomla.pp | 5 - manifests/vhost.pp | 30 +-- manifests/vhost/gitweb.pp | 3 +- manifests/vhost/modperl.pp | 7 +- manifests/vhost/passenger.pp | 3 +- manifests/vhost/php/drupal.pp | 25 +- manifests/vhost/php/gallery2.pp | 53 ++-- manifests/vhost/php/joomla.pp | 20 +- manifests/vhost/php/mediawiki.pp | 20 +- manifests/vhost/php/silverstripe.pp | 23 +- manifests/vhost/php/simplemachine.pp | 19 +- manifests/vhost/php/spip.pp | 20 +- manifests/vhost/php/standard.pp | 202 ++++++++------- manifests/vhost/php/typo3.pp | 27 +- manifests/vhost/php/webapp.pp | 18 +- manifests/vhost/php/wordpress.pp | 20 +- manifests/vhost/phpdirs.pp | 25 +- manifests/vhost/static.pp | 3 +- manifests/vhost/template.pp | 58 +---- manifests/vhost/webdav.pp | 4 +- templates/vhosts/default.erb | 19 +- templates/vhosts/itk_plus.erb | 10 + templates/vhosts/itk_plus/partial.erb | 32 +++ templates/vhosts/partials/php_settings.erb | 18 +- templates/vhosts/partials/std_override_options.erb | 4 + templates/vhosts/perl/partial.erb | 15 ++ templates/vhosts/perl/perl.erb | 208 ---------------- templates/vhosts/php/CentOS.erb | 1 - templates/vhosts/php/Debian.erb | 1 - templates/vhosts/php/partial.erb | 7 + templates/vhosts/php/php.erb | 195 --------------- templates/vhosts/php_drupal/partial.erb | 26 ++ templates/vhosts/php_drupal/php_drupal.erb | 275 --------------------- templates/vhosts/php_gallery2/CentOS.erb | 1 - templates/vhosts/php_gallery2/Debian.erb | 1 - templates/vhosts/php_gallery2/partial.erb | 16 ++ templates/vhosts/php_gallery2/php_gallery2.erb | 215 ---------------- templates/vhosts/php_joomla/CentOS.erb | 1 - templates/vhosts/php_joomla/Debian.erb | 1 - templates/vhosts/php_joomla/php_joomla.erb | 205 +-------------- templates/vhosts/php_mediawiki/CentOS.erb | 1 - templates/vhosts/php_mediawiki/Debian.erb | 1 - templates/vhosts/php_mediawiki/php_mediawiki.erb | 185 -------------- templates/vhosts/php_silverstripe/partial.erb | 16 ++ .../vhosts/php_silverstripe/php_silverstripe.erb | 268 -------------------- templates/vhosts/php_simplemachine/CentOS.erb | 1 - templates/vhosts/php_simplemachine/Debian.erb | 1 - .../vhosts/php_simplemachine/php_simplemachine.erb | 182 -------------- templates/vhosts/php_spip/CentOS.erb | 1 - templates/vhosts/php_spip/Debian.erb | 1 - templates/vhosts/php_spip/php_spip.erb | 194 --------------- templates/vhosts/php_typo3/partial.erb | 10 + templates/vhosts/php_typo3/php_typo3.erb | 209 ---------------- templates/vhosts/php_wordpress/CentOS.erb | 1 - templates/vhosts/php_wordpress/Debian.erb | 1 - templates/vhosts/php_wordpress/php_wordpress.erb | 189 -------------- templates/vhosts/static/partial.erb | 5 +- templates/vhosts/webdav/partial.erb | 21 ++ templates/vhosts/webdav/webdav.erb | 161 ------------ 62 files changed, 438 insertions(+), 2869 deletions(-) create mode 100644 files/include.d/silverstripe.inc create mode 100644 manifests/include/joomla.pp create mode 100644 manifests/include/silverstripe.pp delete mode 100644 manifests/joomla.pp create mode 100644 templates/vhosts/itk_plus.erb create mode 100644 templates/vhosts/itk_plus/partial.erb create mode 100644 templates/vhosts/partials/std_override_options.erb create mode 100644 templates/vhosts/perl/partial.erb delete mode 100644 templates/vhosts/perl/perl.erb delete mode 120000 templates/vhosts/php/CentOS.erb delete mode 120000 templates/vhosts/php/Debian.erb create mode 100644 templates/vhosts/php/partial.erb delete mode 100644 templates/vhosts/php/php.erb create mode 100644 templates/vhosts/php_drupal/partial.erb delete mode 100644 templates/vhosts/php_drupal/php_drupal.erb delete mode 120000 templates/vhosts/php_gallery2/CentOS.erb delete mode 120000 templates/vhosts/php_gallery2/Debian.erb create mode 100644 templates/vhosts/php_gallery2/partial.erb delete mode 100644 templates/vhosts/php_gallery2/php_gallery2.erb delete mode 120000 templates/vhosts/php_joomla/CentOS.erb delete mode 120000 templates/vhosts/php_joomla/Debian.erb delete mode 120000 templates/vhosts/php_mediawiki/CentOS.erb delete mode 120000 templates/vhosts/php_mediawiki/Debian.erb delete mode 100644 templates/vhosts/php_mediawiki/php_mediawiki.erb create mode 100644 templates/vhosts/php_silverstripe/partial.erb delete mode 100644 templates/vhosts/php_silverstripe/php_silverstripe.erb delete mode 120000 templates/vhosts/php_simplemachine/CentOS.erb delete mode 120000 templates/vhosts/php_simplemachine/Debian.erb delete mode 100644 templates/vhosts/php_simplemachine/php_simplemachine.erb delete mode 120000 templates/vhosts/php_spip/CentOS.erb delete mode 120000 templates/vhosts/php_spip/Debian.erb delete mode 100644 templates/vhosts/php_spip/php_spip.erb create mode 100644 templates/vhosts/php_typo3/partial.erb delete mode 100644 templates/vhosts/php_typo3/php_typo3.erb delete mode 120000 templates/vhosts/php_wordpress/CentOS.erb delete mode 120000 templates/vhosts/php_wordpress/Debian.erb delete mode 100644 templates/vhosts/php_wordpress/php_wordpress.erb create mode 100644 templates/vhosts/webdav/partial.erb delete mode 100644 templates/vhosts/webdav/webdav.erb diff --git a/files/include.d/silverstripe.inc b/files/include.d/silverstripe.inc new file mode 100644 index 0000000..40c44e4 --- /dev/null +++ b/files/include.d/silverstripe.inc @@ -0,0 +1,17 @@ +# silverstripe .htaccess + + Order deny,allow + Deny from all + #Allow from 127.0.0.1 + + + + RewriteEngine On + #RewriteBase / + + RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) + + RewriteCond %{REQUEST_URI} ^(.*)$ + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] + diff --git a/manifests/include/joomla.pp b/manifests/include/joomla.pp new file mode 100644 index 0000000..5adae30 --- /dev/null +++ b/manifests/include/joomla.pp @@ -0,0 +1,3 @@ +class apache::include::joomla { + apache::config::include{'joomla.inc': } +} diff --git a/manifests/include/silverstripe.pp b/manifests/include/silverstripe.pp new file mode 100644 index 0000000..fd2484b --- /dev/null +++ b/manifests/include/silverstripe.pp @@ -0,0 +1,3 @@ +class apache::include::silverstripe { + apache::config::include{'silverstripe.inc': } +} diff --git a/manifests/joomla.pp b/manifests/joomla.pp deleted file mode 100644 index 45d0b48..0000000 --- a/manifests/joomla.pp +++ /dev/null @@ -1,5 +0,0 @@ -# manifests/joomla.pp - -class apache::joomla { - apache::config::include{'joomla.inc': } -} diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 4ade9c8..64c20c7 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -3,12 +3,7 @@ # vhost_mode: which option is choosed to deploy the vhost # - template: generate it from a template (default) # - file: deploy a vhost file (apache::vhost::file will be called directly) -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache +# # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -39,9 +34,8 @@ define apache::vhost( $path_is_webdir = false, $logpath = 'absent', $logmode = 'default', - $template_mode = 'static', - $template_partial = 'absent', $vhost_mode = 'template', + $template_partial = 'apache/vhosts/static/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $content = 'absent', @@ -49,14 +43,8 @@ define apache::vhost( $domainalias = 'absent', $server_admin = 'absent', $allow_override = 'None', - $php_safe_mode_exec_bin_dir = 'absent', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_use_smarty = false, - $php_use_pear = false, - $php_safe_mode = true, - $php_default_charset = 'absent', $php_settings = {}, + $php_options = {}, $cgi_binpath = 'absent', $default_charset = 'absent', $do_includes = false, @@ -65,7 +53,6 @@ define apache::vhost( $run_mode = 'normal', $run_uid = 'absent', $run_gid = 'absent', - $template_mode = 'static', $ssl_mode = false, $htpasswd_file = 'absent', $htpasswd_path = 'absent', @@ -99,28 +86,21 @@ define apache::vhost( path_is_webdir => $path_is_webdir, logpath => $logpath, logmode => $logmode, - template_partial => $template_partial, domain => $domain, domainalias => $domainalias, server_admin => $server_admin, - php_safe_mode_exec_bin_dir => $php_safe_mode_exec_bin_dir, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, cgi_binpath => $cgi_binpath, allow_override => $allow_override, do_includes => $do_includes, options => $options, additional_options => $additional_options, default_charset => $default_charset, - php_use_smarty => $php_use_smarty, - php_use_pear => $php_use_pear, - php_safe_mode => $php_safe_mode, - php_default_charset => $php_default_charset, php_settings => $php_settings, + php_options => $php_options, run_mode => $run_mode, run_uid => $run_uid, run_gid => $run_gid, - template_mode => $template_mode, + template_partial => $template_partial, ssl_mode => $ssl_mode, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, diff --git a/manifests/vhost/gitweb.pp b/manifests/vhost/gitweb.pp index 3ac8243..5523af1 100644 --- a/manifests/vhost/gitweb.pp +++ b/manifests/vhost/gitweb.pp @@ -16,6 +16,7 @@ define apache::vhost::gitweb( $documentroot_group = 0, $documentroot_mode = 0640, $allow_override = 'None', + $template_partial = 'apache/vhosts/gitweb/partial.erb', $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -37,7 +38,7 @@ define apache::vhost::gitweb( default => '/var/log/apache2' }, logmode => $logmode, - template_partial => 'apache/vhosts/gitweb/partial.erb', + template_partial => $template_partial, domain => $domain, domainalias => $domainalias, server_admin => $server_admin, diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index 70a10ea..a527f4a 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -52,6 +52,7 @@ define apache::vhost::modperl( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/perl/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -83,7 +84,10 @@ define apache::vhost::modperl( } case $run_mode { - 'proxy-itk','static-itk': { include ::mod_perl::itk_plus } + 'proxy-itk','static-itk': { + $passing_extension = 'pl' + include ::mod_perl::itk_plus + } default: { include ::mod_perl } } @@ -106,6 +110,7 @@ define apache::vhost::modperl( template_mode => 'perl', logmode => $logmode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, domain => $domain, diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 5526125..2b480c5 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -39,6 +39,7 @@ define apache::vhost::passenger( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/passenger/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -106,7 +107,7 @@ define apache::vhost::passenger( ensure => $ensure, path => "${real_path}/www/public", path_is_webdir => true, - template_partial => 'apache/vhosts/passenger/partial.erb', + template_partial => $template_partial, logmode => $logmode, logpath => "${real_path}/logs", vhost_mode => $vhost_mode, diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index adf1b9e..f81bef3 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -47,10 +47,8 @@ define apache::vhost::php::drupal( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', + $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -61,6 +59,7 @@ define apache::vhost::php::drupal( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_drupal/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -90,6 +89,17 @@ define apache::vhost::php::drupal( owner => root, group => 0, mode => 0644; } } + + $std_drupal_php_settings = { + magic_quotes_gpc => 0, + register_globals => 0, + 'session.auto_start' => 0, + 'mbstring.http_input' => 'pass', + 'mbstring.http_output' => 'pass', + 'mbstring.encoding_translation' => 0, + } + + $drupal_php_settings = hash_merg($std_drupal_php_settings, $php_settings) # create vhost configuration file ::apache::vhost::php::webapp{$name: @@ -109,10 +119,8 @@ define apache::vhost::php::drupal( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, + php_settings => $drupal_php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -123,6 +131,7 @@ define apache::vhost::php::drupal( mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index 69a81e1..097e311 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -46,11 +46,8 @@ define apache::vhost::php::gallery2( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -61,6 +58,7 @@ define apache::vhost::php::gallery2( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_gallery2/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -85,11 +83,11 @@ define apache::vhost::php::gallery2( default => "${path}/g2data" } file{$gdatadir: - ensure => $ensure ? { - 'present' => directory, - default => absent - }, - owner => $documentroot_owner, group => $documentroot_group, mode => 0660; + ensure => $ensure ? { + 'present' => directory, + default => absent + }, + owner => $documentroot_owner, group => $documentroot_group, mode => 0660; } if ($upload_dir == 'present') or ($upload_dir == 'absent') { @@ -116,33 +114,30 @@ define apache::vhost::php::gallery2( ensure => directory } } + + $gallery_php_settings = { + safe_mode => 'Off', + output_buffering => 'Off', + } # php upload_tmp_dir - case $php_upload_tmp_dir { - 'absent': { - $real_php_upload_tmp_dir = "/var/www/upload_tmp_dir/$name" + case $php_settings[upload_tmp_dir] { + '',undef: { + $php_settings[upload_tmp_dir] = "/var/www/upload_tmp_dir/$name" } - default: { $real_php_upload_tmp_dir = $php_upload_tmp_dir } } # php session_save_path - case $php_session_save_path { - 'absent': { - $real_php_session_save_path = "/var/www/session.save_path/$name" + case $php_settings['session.save_path'] { + '',undef: { + $php_settings['session.save_path'] = "/var/www/session.save_path/$name" } - default: { $real_php_session_save_path = $php_session_save_path } } - - $gallery_php_settings = { - safe_mode => 'Off', - output_buffering => 'Off', - } - $open_basedir = "${documentroot}:${real_php_upload_tmp_dir}:${real_php_session_save_path}:${gdatadir}" + if $upload_dir != 'absent' { - $real_open_basedir = "${open_basedir}:${real_upload_dir}" + $gallery_php_settings[open_basedir] = "${documentroot}:${php_settings[upload_tmp_dir]}:${php_settings['session.save_path']}:${gdatadir}:${real_upload_dir}" } else { - $real_open_basedir = "${open_basedir}" + $gallery_php_settings[open_basedir] = "${documentroot}:${php_settings[upload_tmp_dir]}:${php_settings['session.save_path']}:${gdatadir}" } - $gallery_php_settings[open_basedir] = $real_open_basedir $real_php_settings = hash_merge($gallery_php_settings,$php_settings) @@ -164,11 +159,8 @@ define apache::vhost::php::gallery2( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $real_php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, php_settings => $real_php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -187,6 +179,5 @@ define apache::vhost::php::gallery2( manage_config => $manage_config, config_file => 'config.php', } - } diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index 3767c50..1cd9479 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -46,10 +40,8 @@ define apache::vhost::php::joomla( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', + $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -60,6 +52,7 @@ define apache::vhost::php::joomla( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_joomla/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -114,10 +107,8 @@ define apache::vhost::php::joomla( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, + php_settings => $php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -128,6 +119,7 @@ define apache::vhost::php::joomla( mod_security_additional_options => $real_mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/mediawiki.pp b/manifests/vhost/php/mediawiki.pp index 76faceb..58d36af 100644 --- a/manifests/vhost/php/mediawiki.pp +++ b/manifests/vhost/php/mediawiki.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -47,10 +41,8 @@ define apache::vhost::php::mediawiki( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'FileInfo Limit', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_default_charset = 'absent', - $php_safe_mode_exec_bins = 'absent', + $php_settings = {}, + $php_options = {}, $options = 'absent', $additional_options = 'absent', $default_charset = 'absent', @@ -60,6 +52,7 @@ define apache::vhost::php::mediawiki( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -74,7 +67,6 @@ define apache::vhost::php::mediawiki( logmode => $logmode, path => $path, manage_docroot => $manage_docroot, - template_mode => 'php_mediawiki', owner => $owner, group => $group, documentroot_owner => $documentroot_owner, @@ -84,9 +76,8 @@ define apache::vhost::php::mediawiki( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_default_charset => $php_default_charset, + php_settings => $php_settings, + php_options => $php_options, options => $options, additional_options => $additional_options, default_charset => $default_charset, @@ -96,6 +87,7 @@ define apache::vhost::php::mediawiki( mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/silverstripe.pp b/manifests/vhost/php/silverstripe.pp index 06ee1c4..7deaad1 100644 --- a/manifests/vhost/php/silverstripe.pp +++ b/manifests/vhost/php/silverstripe.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -46,10 +40,8 @@ define apache::vhost::php::silverstripe( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', + $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -60,6 +52,7 @@ define apache::vhost::php::silverstripe( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_silverstripe/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -68,6 +61,9 @@ define apache::vhost::php::silverstripe( $config_webwriteable = false, $manage_directories = true ){ + + include ::apache::include::silverstripe + $documentroot = $path ? { 'absent' => $operatingsystem ? { openbsd => "/var/www/htdocs/${name}/www", @@ -96,10 +92,8 @@ define apache::vhost::php::silverstripe( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, + php_settings => $php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -110,6 +104,7 @@ define apache::vhost::php::silverstripe( mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index 8632763..29755f5 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -46,10 +40,8 @@ define apache::vhost::php::simplemachine( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', + $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -60,6 +52,7 @@ define apache::vhost::php::simplemachine( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -95,9 +88,8 @@ define apache::vhost::php::simplemachine( run_gid => $run_gid, allow_override => $allow_override, php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, + php_settings => $php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -108,6 +100,7 @@ define apache::vhost::php::simplemachine( mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/spip.pp b/manifests/vhost/php/spip.pp index 4fe9f9a..0d34687 100644 --- a/manifests/vhost/php/spip.pp +++ b/manifests/vhost/php/spip.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -46,10 +40,9 @@ define apache::vhost::php::spip( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'FileInfo', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', + $php_settings = {}, + $php_options = {}, + $template_partial = 'apache/vhosts/php/partial.erb', $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -91,10 +84,8 @@ define apache::vhost::php::spip( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, + php_settings => $php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -105,6 +96,7 @@ define apache::vhost::php::spip( mod_security_additional_options=> $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index c80610b..063c8e6 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -41,8 +35,6 @@ define apache::vhost::php::standard( $manage_webdir = true, $path_is_webdir = false, $manage_docroot = true, - $template_mode = 'php', - $template_partial = 'absent', $owner = root, $group = apache, $documentroot_owner = apache, @@ -52,15 +44,8 @@ define apache::vhost::php::standard( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_use_smarty = false, - $php_use_pear = false, - $php_safe_mode = true, - $php_safe_mode_exec_bins = 'absent', - $php_safe_mode_exec_bin_dir = 'absent', - $php_default_charset = 'absent', $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -72,63 +57,18 @@ define apache::vhost::php::standard( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php/partials.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', $htpasswd_path = 'absent' ){ - ::apache::vhost::phpdirs{"${name}": - ensure => $ensure, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - } - - $real_php_safe_mode_exec_bin_dir = $php_safe_mode_exec_bin_dir ? { - 'absent' => $path ? { - 'absent' => $operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/bin", - default => "/var/www/vhosts/${name}/bin" - }, - default => "${path}/bin" - }, - default => $php_safe_mode_exec_bin_dir - } - file{$real_php_safe_mode_exec_bin_dir: - recurse => true, - force => true, - purge => true, - } - if $php_safe_mode_exec_bins != 'absent' { - File[$real_php_safe_mode_exec_bin_dir]{ - ensure => $ensure ? { - 'present' => directory, - default => absent, - }, - owner => $documentroot_owner, group => $documentroot_group, mode => 0750, - } - $php_safe_mode_exec_bins_subst = regsubst($php_safe_mode_exec_bins,"(.+)","${name}@\\1") - apache::vhost::php::safe_mode_bin{ $php_safe_mode_exec_bins_subst: - ensure => $ensure, - path => $real_php_safe_mode_exec_bin_dir - } - }else{ - File[$real_php_safe_mode_exec_bin_dir]{ - ensure => absent, - } - } - - if $php_use_smarty { - include php::extensions::smarty - } - case $run_mode { - 'proxy-itk','static-itk': { include ::php::itk_plus } + 'proxy-itk','static-itk': { + $passing_extension = 'php' + include ::php::itk_plus + } 'itk': { include ::php::itk } default: { include ::php } } @@ -148,54 +88,116 @@ define apache::vhost::php::standard( } } - # php upload_tmp_dir - case $php_upload_tmp_dir { - 'absent': { - $real_php_upload_tmp_dir = "/var/www/upload_tmp_dir/$name" - } - default: { $real_php_upload_tmp_dir = $php_upload_tmp_dir } + $real_path = $path ? { + 'absent' => $operatingsystem ? { + openbsd => "/var/www/htdocs/${name}", + default => "/var/www/vhosts/${name}" + }, + default => $path } - # php session_save_path - case $php_session_save_path { - 'absent': { - $real_php_session_save_path = "/var/www/session.save_path/$name" - } - default: { $real_php_session_save_path = $php_session_save_path } + + if $path_is_webdir { + $documentroot = $real_path + } else { + $documentroot = "${real_path}/www" } - $std_php_settings = { - engine => 'On', - upload_tmp_dir => $real_php_upload_tmp_dir, - session.save_path => $real_php_session_save_path, + $std_php_options = { + smarty => false, + pear => false, } - if $php_safe_mode_exec_bins != 'absent' { - $std_php_settings[safe_mode_exec_dir] = $real_php_safe_mode_exec_bin_dir + $real_php_options = hash_merge($std_php_options,$php_options) + + if $real_php_options[smarty] { + include php::extensions::smarty + $smarty_path = '/usr/share/php/Smarty/:' + } else { + $smarty_path = '' } - $real_php_default_charset = $php_settings[default_charset] ? { - '' => $default_charset ? { - 'On' => 'iso-8859-1', - default => $default_charset ? { - 'absent' => 'absent', - default => $default_charset + if $real_php_options[pear] { + $pear_path = '/usr/share/pear/:' + } else { + $pear_path = '' + } + + + $std_php_settings = { + engine => 'On', + upload_tmp_dir => "/var/www/upload_tmp_dir/${name}", + 'session.save_path' => "/var/www/session.save_path/${name}", + open_basedir => "${smarty_path}${pear_path}${documentroot}:/var/www/upload_tmp_dir/${name}:/var/www/session.save_path/${name}", + safe_mode => 'On', + } + + case $php_settings[safe_mode_exec_bin_dir] { + '',undef: { + $php_safe_mode_exec_bin_dir = $path ? { + 'absent' => $operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/bin", + default => "/var/www/vhosts/${name}/bin" + }, + default => "${path}/bin" } - }, - default => $php_settings[default_charset] + } + default: { $php_safe_mode_exec_bin_dir = $php_settings[safe_mode_exec_bin_dir] } + } + file{$php_safe_mode_exec_bin_dir: + recurse => true, + force => true, + purge => true, + } + if $php_options[safe_mode_exec_bins] { + $std_php_settings[safe_mode_exec_dir] = $php_safe_mode_exec_bin_dir + File[$php_safe_mode_exec_bin_dir]{ + ensure => $ensure ? { + 'present' => directory, + default => absent, + }, + owner => $documentroot_owner, group => $documentroot_group, mode => 0750, + } + $php_safe_mode_exec_bins_subst = regsubst($php_options[safe_mode_exec_bins],"(.+)","${name}@\\1") + apache::vhost::php::safe_mode_bin{ $php_safe_mode_exec_bins_subst: + ensure => $ensure, + path => $php_safe_mode_exec_bin_dir + } + }else{ + File[$php_safe_mode_exec_bin_dir]{ + ensure => absent, + } } - if $real_php_default_charset != 'absent' { - $std_php_settings[default_charset] = $real_php_default_charset + + case $php_settings[default_charset] { + '',undef: { + if $default_charset != 'absent' { + $std_php_settings[default_charset] = $default_charset ? { + 'On' => 'iso-8859-1', + default => $default_charset + } + } + } } $real_php_settings = hash_merge($std_php_settings,$php_settings) + + ::apache::vhost::phpdirs{"${name}": + ensure => $ensure, + php_upload_tmp_dir => $real_php_settings[upload_tmp_dir], + php_session_save_path => $real_php_settings['session.save_path'], + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + } # create vhost configuration file ::apache::vhost{$name: ensure => $ensure, path => $path, path_is_webdir => $path_is_webdir, - template_mode => $template_mode, - template_partial => $template_partial, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, domain => $domain, @@ -211,14 +213,8 @@ define apache::vhost::php::standard( options => $options, additional_options => $additional_options, default_charset => $default_charset, - php_safe_mode_exec_bin_dir => $real_php_safe_mode_exec_bin_dir, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_use_smarty => $php_use_smarty, - php_use_pear => $php_use_pear, - php_safe_mode => $php_safe_mode, - php_default_charset => $real_php_default_charset, php_settings => $real_php_settings, + php_options => $real_php_options, ssl_mode => $ssl_mode, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, diff --git a/manifests/vhost/php/typo3.pp b/manifests/vhost/php/typo3.pp index 9d404a4..b12b6c1 100644 --- a/manifests/vhost/php/typo3.pp +++ b/manifests/vhost/php/typo3.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -46,10 +40,8 @@ define apache::vhost::php::typo3( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', + $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -60,6 +52,7 @@ define apache::vhost::php::typo3( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_typo3/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -87,6 +80,12 @@ define apache::vhost::php::typo3( } else { $real_mod_security_additional_options = $mod_security_additional_options } + + $typo3_php_options = { + # turn allow_url_fopen on for the extension manager fetch + allow_url_fopen => 'On' + } + $real_php_settings = hash_merge($typo3_php_settings,$php_settings) # create vhost configuration file ::apache::vhost::php::webapp{$name: @@ -96,7 +95,6 @@ define apache::vhost::php::typo3( server_admin => $server_admin, logmode => $logmode, path => $path, - template_mode => 'php_typo3', owner => $owner, group => $group, documentroot_owner => $documentroot_owner, @@ -106,10 +104,8 @@ define apache::vhost::php::typo3( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, + php_settings => $real_php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -120,6 +116,7 @@ define apache::vhost::php::typo3( mod_security_additional_options => $real_mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/webapp.pp b/manifests/vhost/php/webapp.pp index b4b4195..2dc0133 100644 --- a/manifests/vhost/php/webapp.pp +++ b/manifests/vhost/php/webapp.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -49,11 +43,8 @@ define apache::vhost::php::webapp( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -64,6 +55,7 @@ define apache::vhost::php::webapp( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'absent', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -123,11 +115,8 @@ define apache::vhost::php::webapp( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, php_settings => $php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -138,6 +127,7 @@ define apache::vhost::php::webapp( mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp index b8ea359..2fcff4a 100644 --- a/manifests/vhost/php/wordpress.pp +++ b/manifests/vhost/php/wordpress.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -46,10 +40,8 @@ define apache::vhost::php::wordpress( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'FileInfo', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', + $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -60,6 +52,7 @@ define apache::vhost::php::wordpress( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -97,10 +90,8 @@ define apache::vhost::php::wordpress( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, + php_settings => $php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -111,6 +102,7 @@ define apache::vhost::php::wordpress( mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/phpdirs.pp b/manifests/vhost/phpdirs.pp index acd423a..ac68f94 100644 --- a/manifests/vhost/phpdirs.pp +++ b/manifests/vhost/phpdirs.pp @@ -1,33 +1,16 @@ define apache::vhost::phpdirs( $ensure = present, - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', + $php_upload_tmp_dir, + $php_session_save_path, $documentroot_owner = apache, $documentroot_group = 0, $documentroot_mode = 0750, $run_mode = 'normal', $run_uid = 'absent' ){ - # php upload_tmp_dir - case $php_upload_tmp_dir { - 'absent': { - include apache::defaultphpdirs - $real_php_upload_tmp_dir = "/var/www/upload_tmp_dir/$name" - } - default: { $real_php_upload_tmp_dir = $php_upload_tmp_dir } - } - # php session_save_path - case $php_session_save_path { - 'absent': { - include apache::defaultphpdirs - $real_php_session_save_path = "/var/www/session.save_path/$name" - } - default: { $real_php_session_save_path = $php_session_save_path } - } - case $ensure { absent: { - file{[$real_php_upload_tmp_dir, $real_php_session_save_path ]: + file{[$php_upload_tmp_dir, $php_session_save_path ]: ensure => absent, purge => true, force => true, @@ -35,7 +18,7 @@ define apache::vhost::phpdirs( } } default: { - file{[$real_php_upload_tmp_dir, $real_php_session_save_path ]: + file{[$php_upload_tmp_dir, $php_session_save_path ]: ensure => directory, owner => $run_mode ? { 'itk' => $run_uid, diff --git a/manifests/vhost/static.pp b/manifests/vhost/static.pp index cd5ac77..f1dbcc2 100644 --- a/manifests/vhost/static.pp +++ b/manifests/vhost/static.pp @@ -32,6 +32,7 @@ define apache::vhost::static( $ssl_mode = false, $run_mode = 'normal', $vhost_mode = 'template', + $template_partial = 'apache/vhosts/static/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -57,7 +58,7 @@ define apache::vhost::static( ::apache::vhost{$name: ensure => $ensure, path => $path, - template_partial => 'apache/vhosts/static/partial.erb', + template_partial => $template_partial, vhost_mode => $vhost_mode, vhost_source => $vhost_source, vhost_destination => $vhost_destination, diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index ce74bfd..21fdb65 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -1,8 +1,6 @@ -# template_mode: -# - php: for a default php application -# - static: for a static application (default) -# - perl: for a mod_perl application -# - php_joomla: for a joomla application +# template_partial: +# which template should be used to generate the type specific part +# of the vhost entry. # # domainalias: # - absent: no domainalias is set (*default*) @@ -15,12 +13,6 @@ # - force: enable ssl and redirect non-ssl to ssl # - only: enable ssl only # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -58,25 +50,18 @@ define apache::vhost::template( $domainalias = 'absent', $server_admin = 'absent', $allow_override = 'None', - $php_safe_mode_exec_bin_dir = 'absent', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', $dav_db_dir = 'absent', $cgi_binpath = 'absent', $do_includes = false, $options = 'absent', $additional_options = 'absent', $default_charset = 'absent', - $php_use_smarty = false, - $php_use_pear = false, - $php_safe_mode = true, - $php_default_charset = 'absent', + $php_options = {}, $php_settings = {}, $run_mode = 'normal', $run_uid = 'absent', $run_gid = 'absent', - $template_mode = 'static', - $template_partial = 'absent', + $template_partial = 'apache/vhosts/static/partial.erb', $ssl_mode = false, $mod_security = true, $mod_security_relevantonly = true, @@ -121,8 +106,8 @@ define apache::vhost::template( $real_htpasswd_path = $htpasswd_path } case $run_mode { - 'proxy-itk': { $logfileprefix = 'proxy' } - 'static-itk': { $logfileprefix = 'static' } + 'proxy-itk': { $logfileprefix = 'proxy' } + 'static-itk': { $logfileprefix = 'static' } } case $run_mode { 'itk','proxy-itk','static-itk': { @@ -135,28 +120,6 @@ define apache::vhost::template( } } - # set default dirs for templates - # php php_safe_mode_exec_bin directory - case $php_safe_mode_exec_bin_dir { - 'absent': { - $real_php_safe_mode_exec_bin_dir = "/var/www/vhosts/$name/bin" - } - default: { $real_php_safe_mode_exec_bin_dir = $php_safe_mode_exec_bin_dir } - } - # php upload_tmp_dir - case $php_upload_tmp_dir { - 'absent': { - $real_php_upload_tmp_dir = "/var/www/upload_tmp_dir/$name" - } - default: { $real_php_upload_tmp_dir = $php_upload_tmp_dir } - } - # php session_save_path - case $php_session_save_path { - 'absent': { - $real_php_session_save_path = "/var/www/session.save_path/$name" - } - default: { $real_php_session_save_path = $php_session_save_path } - } # dav db dir case $dav_db_dir { 'absent': { @@ -178,9 +141,10 @@ define apache::vhost::template( } if $ensure != 'absent' { Apache::Vhost::File[$name]{ - content => $template_partial ? { - 'absent' => template("apache/vhosts/$template_mode/$operatingsystem.erb"), - default => template("apache/vhosts/default.erb"), + content => $run_mode ? { + 'proxy-itk' => template("apache/vhosts/itk_plus.erb"), + 'static-itk' => template("apache/vhosts/itk_plus.erb"), + default => template("apache/vhosts/default.erb"), } } } diff --git a/manifests/vhost/webdav.pp b/manifests/vhost/webdav.pp index 94b177c..e175324 100644 --- a/manifests/vhost/webdav.pp +++ b/manifests/vhost/webdav.pp @@ -28,12 +28,12 @@ define apache::vhost::webdav( $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', - $logmode = 'default', $path = 'absent', $owner = root, $group = apache, $manage_webdir = true, $path_is_webdir = false, + $logmode = 'default', $logpath = 'absent', $documentroot_owner = apache, $documentroot_group = 0, @@ -96,7 +96,7 @@ define apache::vhost::webdav( path_is_webdir => $path_is_webdir, logpath => $logpath, logmode => $logmode, - template_mode => 'webdav', + template_partial => 'apache/vhosts/webdav/partial.erb', vhost_mode => $vhost_mode, vhost_source => $vhost_source, vhost_destination => $vhost_destination, diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 4acb6b4..5ab1d26 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -1,8 +1,7 @@ <% vhost_parts = case ssl_mode when 'only' then [:ssl] - when false then [:normal] - when 'false' then [:normal] + when false,'false' then [:normal] else [:normal,:ssl] end vhost_parts.each do |vhost_part| @@ -15,6 +14,12 @@ vhost_parts.each do |vhost_part| <%= scope.function_template('apache/vhosts/partials/logs.erb') %> + <% if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + + AssignUserId <%= run_uid+" "+run_gid %> + + + <% end -%> <% if ssl_mode == 'force' && vhost_part == :normal -%> RewriteEngine On RewriteCond %{HTTPS} !=on @@ -22,11 +27,11 @@ vhost_parts.each do |vhost_part| <% else -%> <%= scope.function_template(template_partial) %> <% end -%> - +<%- unless template_partial == 'apache/vhosts/itk_plus/partial.erb' -%> <%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> +<% end -%> +<% unless additional_options.to_s == 'absent' -%> <%= additional_options %> - <%- end -%> - <% end -%> + +<% end -%> \ No newline at end of file diff --git a/templates/vhosts/itk_plus.erb b/templates/vhosts/itk_plus.erb new file mode 100644 index 0000000..2890ecf --- /dev/null +++ b/templates/vhosts/itk_plus.erb @@ -0,0 +1,10 @@ + +<%= scope.function_template('apache/vhost/default.erb') %> + + +<% + scope.unsetvar('template_partial') + scope.setvar('template_partial','apache/vhosts/itk_plus/partial.erb') +-%> +<%= scope.function_template('apache/vhost/default.erb') %> + \ No newline at end of file diff --git a/templates/vhosts/itk_plus/partial.erb b/templates/vhosts/itk_plus/partial.erb new file mode 100644 index 0000000..e37e418 --- /dev/null +++ b/templates/vhosts/itk_plus/partial.erb @@ -0,0 +1,32 @@ + + ProxyPreserveHost On + ProxyRequests off +<% if vhost_part == :ssl -%> + SSLProxyEngine On + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.<%= passing_extension %>/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ +<% else -%> + <% if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.<%= passing_extension %>/?.*)$ http://127.0.0.1/$1 + <% else -%> + ProxyPass / http://127.0.0.1/ + <% end -%> + ProxyPassReverse / http://127.0.0.1/ +<% end %> + + <% if run_mode.to_s == 'static-itk' && (ssl_mode.to_s != 'force' || vhost_part == :ssl) -%> + /"> + AllowOverride <%= allow_override %> + <% if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <% unless options.to_s == 'absent' then -%><%= options %><% end -%><% if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<% end -%> + + <% end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + + <% end -%> + + diff --git a/templates/vhosts/partials/php_settings.erb b/templates/vhosts/partials/php_settings.erb index be4662a..8d4fec4 100644 --- a/templates/vhosts/partials/php_settings.erb +++ b/templates/vhosts/partials/php_settings.erb @@ -1,7 +1,17 @@ -<% php_settings.each do |key,value| -%> -<% if ['on','off' ].include?(value.downcase) -%> - php_admin_flag <%= key %> <%= value %> +<% php_settings.each do |key,value| + dvalue = value.to_s.downcase + munged_value = if dvalue == 'true' + 'on' + elsif dvalue == 'false' + 'off' + elsif ['on','off'].include?(dvalue) + dvalue + else + value + end + if ['on','off' ].include?(munged_value) -%> + php_admin_flag <%= key %> <%= munged_value %> <% else -%> - php_admin_value <%= key %> <%= value %> + php_admin_value <%= key %> <%= munged_value %> <% end -%> <% end -%> \ No newline at end of file diff --git a/templates/vhosts/partials/std_override_options.erb b/templates/vhosts/partials/std_override_options.erb new file mode 100644 index 0000000..d43b042 --- /dev/null +++ b/templates/vhosts/partials/std_override_options.erb @@ -0,0 +1,4 @@ + AllowOverride <%= allow_override %> + <% if options.to_s != 'absent' || do_includes.to_s == 'true' -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><% end -%><% if do_includes.to_s == 'true' && !options.include?('+Includes') -%> +Includes<% end -%> + <% end -%> \ No newline at end of file diff --git a/templates/vhosts/perl/partial.erb b/templates/vhosts/perl/partial.erb new file mode 100644 index 0000000..f75bf3f --- /dev/null +++ b/templates/vhosts/perl/partial.erb @@ -0,0 +1,15 @@ + /"> +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> + +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + + + <% unless htpasswd_file.to_s == 'absent' -%> + /"> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + + <% end -%> + ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ \ No newline at end of file diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb deleted file mode 100644 index e66981a..0000000 --- a/templates/vhosts/perl/perl.erb +++ /dev/null @@ -1,208 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - - <%- unless htpasswd_file.to_s == 'absent' then -%> - /"> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - - <%- end -%> - ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - - ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ - <%- unless htpasswd_file.to_s == 'absent' then -%> - /"> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.pl - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.pl/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - - <%- unless htpasswd_file.to_s == 'absent' then -%> - /"> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - - <%- end -%> - ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.pl - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.pl/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- unless run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - - <%- if htpasswd_file.to_s == 'absent' then -%> - /"> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - - <%- end -%> - ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php/CentOS.erb b/templates/vhosts/php/CentOS.erb deleted file mode 120000 index ef6a366..0000000 --- a/templates/vhosts/php/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php.erb \ No newline at end of file diff --git a/templates/vhosts/php/Debian.erb b/templates/vhosts/php/Debian.erb deleted file mode 120000 index ef6a366..0000000 --- a/templates/vhosts/php/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php.erb \ No newline at end of file diff --git a/templates/vhosts/php/partial.erb b/templates/vhosts/php/partial.erb new file mode 100644 index 0000000..dae201a --- /dev/null +++ b/templates/vhosts/php/partial.erb @@ -0,0 +1,7 @@ + /"> +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> + +<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> + +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + \ No newline at end of file diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb deleted file mode 100644 index b722b1e..0000000 --- a/templates/vhosts/php/php.erb +++ /dev/null @@ -1,195 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- if php_safe_mode.to_s == 'false' -%> - php_admin_flag safe_mode Off - <%- end -%> - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%- if php_use_smarty.to_s == 'true' -%>/usr/share/php/Smarty/:<%- end -%><%- if php_use_pear.to_s == 'true' -%>/usr/share/pear/:<%- end -%><%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- if php_safe_mode.to_s == 'false' -%> - php_admin_flag safe_mode Off - <%- end -%> - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%- if php_use_smarty.to_s == 'true' -%>/usr/share/php/Smarty/:<%- end -%><%- if php_use_pear.to_s == 'true' -%>/usr/share/pear/:<%- end -%><%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> - diff --git a/templates/vhosts/php_drupal/partial.erb b/templates/vhosts/php_drupal/partial.erb new file mode 100644 index 0000000..07e0d94 --- /dev/null +++ b/templates/vhosts/php_drupal/partial.erb @@ -0,0 +1,26 @@ + /"> +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> + + +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + +<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> + + # Protect files and directories from prying eyes. + + Order allow,deny + + + # Customized error messages. + ErrorDocument 404 /index.php + + RewriteEngine on + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] + + /files/"> + SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 + Options None + Options +FollowSymLinks + diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb deleted file mode 100644 index 0e6faae..0000000 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ /dev/null @@ -1,275 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - php_value magic_quotes_gpc 0 - php_value register_globals 0 - php_value session.auto_start 0 - php_value mbstring.http_input pass - php_value mbstring.http_output pass - php_value mbstring.encoding_translation 0 - - # Protect files and directories from prying eyes. - - Order allow,deny - - - # Customized error messages. - ErrorDocument 404 /index.php - - RewriteEngine on - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] - - /files/"> - SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 - Options None - Options +FollowSymLinks - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - php_value magic_quotes_gpc 0 - php_value register_globals 0 - php_value session.auto_start 0 - php_value mbstring.http_input pass - php_value mbstring.http_output pass - php_value mbstring.encoding_translation 0 - - # Protect files and directories from prying eyes. - - Order allow,deny - - - # Customized error messages. - ErrorDocument 404 /index.php - - RewriteEngine on - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] - - /files/"> - SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 - Options None - Options +FollowSymLinks - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - # Protect files and directories from prying eyes. - - Order allow,deny - - - # Customized error messages. - ErrorDocument 404 /index.php - - RewriteEngine on - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] - - /files/"> - SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 - Options None - Options +FollowSymLinks - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - # Protect files and directories from prying eyes. - - Order allow,deny - - - # Customized error messages. - ErrorDocument 404 /index.php - - RewriteEngine on - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] - - /files/"> - SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 - Options None - Options +FollowSymLinks - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php_gallery2/CentOS.erb b/templates/vhosts/php_gallery2/CentOS.erb deleted file mode 120000 index 33f1633..0000000 --- a/templates/vhosts/php_gallery2/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_gallery2.erb \ No newline at end of file diff --git a/templates/vhosts/php_gallery2/Debian.erb b/templates/vhosts/php_gallery2/Debian.erb deleted file mode 120000 index 33f1633..0000000 --- a/templates/vhosts/php_gallery2/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_gallery2.erb \ No newline at end of file diff --git a/templates/vhosts/php_gallery2/partial.erb b/templates/vhosts/php_gallery2/partial.erb new file mode 100644 index 0000000..05cc9f4 --- /dev/null +++ b/templates/vhosts/php_gallery2/partial.erb @@ -0,0 +1,16 @@ + /"> +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> + +<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> + +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + +<% if vhost_part != :ssl -%> + # Always rewrite login's + # Source: http://gallery.menalto.com/node/30558 + RewriteEngine On + RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] + RewriteCond %{QUERY_STRING} subView=core\.UserLogin + RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] +<% end -%> + \ No newline at end of file diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb deleted file mode 100644 index b0a6591..0000000 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ /dev/null @@ -1,215 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> -<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> - # Always rewrite login's - # Source: http://gallery.menalto.com/node/30558 - RewriteEngine On - RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] - RewriteCond %{QUERY_STRING} subView=core\.UserLogin - RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] - # https -> see below - # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS): - # $gallery->setConfig('baseUri', ''); - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - php_admin_flag safe_mode Off - php_admin_value output_buffering Off - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %><%= ":#{real_upload_dir.to_s}" if upload_dir.to_s != 'absent' %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - # turn allow_url_fopen on for the extension manager fetch - php_admin_value allow_url_fopen On - - # Always rewrite login's (see above) - RewriteEngine On - RewriteCond %{HTTP_COOKIE} ="" - RewriteCond %{REQUEST_METHOD} =GET - RewriteCond %{QUERY_STRING} !subView=core\.UserLogin - RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - # Always rewrite login's - # Source: http://gallery.menalto.com/node/30558 - RewriteEngine On - RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] - RewriteCond %{QUERY_STRING} subView=core\.UserLogin - RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] - # https -> see below - # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS): - # $gallery->setConfig('baseUri', ''); - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - # Always rewrite login's (see above) - RewriteEngine On - RewriteCond %{HTTP_COOKIE} ="" - RewriteCond %{REQUEST_METHOD} =GET - RewriteCond %{QUERY_STRING} !subView=core\.UserLogin - RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php_joomla/CentOS.erb b/templates/vhosts/php_joomla/CentOS.erb deleted file mode 120000 index 307fc29..0000000 --- a/templates/vhosts/php_joomla/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_joomla.erb \ No newline at end of file diff --git a/templates/vhosts/php_joomla/Debian.erb b/templates/vhosts/php_joomla/Debian.erb deleted file mode 120000 index 307fc29..0000000 --- a/templates/vhosts/php_joomla/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_joomla.erb \ No newline at end of file diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index a0e013d..fa095ff 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -1,157 +1,13 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - Include include.d/joomla.inc - - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - <%- end -%> - - /administrator/"> - RewriteEngine on - - # Rewrite URLs to https that go for the admin area - RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ - RewriteCond %{HTTPS} !=on - RewriteCond %{REQUEST_URI} (.*/administrator/.*) - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - /"> - Include include.d/joomla.inc +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> +<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> - <%- end -%> <%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> Include include.d/joomla.inc - - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + /administrator/"> RewriteEngine on @@ -160,57 +16,4 @@ RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} (.*/administrator/.*) RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - Include include.d/joomla.inc - - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> + \ No newline at end of file diff --git a/templates/vhosts/php_mediawiki/CentOS.erb b/templates/vhosts/php_mediawiki/CentOS.erb deleted file mode 120000 index 8080262..0000000 --- a/templates/vhosts/php_mediawiki/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_mediawiki.erb \ No newline at end of file diff --git a/templates/vhosts/php_mediawiki/Debian.erb b/templates/vhosts/php_mediawiki/Debian.erb deleted file mode 120000 index 8080262..0000000 --- a/templates/vhosts/php_mediawiki/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_mediawiki.erb \ No newline at end of file diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb deleted file mode 100644 index 12830b5..0000000 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ /dev/null @@ -1,185 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%><%- unless options.to_s.include?('+FollowSymLinks') -%> +FollowSymLinks<% end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - php_admin_value safe_mode off - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir /var/www/mediawiki/:<%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - php_admin_value safe_mode off - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir /var/www/mediawiki/:<%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%><%- unless options.to_s.include?('+FollowSymLinks') -%> +FollowSymLinks<% end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php_silverstripe/partial.erb b/templates/vhosts/php_silverstripe/partial.erb new file mode 100644 index 0000000..a398829 --- /dev/null +++ b/templates/vhosts/php_silverstripe/partial.erb @@ -0,0 +1,16 @@ +<% if vhost_part != :ssl && ![false,'false'].include?(ssl_mode) -%> + # silverstripe + RedirectMatch /admin(.*) https://<%= servername %>/admin$1 + RedirectMatch /Security(.*) https://<%= servername %>/Security$1 + +<% end -%> + /"> + +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> + +<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> + +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + + Include include.d/silverstripe.inc + \ No newline at end of file diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb deleted file mode 100644 index e72c603..0000000 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ /dev/null @@ -1,268 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - # silverstripe - RedirectMatch /admin(.*) https://<%= servername %>/admin$1 - RedirectMatch /Security(.*) https://<%= servername %>/Security$1 - - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - # silverstripe .htaccess - - Order deny,allow - Deny from all - #Allow from 127.0.0.1 - - - - RewriteEngine On - #RewriteBase / - - RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) - - RewriteCond %{REQUEST_URI} ^(.*)$ - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] - - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - # turn allow_url_fopen on for the extension manager fetch - php_admin_value allow_url_fopen On - - # silverstripe .htaccess - - Order deny,allow - Deny from all - #Allow from 127.0.0.1 - - - RewriteEngine On - #RewriteBase / - - RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) - - RewriteCond %{REQUEST_URI} ^(.*)$ - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] - - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - # silverstripe - RedirectMatch /admin(.*) https://<%= servername %>/admin$1 - RedirectMatch /Security(.*) https://<%= servername %>/Security$1 - - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - # silverstripe .htaccess - - Order deny,allow - Deny from all - #Allow from 127.0.0.1 - - - - RewriteEngine On - #RewriteBase / - - RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) - - RewriteCond %{REQUEST_URI} ^(.*)$ - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] - - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - # silverstripe .htaccess - - Order deny,allow - Deny from all - #Allow from 127.0.0.1 - - - RewriteEngine On - #RewriteBase / - - RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) - - RewriteCond %{REQUEST_URI} ^(.*)$ - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] - - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> - diff --git a/templates/vhosts/php_simplemachine/CentOS.erb b/templates/vhosts/php_simplemachine/CentOS.erb deleted file mode 120000 index de3c614..0000000 --- a/templates/vhosts/php_simplemachine/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_simplemachine.erb \ No newline at end of file diff --git a/templates/vhosts/php_simplemachine/Debian.erb b/templates/vhosts/php_simplemachine/Debian.erb deleted file mode 120000 index de3c614..0000000 --- a/templates/vhosts/php_simplemachine/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_simplemachine.erb \ No newline at end of file diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb deleted file mode 100644 index 5316267..0000000 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ /dev/null @@ -1,182 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php_spip/CentOS.erb b/templates/vhosts/php_spip/CentOS.erb deleted file mode 120000 index 1ca4aec..0000000 --- a/templates/vhosts/php_spip/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_spip.erb \ No newline at end of file diff --git a/templates/vhosts/php_spip/Debian.erb b/templates/vhosts/php_spip/Debian.erb deleted file mode 120000 index 1ca4aec..0000000 --- a/templates/vhosts/php_spip/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_spip.erb \ No newline at end of file diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb deleted file mode 100644 index 9f93c18..0000000 --- a/templates/vhosts/php_spip/php_spip.erb +++ /dev/null @@ -1,194 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- if php_safe_mode.to_s == 'false' -%> - php_admin_flag safe_mode Off - <%- end -%> - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%- if php_use_smarty.to_s == 'true' -%>/usr/share/php/Smarty/:<%- end -%><%- if php_use_pear.to_s == 'true' -%>/usr/share/pear/:<%- end -%><%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- if php_safe_mode.to_s == 'false' -%> - php_admin_flag safe_mode Off - <%- end -%> - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%- if php_use_smarty.to_s == 'true' -%>/usr/share/php/Smarty/:<%- end -%><%- if php_use_pear.to_s == 'true' -%>/usr/share/pear/:<%- end -%><%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php_typo3/partial.erb b/templates/vhosts/php_typo3/partial.erb new file mode 100644 index 0000000..776fff2 --- /dev/null +++ b/templates/vhosts/php_typo3/partial.erb @@ -0,0 +1,10 @@ +<%= scope.function_template('apache/vhosts/php/partial.erb') %> + /typo3/"> + RewriteEngine on + + # Rewrite URLs to https that go for the admin area + RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ + RewriteCond %{HTTPS} !=on + RewriteCond %{REQUEST_URI} (.*/typo3/.*) + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] + \ No newline at end of file diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb deleted file mode 100644 index b1a632f..0000000 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ /dev/null @@ -1,209 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if ssl_mode.to_s == 'force' then -%> - - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - /typo3/"> - RewriteEngine on - - # Rewrite URLs to https that go for the admin area - RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ - RewriteCond %{HTTPS} !=on - RewriteCond %{REQUEST_URI} (.*/typo3/.*) - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] - - <%- end -%> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - # turn allow_url_fopen on for the extension manager fetch - php_admin_value allow_url_fopen On - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - /typo3/"> - RewriteEngine on - - # Rewrite URLs to https that go for the admin area - RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ - RewriteCond %{HTTPS} !=on - RewriteCond %{REQUEST_URI} (.*/typo3/.*) - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php_wordpress/CentOS.erb b/templates/vhosts/php_wordpress/CentOS.erb deleted file mode 120000 index 36dc938..0000000 --- a/templates/vhosts/php_wordpress/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_wordpress.erb \ No newline at end of file diff --git a/templates/vhosts/php_wordpress/Debian.erb b/templates/vhosts/php_wordpress/Debian.erb deleted file mode 120000 index 36dc938..0000000 --- a/templates/vhosts/php_wordpress/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_wordpress.erb \ No newline at end of file diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb deleted file mode 100644 index 2811749..0000000 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ /dev/null @@ -1,189 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> - diff --git a/templates/vhosts/static/partial.erb b/templates/vhosts/static/partial.erb index 03bd2f8..78dc925 100644 --- a/templates/vhosts/static/partial.erb +++ b/templates/vhosts/static/partial.erb @@ -1,8 +1,5 @@ /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> - <%- end -%> <%= scope.function_template('apache/vhosts/partials/authentication.erb') %> \ No newline at end of file diff --git a/templates/vhosts/webdav/partial.erb b/templates/vhosts/webdav/partial.erb new file mode 100644 index 0000000..2f78d7b --- /dev/null +++ b/templates/vhosts/webdav/partial.erb @@ -0,0 +1,21 @@ + DAVLockDB <%= real_dav_db_dir %>/DAVLock + /"> + Dav on + AllowOverride None + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- unless options.include?('Indexes') then -%> Indexes<%- end -%> + + <%- else -%> + Options Indexes + + <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + <%- if ldap_auth.to_s == 'true' then -%> + Include include.d/ldap_auth.inc + <%- unless ldap_user.to_s == 'any' -%> + Require ldap-user <%= ldap_user.to_s %> + <%- else -%> + Require valid-user + <%- end -%> + <%- end -%> + diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb deleted file mode 100644 index ad5f5e4..0000000 --- a/templates/vhosts/webdav/webdav.erb +++ /dev/null @@ -1,161 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - DAVLockDB <%= real_dav_db_dir %>/DAVLock - /"> - Dav on - AllowOverride None - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- unless options.include?('Indexes') then -%> Indexes<%- end -%> - - <%- else -%> - Options Indexes - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - <%- if ldap_auth.to_s == 'true' then -%> - Include include.d/ldap_auth.inc - <%- unless ldap_user.to_s == 'any' -%> - Require ldap-user <%= ldap_user.to_s %> - <%- else -%> - Require valid-user - <%- end -%> - <%- end -%> - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - DAVLockDB <%= real_dav_db_dir %>/DAVLock - /"> - Dav on - AllowOverride None - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- unless options.include?('Indexes') then -%> Indexes<%- end -%> - - <%- else -%> - Options Indexes - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - <%- if ldap_auth.to_s == 'true' then -%> - Include include.d/ldap_auth.inc - <%- unless ldap_user.to_s == 'any' -%> - Require ldap-user <%= ldap_user.to_s %> - <%- else -%> - Require valid-user - <%- end -%> - <%- end -%> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - ProxyPass / http://127.0.0.1/ - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - ProxyPass / https://127.0.0.1/ - ProxyPassReverse / https://127.0.0.1/ - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> -- cgit v1.2.3