From 9513cf4a201d0e7148aa5f0db490a29a02611b19 Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Wed, 23 Dec 2009 15:24:09 -0500 Subject: change OS-specific vhost templates into links, add Debian (though not all are tested on Debian) --- templates/vhosts/php_joomla/CentOS.erb | 183 +---------------------------- templates/vhosts/php_joomla/Debian.erb | 1 + templates/vhosts/php_joomla/php_joomla.erb | 182 ++++++++++++++++++++++++++++ 3 files changed, 184 insertions(+), 182 deletions(-) mode change 100644 => 120000 templates/vhosts/php_joomla/CentOS.erb create mode 120000 templates/vhosts/php_joomla/Debian.erb create mode 100644 templates/vhosts/php_joomla/php_joomla.erb (limited to 'templates/vhosts/php_joomla') diff --git a/templates/vhosts/php_joomla/CentOS.erb b/templates/vhosts/php_joomla/CentOS.erb deleted file mode 100644 index a5f0d13..0000000 --- a/templates/vhosts/php_joomla/CentOS.erb +++ /dev/null @@ -1,182 +0,0 @@ -# <%= servername %> -<%- unless ssl_mode.to_s == 'only' then -%> - - Include conf.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ - - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> - <%- if run_mode.to_s == 'itk' -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - Include conf.d/joomla.inc - - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - <%- end -%> - - /administrator/"> - RewriteEngine on - - # Rewrite URLs to https that go for the admin area - RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ - RewriteCond %{HTTPS} !=on - RewriteCond %{REQUEST_URI} (.*/administrator/.*) - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] - - - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - - SecRuleRemoveById 950013 - - - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" - - # Exceptions for Joomla Component Expose - - SecRuleRemoveById 960010 - - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - - Include conf.d/defaults.inc - Include conf.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ - - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- if run_mode.to_s == 'itk' -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> - /"> - Include conf.d/joomla.inc - - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - - SecRuleRemoveById 950013 - - - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" - - # Exceptions for Joomla Component Expose - - SecRuleRemoveById 960010 - - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php_joomla/CentOS.erb b/templates/vhosts/php_joomla/CentOS.erb new file mode 120000 index 0000000..307fc29 --- /dev/null +++ b/templates/vhosts/php_joomla/CentOS.erb @@ -0,0 +1 @@ +php_joomla.erb \ No newline at end of file diff --git a/templates/vhosts/php_joomla/Debian.erb b/templates/vhosts/php_joomla/Debian.erb new file mode 120000 index 0000000..307fc29 --- /dev/null +++ b/templates/vhosts/php_joomla/Debian.erb @@ -0,0 +1 @@ +php_joomla.erb \ No newline at end of file diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb new file mode 100644 index 0000000..a5f0d13 --- /dev/null +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -0,0 +1,182 @@ +# <%= servername %> +<%- unless ssl_mode.to_s == 'only' then -%> + + Include conf.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if run_mode.to_s == 'itk' -%> + + AssignUserId <%= run_uid+" "+run_gid %> + + <%- end -%> + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + Include conf.d/joomla.inc + + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + + <%- end -%> + + /administrator/"> + RewriteEngine on + + # Rewrite URLs to https that go for the admin area + RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ + RewriteCond %{HTTPS} !=on + RewriteCond %{REQUEST_URI} (.*/administrator/.*) + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] + + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + # Exceptions for Joomla Root Directory + + SecRuleRemoveById 950013 + + + # Exceptions for Joomla Administration Panel + SecRule REQUEST_FILENAME "/administrator/index2.php" \ + "allow,phase:1,nolog,ctl:ruleEngine=Off" + + # Exceptions for Joomla Component Expose + + SecRuleRemoveById 960010 + + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include conf.d/defaults.inc + Include conf.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if run_mode.to_s == 'itk' -%> + + AssignUserId <%= run_uid+" "+run_gid %> + + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + /"> + Include conf.d/joomla.inc + + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + # Exceptions for Joomla Root Directory + + SecRuleRemoveById 950013 + + + # Exceptions for Joomla Administration Panel + SecRule REQUEST_FILENAME "/administrator/index2.php" \ + "allow,phase:1,nolog,ctl:ruleEngine=Off" + + # Exceptions for Joomla Component Expose + + SecRuleRemoveById 960010 + + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> -- cgit v1.2.3