From 22fba9762d707383c65c822c2310b17b1eb104c2 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 12 Dec 2010 18:47:06 +0100 Subject: enable HTS everywhere --- templates/vhosts/gitweb/gitweb.erb | 2 -- templates/vhosts/passenger/passenger.erb | 3 +-- templates/vhosts/perl/perl.erb | 12 ++++------- templates/vhosts/php/php.erb | 4 ---- templates/vhosts/php_drupal/php_drupal.erb | 14 +++++-------- templates/vhosts/php_gallery2/php_gallery2.erb | 14 +++++-------- templates/vhosts/php_joomla/php_joomla.erb | 13 +++++------- templates/vhosts/php_mediawiki/php_mediawiki.erb | 7 +++---- .../vhosts/php_silverstripe/php_silverstripe.erb | 15 +++++--------- .../vhosts/php_simplemachine/php_simplemachine.erb | 14 +++++-------- templates/vhosts/php_spip/php_spip.erb | 14 +++++-------- templates/vhosts/php_typo3/php_typo3.erb | 24 +++++++++------------- templates/vhosts/php_wordpress/php_wordpress.erb | 14 +++++-------- templates/vhosts/proxy/proxy.erb | 2 -- templates/vhosts/redirect/redirect.erb | 2 -- templates/vhosts/static/static.erb | 3 +-- templates/vhosts/webdav/webdav.erb | 14 ++++++------- 17 files changed, 61 insertions(+), 110 deletions(-) (limited to 'templates/vhosts') diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index 0f72447..2c64b1c 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -116,9 +116,7 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> SetEnv GITWEB_CONFIG <%= gitweb_config %> DirectoryIndex gitweb.cgi diff --git a/templates/vhosts/passenger/passenger.erb b/templates/vhosts/passenger/passenger.erb index 33cf280..1b5d476 100644 --- a/templates/vhosts/passenger/passenger.erb +++ b/templates/vhosts/passenger/passenger.erb @@ -106,9 +106,8 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index 5153925..55e6e56 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -126,15 +126,13 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> @@ -337,15 +335,13 @@ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- unless run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index 5f05b7b..ef50008 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -140,10 +140,8 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -337,10 +335,8 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index 0fdef81..1e3e0f4 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -150,21 +150,19 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -394,15 +392,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb index 075db8c..d4f210c 100644 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ b/templates/vhosts/php_gallery2/php_gallery2.erb @@ -137,21 +137,19 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -354,15 +352,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index 1cd17ba..ebaefd8 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -154,19 +154,18 @@ <%- end -%> <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> Include include.d/joomla.inc @@ -393,15 +392,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> Include include.d/joomla.inc diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index 2c9e1bd..2a33e1f 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -122,19 +122,18 @@ <%- end -%> <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index 2973d3e..de4dd5d 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -149,23 +149,20 @@ <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -394,15 +391,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index 3b14edc..b53477e 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -123,21 +123,19 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -320,15 +318,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index 13c1199..05f8485 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -129,21 +129,19 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -332,15 +330,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index c364927..bf0bd5d 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -29,27 +29,23 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> - Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> AllowOverride <%= allow_override %> @@ -149,17 +145,19 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> + + Header add Strict-Transport-Security "max-age=15768000" + /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -373,15 +371,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index c1003fe..5ae6e24 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -125,21 +125,19 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -323,15 +321,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb index b007523..9a347ca 100644 --- a/templates/vhosts/proxy/proxy.erb +++ b/templates/vhosts/proxy/proxy.erb @@ -71,10 +71,8 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> Order deny,allow Allow from all diff --git a/templates/vhosts/redirect/redirect.erb b/templates/vhosts/redirect/redirect.erb index e1928b5..2374797 100644 --- a/templates/vhosts/redirect/redirect.erb +++ b/templates/vhosts/redirect/redirect.erb @@ -61,10 +61,8 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> Redirect permanent / https://<%= options %> diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index 7eac5a9..030d588 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -103,13 +103,12 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if options.to_s != 'absent' or htpasswd_file.to_s != 'absent' then -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index 72b3e9a..fa76b27 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -129,21 +129,19 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> DAVLockDB <%= real_dav_db_dir %>/DAVLock /"> Dav on @@ -298,11 +296,13 @@ SSLProxyEngine On ProxyPass / https://127.0.0.1/ ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> + + Header add Strict-Transport-Security "max-age=15768000" + <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On -- cgit v1.2.3