From e132dc759f455c8e8fb390e12961761d8e0a0429 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 12 Jun 2010 10:10:08 +0200 Subject: add upload_dir to open_base_dir if there is one --- templates/vhosts/php_gallery2/php_gallery.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/php_gallery2/php_gallery.erb b/templates/vhosts/php_gallery2/php_gallery.erb index 522b53c..644c72a 100644 --- a/templates/vhosts/php_gallery2/php_gallery.erb +++ b/templates/vhosts/php_gallery2/php_gallery.erb @@ -44,7 +44,7 @@ <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %><%= ":#{real_upload_dir.to_s}" if upload_dir.to_s != 'absent' %> php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> php_admin_value session.save_path <%= real_php_session_save_path %> <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> @@ -128,7 +128,7 @@ <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %><%= ":#{real_upload_dir.to_s}" if upload_dir.to_s != 'absent' %> php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> php_admin_value session.save_path <%= real_php_session_save_path %> <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> -- cgit v1.2.3 From 7bbb0feacac0565457f5f56f65468429803454fb Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 11 Aug 2010 14:06:53 +0200 Subject: introduce logmode feature We are now able to select how apache should log accesses. These modes are: * default: as you would use it * semianonym: no ips are logged for CustomLog, ErrorLog still logs ips * anonym: no ips are logged for CustomLog, ErrorLog is sent to /dev/null * nologs: all logs are sent to /dev/null --- templates/vhosts/gitweb/gitweb.erb | 24 ++++++++++++++++ templates/vhosts/passenger/passenger.erb | 24 ++++++++++++++++ templates/vhosts/perl/perl.erb | 24 ++++++++++++++++ templates/vhosts/php/php.erb | 24 ++++++++++++++++ templates/vhosts/php_drupal/php_drupal.erb | 24 ++++++++++++++++ templates/vhosts/php_gallery2/php_gallery.erb | 24 ++++++++++++++++ templates/vhosts/php_joomla/php_joomla.erb | 24 ++++++++++++++++ templates/vhosts/php_mediawiki/php_mediawiki.erb | 24 ++++++++++++++++ .../vhosts/php_silverstripe/php_silverstripe.erb | 24 ++++++++++++++++ .../vhosts/php_simplemachine/php_simplemachine.erb | 24 ++++++++++++++++ templates/vhosts/php_spip/php_spip.erb | 24 ++++++++++++++++ templates/vhosts/php_typo3/php_typo3.erb | 24 ++++++++++++++++ templates/vhosts/php_wordpress/php_wordpress.erb | 24 ++++++++++++++++ templates/vhosts/redirect/redirect.erb | 32 +++++++++++++++++++--- templates/vhosts/static/static.erb | 24 ++++++++++++++++ templates/vhosts/webdav/webdav.erb | 25 +++++++++++++++-- 16 files changed, 387 insertions(+), 6 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index 23b723f..908177b 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -11,8 +11,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> @@ -83,8 +95,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> diff --git a/templates/vhosts/passenger/passenger.erb b/templates/vhosts/passenger/passenger.erb index 2c23dce..c2198c3 100644 --- a/templates/vhosts/passenger/passenger.erb +++ b/templates/vhosts/passenger/passenger.erb @@ -12,8 +12,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/public + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <%- end -%> @@ -74,8 +86,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/public + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index 0582e73..5be25fa 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -12,8 +12,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <%- end -%> @@ -89,8 +101,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index 4a6c829..99c94e2 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -12,8 +12,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <%- end -%> @@ -92,8 +104,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if run_mode.to_s == 'itk' -%> AssignUserId <%= run_uid+" "+run_gid %> diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index 0367a53..9b6c3ef 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -12,8 +12,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <%- end -%> @@ -114,8 +126,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if run_mode.to_s == 'itk' -%> AssignUserId <%= run_uid+" "+run_gid %> diff --git a/templates/vhosts/php_gallery2/php_gallery.erb b/templates/vhosts/php_gallery2/php_gallery.erb index 644c72a..8d10d02 100644 --- a/templates/vhosts/php_gallery2/php_gallery.erb +++ b/templates/vhosts/php_gallery2/php_gallery.erb @@ -12,8 +12,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <%- end -%> @@ -100,8 +112,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if run_mode.to_s == 'itk' -%> AssignUserId <%= run_uid+" "+run_gid %> diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index 18caff8..8803765 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -12,8 +12,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <%- end -%> @@ -115,8 +127,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if run_mode.to_s == 'itk' -%> AssignUserId <%= run_uid+" "+run_gid %> diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index cabe0c5..45a19c8 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -12,8 +12,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <%- end -%> @@ -83,8 +95,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index 671fc5c..8b739b7 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -12,8 +12,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <%- end -%> @@ -111,8 +123,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if run_mode.to_s == 'itk' -%> AssignUserId <%= run_uid+" "+run_gid %> diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index ddb59ed..b2b0419 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -12,8 +12,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <%- end -%> @@ -86,8 +98,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if run_mode.to_s == 'itk' -%> AssignUserId <%= run_uid+" "+run_gid %> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index 4a6c829..99c94e2 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -12,8 +12,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <%- end -%> @@ -92,8 +104,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if run_mode.to_s == 'itk' -%> AssignUserId <%= run_uid+" "+run_gid %> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index fbdde07..c3bb0d4 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -12,8 +12,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <%- end -%> @@ -102,8 +114,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if run_mode.to_s == 'itk' -%> AssignUserId <%= run_uid+" "+run_gid %> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index 72f4907..5dbf9dc 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -12,8 +12,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <%- end -%> @@ -88,8 +100,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if run_mode.to_s == 'itk' -%> AssignUserId <%= run_uid+" "+run_gid %> diff --git a/templates/vhosts/redirect/redirect.erb b/templates/vhosts/redirect/redirect.erb index 4fdd8c2..0af8bcb 100644 --- a/templates/vhosts/redirect/redirect.erb +++ b/templates/vhosts/redirect/redirect.erb @@ -10,8 +10,20 @@ ServerAdmin <%= server_admin %> <%- end -%> - ErrorLog logs/redirect_<%= servername %>_error.log - CustomLog logs/redirect_<%= servername %>_access.log combined + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <% else -%> @@ -32,8 +44,20 @@ ServerAdmin <%= server_admin %> <%- end -%> - ErrorLog logs/redirect_<%= servername %>_error.log - CustomLog logs/redirect_<%= servername %>_access.log combined + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- end -%> Redirect permanent / https://<%= options %> diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index 05354d6..3d3e4ed 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -11,8 +11,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> @@ -73,8 +85,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index e24cb31..6e66f30 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -12,8 +12,20 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ <%- end -%> @@ -92,10 +104,19 @@ <%- end -%> DocumentRoot <%= documentroot %>/ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s == 'itk' -%> -- cgit v1.2.3 From 1bdb39c6dd8ccaf76d8a4aa2e9486069afd2d476 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 19:01:24 +0200 Subject: impelement itk plus mode itk plus mode is an additional mode to deploy itk based hostings which should be a bit more performant. The idea is that we have two apache-instances running: A) prefork based, listening on the external interface B) itk based, listening on the loopback interface A) will serve all static webpages, as well as possibly serve all static content of dynamic websites. All requests to dynamic content will be redirected to B). The idea is that A) doesn't load any modules to server dynamic content at all. B) will serve all the dynamic scripts of a vhost. This will mean that for vhosts (static ones) as well as static content (all none dynamic scripts) we can benefit from the fast prefork model, while we can use itk's security model for all the dynamic scripts. There are two new additional run_modes: - proxy-itk: this just passes all requests to apache instance B). This one is similar to plain itk based mode and should be used for vhosts that shouldn't (yet) changed to the mixed mode. - static-itk: this passes only requests to dynamic scripts to B) while all static content is served by A). Beware that the user with which A) is running should be member of the run group of B) and all static files need to readable by the group. This reduces the security model you have with plain itk, as the prefork apache user will be able to read php (config-) files of any vhost that runs in static-itk mode. If you want to keep the level of security for a certain vhost, you need to run the specific vhost in proxy-itk mode. Note 1: you cannot run vhosts in itk mode and others in proxy or static itk mode. There is a duplicate file resource definition that blocks that possibility. Note 2: This mode works currently only on CentOS based systems, as no work have been done so far to implement an init.d script that's able to run 2 apache instances. --- templates/itk_plus/CentOS/00-listen.conf.erb | 8 + templates/vhosts/perl/perl.erb | 218 +++++++++++++++++- templates/vhosts/php/php.erb | 204 ++++++++++++++++- templates/vhosts/php_drupal/php_drupal.erb | 238 +++++++++++++++++++- templates/vhosts/php_gallery2/php_gallery.erb | 215 +++++++++++++++++- templates/vhosts/php_joomla/php_joomla.erb | 244 +++++++++++++++++++- templates/vhosts/php_mediawiki/php_mediawiki.erb | 189 +++++++++++++++- .../vhosts/php_silverstripe/php_silverstripe.erb | 248 ++++++++++++++++++++- .../vhosts/php_simplemachine/php_simplemachine.erb | 203 ++++++++++++++++- templates/vhosts/php_spip/php_spip.erb | 203 ++++++++++++++++- templates/vhosts/php_typo3/php_typo3.erb | 239 +++++++++++++++++++- templates/vhosts/php_wordpress/php_wordpress.erb | 202 ++++++++++++++++- templates/vhosts/webdav/webdav.erb | 153 ++++++++++++- 13 files changed, 2508 insertions(+), 56 deletions(-) create mode 100644 templates/itk_plus/CentOS/00-listen.conf.erb (limited to 'templates') diff --git a/templates/itk_plus/CentOS/00-listen.conf.erb b/templates/itk_plus/CentOS/00-listen.conf.erb new file mode 100644 index 0000000..9f2c626 --- /dev/null +++ b/templates/itk_plus/CentOS/00-listen.conf.erb @@ -0,0 +1,8 @@ + +Listen 127.0.0.1:80 +PidFile run/httpdlocal.pid + + +Listen <%= ipaddress %>:80 +PidFile run/httpd.pid + diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index 5be25fa..5cb30bc 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -1,4 +1,7 @@ # <%= servername %> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + +<%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> Include include.d/defaults.inc @@ -26,16 +29,20 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -63,6 +70,7 @@ ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -80,6 +88,7 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -115,13 +124,16 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -147,6 +159,7 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -164,9 +177,210 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> <%- end -%> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + +<%- unless ssl_mode.to_s == 'only' then -%> + + + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.pl + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.pl/?.*)$ http://127.0.0.1/$1 + <%- else -%> + ProxyPass / http://127.0.0.1/ + <%- end -%> + ProxyPassReverse / http://127.0.0.1/ + + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' then -%> + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + + <%- unless htpasswd_file.to_s == 'absent' then -%> + /"> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + + <%- end -%> + ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ + <%- end -%> + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.pl + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.pl/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- unless run_mode.to_s == 'static-itk' -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + + <%- if htpasswd_file.to_s == 'absent' then -%> + /"> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + + <%- end -%> + ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- end -%> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index 99c94e2..4d5d984 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -1,4 +1,7 @@ # <%= servername %> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + +<%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> Include include.d/defaults.inc @@ -26,16 +29,20 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ + <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -66,6 +73,7 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -83,6 +91,7 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -117,14 +126,17 @@ <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -153,6 +165,185 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + <%- end -%> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + +<%- unless ssl_mode.to_s == 'only' then -%> + + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 + <%- else -%> + ProxyPass / http://127.0.0.1/ + <%- end -%> + ProxyPassReverse / http://127.0.0.1/ + + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' then -%> + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + <%- end -%> + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + <%- end -%> + <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -176,3 +367,6 @@ <%- end -%> <%- end -%> + +<%- end -%> + diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index 9b6c3ef..db01248 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -1,4 +1,7 @@ # <%= servername %> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + +<%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> Include include.d/defaults.inc @@ -31,11 +34,13 @@ <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -88,6 +93,7 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -105,6 +111,7 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -140,13 +147,16 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -197,6 +207,119 @@ Options +FollowSymLinks + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + <%- end -%> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + +<%- unless ssl_mode.to_s == 'only' then -%> + + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 + <%- else -%> + ProxyPass / http://127.0.0.1/ + <%- end -%> + ProxyPassReverse / http://127.0.0.1/ + + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + + <%- end -%> + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' then -%> + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + # Protect files and directories from prying eyes. + + Order allow,deny + + + # Customized error messages. + ErrorDocument 404 /index.php + + RewriteEngine on + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] + + /files/"> + SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 + Options None + Options +FollowSymLinks + + <%- end -%> + <%- end -%> + <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -220,3 +343,108 @@ <%- end -%> <%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + # Protect files and directories from prying eyes. + + Order allow,deny + + + # Customized error messages. + ErrorDocument 404 /index.php + + RewriteEngine on + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] + + /files/"> + SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 + Options None + Options +FollowSymLinks + + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- end -%> diff --git a/templates/vhosts/php_gallery2/php_gallery.erb b/templates/vhosts/php_gallery2/php_gallery.erb index 8d10d02..fdcc89b 100644 --- a/templates/vhosts/php_gallery2/php_gallery.erb +++ b/templates/vhosts/php_gallery2/php_gallery.erb @@ -1,4 +1,7 @@ # <%= servername %> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + +<%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> Include include.d/defaults.inc @@ -26,16 +29,20 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -74,6 +81,7 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -91,6 +99,7 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -126,13 +135,16 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -169,6 +181,7 @@ RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -182,9 +195,201 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> <%- end -%> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + +<%- unless ssl_mode.to_s == 'only' then -%> + + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 + <%- else -%> + ProxyPass / http://127.0.0.1/ + <%- end -%> + ProxyPassReverse / http://127.0.0.1/ + + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' then -%> + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + # Always rewrite login's + # Source: http://gallery.menalto.com/node/30558 + RewriteEngine On + RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] + RewriteCond %{QUERY_STRING} subView=core\.UserLogin + RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] + # https -> see below + # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS): + # $gallery->setConfig('baseUri', ''); + + <%- end -%> + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + # Always rewrite login's (see above) + RewriteEngine On + RewriteCond %{HTTP_COOKIE} ="" + RewriteCond %{REQUEST_METHOD} =GET + RewriteCond %{QUERY_STRING} !subView=core\.UserLogin + RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] + + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- end -%> diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index 8803765..9911a15 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -1,4 +1,7 @@ # <%= servername %> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + +<%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> Include include.d/defaults.inc @@ -26,16 +29,20 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -75,6 +82,7 @@ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -106,6 +114,7 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -141,13 +150,16 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + <%- end -%> /"> Include include.d/joomla.inc @@ -175,6 +187,226 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + # Exceptions for Joomla Root Directory + + SecRuleRemoveById 950013 + + + # Exceptions for Joomla Administration Panel + SecRule REQUEST_FILENAME "/administrator/index2.php" \ + "allow,phase:1,nolog,ctl:ruleEngine=Off" + + # Exceptions for Joomla Component Expose + + SecRuleRemoveById 960010 + + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + <%- end -%> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + +<%- unless ssl_mode.to_s == 'only' then -%> + + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 + <%- else -%> + ProxyPass / http://127.0.0.1/ + <%- end -%> + ProxyPassReverse / http://127.0.0.1/ + + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' then -%> + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + Include include.d/joomla.inc + + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + /administrator/"> + RewriteEngine on + + # Rewrite URLs to https that go for the admin area + RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ + RewriteCond %{HTTPS} !=on + RewriteCond %{REQUEST_URI} (.*/administrator/.*) + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] + + <%- end -%> + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + # Exceptions for Joomla Root Directory + + SecRuleRemoveById 950013 + + + # Exceptions for Joomla Administration Panel + SecRule REQUEST_FILENAME "/administrator/index2.php" \ + "allow,phase:1,nolog,ctl:ruleEngine=Off" + + # Exceptions for Joomla Component Expose + + SecRuleRemoveById 960010 + + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + /"> + Include include.d/joomla.inc + + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + <%- end -%> + <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -212,3 +444,5 @@ <%- end -%> <%- end -%> + +<%- end -%> diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index 45a19c8..ac51dcc 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -1,4 +1,7 @@ # <%= servername %> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + +<%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> Include include.d/defaults.inc @@ -26,16 +29,20 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -61,6 +68,7 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -74,6 +82,7 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -109,13 +118,16 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -139,6 +151,7 @@ php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -152,9 +165,181 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> <%- end -%> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + +<%- unless ssl_mode.to_s == 'only' then -%> + + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 + <%- else -%> + ProxyPass / http://127.0.0.1/ + <%- end -%> + ProxyPassReverse / http://127.0.0.1/ + + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' then -%> + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%><%- unless options.to_s.include?('+FollowSymLinks') -%> +FollowSymLinks<% end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + <%- end -%> + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- end -%> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index 8b739b7..888c066 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -1,4 +1,7 @@ # <%= servername %> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + +<%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> Include include.d/defaults.inc @@ -26,19 +29,24 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ + <%- end -%> # silverstripe RedirectMatch /admin(.*) https://<%= servername %>/admin$1 RedirectMatch /Security(.*) https://<%= servername %>/Security$1 + <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -70,6 +78,7 @@ Deny from all #Allow from 127.0.0.1 + RewriteEngine On #RewriteBase / @@ -83,6 +92,7 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -102,6 +112,7 @@ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html SecRuleRemoveById "960010" + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -136,14 +147,18 @@ <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined + + <%- end -%> + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -188,6 +203,7 @@ + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -207,9 +223,231 @@ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html SecRuleRemoveById "960010" + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> <%- end -%> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + +<%- unless ssl_mode.to_s == 'only' then -%> + + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 + <%- else -%> + ProxyPass / http://127.0.0.1/ + <%- end -%> + ProxyPassReverse / http://127.0.0.1/ + + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + + <%- end -%> + # silverstripe + RedirectMatch /admin(.*) https://<%= servername %>/admin$1 + RedirectMatch /Security(.*) https://<%= servername %>/Security$1 + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' then -%> + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + # silverstripe .htaccess + + Order deny,allow + Deny from all + #Allow from 127.0.0.1 + + + + RewriteEngine On + #RewriteBase / + + RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) + + RewriteCond %{REQUEST_URI} ^(.*)$ + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] + + + <%- end -%> + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + SecRuleRemoveById "960010" + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + # silverstripe .htaccess + + Order deny,allow + Deny from all + #Allow from 127.0.0.1 + + + RewriteEngine On + #RewriteBase / + + RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) + + RewriteCond %{REQUEST_URI} ^(.*)$ + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] + + + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + SecRuleRemoveById "960010" + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- end -%> + diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index b2b0419..7042647 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -1,4 +1,7 @@ # <%= servername %> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + +<%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> Include include.d/defaults.inc @@ -26,16 +29,20 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -60,6 +67,7 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -77,6 +85,7 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -112,13 +121,16 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -141,6 +153,7 @@ php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -158,9 +171,189 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> <%- end -%> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + +<%- unless ssl_mode.to_s == 'only' then -%> + + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 + <%- else -%> + ProxyPass / http://127.0.0.1/ + <%- end -%> + ProxyPassReverse / http://127.0.0.1/ + + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' then -%> + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + <%- end -%> + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- end -%> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index 99c94e2..c63cf77 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -1,4 +1,7 @@ # <%= servername %> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + +<%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> Include include.d/defaults.inc @@ -26,16 +29,20 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -66,6 +73,7 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -83,6 +91,7 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -118,13 +127,16 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -153,6 +165,7 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -170,9 +183,189 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> <%- end -%> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + +<%- unless ssl_mode.to_s == 'only' then -%> + + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 + <%- else -%> + ProxyPass / http://127.0.0.1/ + <%- end -%> + ProxyPassReverse / http://127.0.0.1/ + + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' then -%> + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + <%- end -%> + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- end -%> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index c3bb0d4..6272576 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -1,4 +1,7 @@ # <%= servername %> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + +<%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> Include include.d/defaults.inc @@ -26,16 +29,20 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -61,8 +68,6 @@ php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> <%- end -%> - <%- end -%> - /typo3/"> RewriteEngine on @@ -72,8 +77,17 @@ RewriteCond %{REQUEST_URI} (.*/typo3/.*) RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] + <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + + SecRuleEngine Off + SecAuditEngine Off + + + <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -93,6 +107,7 @@ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html SecRuleRemoveById "960010" + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -128,13 +143,16 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -162,9 +180,11 @@ php_admin_value allow_url_fopen On + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> SecRuleEngine Off + SecAuditEngine Off @@ -187,9 +207,214 @@ # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html SecRuleRemoveById "960010" + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> <%- end -%> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + +<%- unless ssl_mode.to_s == 'only' then -%> + + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 + <%- else -%> + ProxyPass / http://127.0.0.1/ + <%- end -%> + ProxyPassReverse / http://127.0.0.1/ + + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' then -%> + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + /typo3/"> + RewriteEngine on + + # Rewrite URLs to https that go for the admin area + RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ + RewriteCond %{HTTPS} !=on + RewriteCond %{REQUEST_URI} (.*/typo3/.*) + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] + + <%- end -%> + <%- end -%> + + + + SecRuleEngine Off + + + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + SecRuleRemoveById "960010" + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + <%- end -%> + + + + SecRuleEngine Off + + + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + SecRuleRemoveById "960010" + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- end -%> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index 5dbf9dc..2a90c69 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -1,4 +1,7 @@ # <%= servername %> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + +<%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> Include include.d/defaults.inc @@ -26,16 +29,20 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -63,6 +70,7 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -79,6 +87,7 @@ SecRuleRemoveById "960010" SecRuleRemoveById "950018" + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -114,13 +123,16 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -146,6 +158,99 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + SecRuleRemoveById "960010" + SecRuleRemoveById "950018" + + <%- end -%> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + +<%- unless ssl_mode.to_s == 'only' then -%> + + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 + <%- else -%> + ProxyPass / http://127.0.0.1/ + <%- end -%> + ProxyPassReverse / http://127.0.0.1/ + + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' then -%> + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + <%- end -%> + <%- end -%> + <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -168,3 +273,90 @@ <%- end -%> <%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + SecRuleRemoveById "960010" + SecRuleRemoveById "950018" + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- end -%> + diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index 6e66f30..a7dfa37 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -1,4 +1,7 @@ # <%= servername %> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + +<%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> Include include.d/defaults.inc @@ -26,16 +29,20 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> DAVLockDB <%= real_dav_db_dir %>/DAVLock @@ -66,6 +73,7 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -83,6 +91,7 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -118,13 +127,16 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if run_mode.to_s == 'itk' -%> + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + <%- end -%> DAVLockDB <%= real_dav_db_dir %>/DAVLock /"> @@ -153,6 +165,7 @@ <%- end -%> + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On @@ -170,9 +183,139 @@ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> <%- end -%> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + +<%- unless ssl_mode.to_s == 'only' then -%> + + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + ProxyPass / https://127.0.0.1/ + ProxyPassReverse / https://127.0.0.1/ + + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + ProxyPass / http://127.0.0.1/ + ProxyPassReverse / http://127.0.0.1/ + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- end -%> -- cgit v1.2.3 From b3a17cff5315fbbda901a6f1d406c3500cf65a3a Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 21:51:22 +0200 Subject: fix various missing things for itk_plus mode --- templates/itk_plus/CentOS/00-listen-ssl.conf.erb | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 templates/itk_plus/CentOS/00-listen-ssl.conf.erb (limited to 'templates') diff --git a/templates/itk_plus/CentOS/00-listen-ssl.conf.erb b/templates/itk_plus/CentOS/00-listen-ssl.conf.erb new file mode 100644 index 0000000..1c06433 --- /dev/null +++ b/templates/itk_plus/CentOS/00-listen-ssl.conf.erb @@ -0,0 +1,6 @@ + +Listen 127.0.0.1:443 + + +Listen <%= ipaddress %>:443 + -- cgit v1.2.3 From ab7b8230d40c31cf995e51c4b43ded2c524122e0 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 18 Aug 2010 00:09:32 +0200 Subject: add missing directive for ssl proxy vhosts --- templates/vhosts/perl/perl.erb | 1 + templates/vhosts/php/php.erb | 1 + templates/vhosts/php_drupal/php_drupal.erb | 1 + templates/vhosts/php_gallery2/php_gallery.erb | 1 + templates/vhosts/php_joomla/php_joomla.erb | 1 + templates/vhosts/php_mediawiki/php_mediawiki.erb | 1 + templates/vhosts/php_silverstripe/php_silverstripe.erb | 1 + templates/vhosts/php_simplemachine/php_simplemachine.erb | 1 + templates/vhosts/php_spip/php_spip.erb | 1 + templates/vhosts/php_typo3/php_typo3.erb | 1 + templates/vhosts/php_wordpress/php_wordpress.erb | 1 + templates/vhosts/webdav/webdav.erb | 9 +++++---- 12 files changed, 16 insertions(+), 4 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index 5cb30bc..056730a 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -307,6 +307,7 @@ ProxyPreserveHost On ProxyRequests off + SSLProxyEngine On <%- if run_mode.to_s == 'static-itk' -%> ProxyPassMatch ^/(.*\.pl/?.*)$ https://127.0.0.1/$1 <%- else -%> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index 4d5d984..c19b174 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -317,6 +317,7 @@ ProxyPreserveHost On ProxyRequests off + SSLProxyEngine On <%- if run_mode.to_s == 'static-itk' -%> ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 <%- else -%> diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index db01248..56e09ec 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -378,6 +378,7 @@ ProxyPreserveHost On ProxyRequests off + SSLProxyEngine On <%- if run_mode.to_s == 'static-itk' -%> ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 <%- else -%> diff --git a/templates/vhosts/php_gallery2/php_gallery.erb b/templates/vhosts/php_gallery2/php_gallery.erb index fdcc89b..2abe1b3 100644 --- a/templates/vhosts/php_gallery2/php_gallery.erb +++ b/templates/vhosts/php_gallery2/php_gallery.erb @@ -339,6 +339,7 @@ ProxyPreserveHost On ProxyRequests off + SSLProxyEngine On <%- if run_mode.to_s == 'static-itk' -%> ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 <%- else -%> diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index 9911a15..73029ad 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -378,6 +378,7 @@ ProxyPreserveHost On ProxyRequests off + SSLProxyEngine On <%- if run_mode.to_s == 'static-itk' -%> ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 <%- else -%> diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index ac51dcc..447b34e 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -295,6 +295,7 @@ ProxyPreserveHost On ProxyRequests off + SSLProxyEngine On <%- if run_mode.to_s == 'static-itk' -%> ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 <%- else -%> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index 888c066..8f83c71 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -379,6 +379,7 @@ ProxyPreserveHost On ProxyRequests off + SSLProxyEngine On <%- if run_mode.to_s == 'static-itk' -%> ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 <%- else -%> diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index 7042647..d9d1f25 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -305,6 +305,7 @@ ProxyPreserveHost On ProxyRequests off + SSLProxyEngine On <%- if run_mode.to_s == 'static-itk' -%> ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 <%- else -%> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index c63cf77..6a26c4c 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -317,6 +317,7 @@ ProxyPreserveHost On ProxyRequests off + SSLProxyEngine On <%- if run_mode.to_s == 'static-itk' -%> ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 <%- else -%> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index 6272576..e80aede 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -358,6 +358,7 @@ ProxyPreserveHost On ProxyRequests off + SSLProxyEngine On <%- if run_mode.to_s == 'static-itk' -%> ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 <%- else -%> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index 2a90c69..241465f 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -308,6 +308,7 @@ ProxyPreserveHost On ProxyRequests off + SSLProxyEngine On <%- if run_mode.to_s == 'static-itk' -%> ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 <%- else -%> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index a7dfa37..ad0aba1 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -222,8 +222,8 @@ ProxyPreserveHost On ProxyRequests off - ProxyPass / https://127.0.0.1/ - ProxyPassReverse / https://127.0.0.1/ + ProxyPass / http://127.0.0.1/ + ProxyPassReverse / http://127.0.0.1/ <%- if ssl_mode.to_s == 'force' then -%> Redirect permanent / https://<%= servername %>/ @@ -287,8 +287,9 @@ ProxyPreserveHost On ProxyRequests off - ProxyPass / http://127.0.0.1/ - ProxyPassReverse / http://127.0.0.1/ + SSLProxyEngine On + ProxyPass / https://127.0.0.1/ + ProxyPassReverse / https://127.0.0.1/ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> -- cgit v1.2.3 From a4358a825de159a145b877c7b7d7c795c72cb3b4 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 25 Oct 2010 22:58:24 +0200 Subject: improve redirect, so we don't stick on the servername --- templates/vhosts/gitweb/gitweb.erb | 5 ++++- templates/vhosts/passenger/passenger.erb | 5 ++++- templates/vhosts/perl/perl.erb | 8 ++++++-- templates/vhosts/php/php.erb | 8 ++++++-- templates/vhosts/php_drupal/php_drupal.erb | 9 +++++++-- templates/vhosts/php_gallery2/php_gallery.erb | 8 ++++++-- templates/vhosts/php_joomla/php_joomla.erb | 8 ++++++-- templates/vhosts/php_mediawiki/php_mediawiki.erb | 8 ++++++-- templates/vhosts/php_silverstripe/php_silverstripe.erb | 8 ++++++-- templates/vhosts/php_simplemachine/php_simplemachine.erb | 8 ++++++-- templates/vhosts/php_spip/php_spip.erb | 8 ++++++-- templates/vhosts/php_typo3/php_typo3.erb | 8 ++++++-- templates/vhosts/php_wordpress/php_wordpress.erb | 8 ++++++-- templates/vhosts/redirect/redirect.erb | 4 +++- templates/vhosts/static/static.erb | 5 ++++- templates/vhosts/webdav/webdav.erb | 8 ++++++-- 16 files changed, 88 insertions(+), 28 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index 908177b..4beda07 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -29,7 +29,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] + <%- end -%> SetEnv GITWEB_CONFIG <%= gitweb_config %> diff --git a/templates/vhosts/passenger/passenger.erb b/templates/vhosts/passenger/passenger.erb index c2198c3..fd9f555 100644 --- a/templates/vhosts/passenger/passenger.erb +++ b/templates/vhosts/passenger/passenger.erb @@ -27,7 +27,10 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index 056730a..b922637 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -31,7 +31,9 @@ <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> @@ -229,7 +231,9 @@ ProxyPassReverse / http://127.0.0.1/ <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index c19b174..97e9b10 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -31,7 +31,9 @@ <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -234,7 +236,9 @@ ProxyPassReverse / http://127.0.0.1/ <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index 56e09ec..dc40e8a 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -30,7 +30,10 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] + <%- end -%> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> @@ -276,7 +279,9 @@ ProxyPassReverse / http://127.0.0.1/ <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> diff --git a/templates/vhosts/php_gallery2/php_gallery.erb b/templates/vhosts/php_gallery2/php_gallery.erb index 2abe1b3..ee2275a 100644 --- a/templates/vhosts/php_gallery2/php_gallery.erb +++ b/templates/vhosts/php_gallery2/php_gallery.erb @@ -31,7 +31,9 @@ <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> @@ -246,7 +248,9 @@ ProxyPassReverse / http://127.0.0.1/ <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index 73029ad..47da796 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -31,7 +31,9 @@ <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> @@ -270,7 +272,9 @@ ProxyPassReverse / http://127.0.0.1/ <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index 447b34e..170623f 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -31,7 +31,9 @@ <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> @@ -216,7 +218,9 @@ ProxyPassReverse / http://127.0.0.1/ <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index 8f83c71..580af05 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -31,7 +31,9 @@ <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> # silverstripe @@ -274,7 +276,9 @@ ProxyPassReverse / http://127.0.0.1/ <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> # silverstripe diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index d9d1f25..37ac794 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -31,7 +31,9 @@ <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> @@ -222,7 +224,9 @@ ProxyPassReverse / http://127.0.0.1/ <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index 6a26c4c..da42d40 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -31,7 +31,9 @@ <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> @@ -234,7 +236,9 @@ ProxyPassReverse / http://127.0.0.1/ <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index e80aede..8195e41 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -31,7 +31,9 @@ <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> @@ -258,7 +260,9 @@ ProxyPassReverse / http://127.0.0.1/ <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index 241465f..f30ad91 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -31,7 +31,9 @@ <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> @@ -226,7 +228,9 @@ ProxyPassReverse / http://127.0.0.1/ <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> diff --git a/templates/vhosts/redirect/redirect.erb b/templates/vhosts/redirect/redirect.erb index 0af8bcb..ba93c46 100644 --- a/templates/vhosts/redirect/redirect.erb +++ b/templates/vhosts/redirect/redirect.erb @@ -25,7 +25,9 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <% else -%> Redirect permanent / http://<%= options %> <%- end -%> diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index 3d3e4ed..18168c1 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -29,7 +29,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index ad0aba1..a4508b3 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -31,7 +31,9 @@ <%- end -%> <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> @@ -226,7 +228,9 @@ ProxyPassReverse / http://127.0.0.1/ <%- if ssl_mode.to_s == 'force' then -%> - Redirect permanent / https://<%= servername %>/ + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> <%- if default_charset.to_s != 'absent' then -%> -- cgit v1.2.3 From 6a9fd8470b18c8b9b16f7b517004a09cbf9c9247 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 25 Oct 2010 23:02:09 +0200 Subject: unify naming --- templates/vhosts/php_gallery2/CentOS.erb | 2 +- templates/vhosts/php_gallery2/Debian.erb | 2 +- templates/vhosts/php_gallery2/php_gallery.erb | 400 ------------------------- templates/vhosts/php_gallery2/php_gallery2.erb | 400 +++++++++++++++++++++++++ 4 files changed, 402 insertions(+), 402 deletions(-) delete mode 100644 templates/vhosts/php_gallery2/php_gallery.erb create mode 100644 templates/vhosts/php_gallery2/php_gallery2.erb (limited to 'templates') diff --git a/templates/vhosts/php_gallery2/CentOS.erb b/templates/vhosts/php_gallery2/CentOS.erb index 99be70b..33f1633 120000 --- a/templates/vhosts/php_gallery2/CentOS.erb +++ b/templates/vhosts/php_gallery2/CentOS.erb @@ -1 +1 @@ -php_gallery.erb \ No newline at end of file +php_gallery2.erb \ No newline at end of file diff --git a/templates/vhosts/php_gallery2/Debian.erb b/templates/vhosts/php_gallery2/Debian.erb index 99be70b..33f1633 120000 --- a/templates/vhosts/php_gallery2/Debian.erb +++ b/templates/vhosts/php_gallery2/Debian.erb @@ -1 +1 @@ -php_gallery.erb \ No newline at end of file +php_gallery2.erb \ No newline at end of file diff --git a/templates/vhosts/php_gallery2/php_gallery.erb b/templates/vhosts/php_gallery2/php_gallery.erb deleted file mode 100644 index ee2275a..0000000 --- a/templates/vhosts/php_gallery2/php_gallery.erb +++ /dev/null @@ -1,400 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ - - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> - php_admin_flag engine on - php_admin_flag safe_mode Off - php_admin_value output_buffering Off - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %><%= ":#{real_upload_dir.to_s}" if upload_dir.to_s != 'absent' %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - # Always rewrite login's - # Source: http://gallery.menalto.com/node/30558 - RewriteEngine On - RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] - RewriteCond %{QUERY_STRING} subView=core\.UserLogin - RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] - # https -> see below - # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS): - # $gallery->setConfig('baseUri', ''); - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ - - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> - - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> - php_admin_flag engine on - php_admin_flag safe_mode Off - php_admin_value output_buffering Off - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %><%= ":#{real_upload_dir.to_s}" if upload_dir.to_s != 'absent' %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - # turn allow_url_fopen on for the extension manager fetch - php_admin_value allow_url_fopen On - - # Always rewrite login's (see above) - RewriteEngine On - RewriteCond %{HTTP_COOKIE} ="" - RewriteCond %{REQUEST_METHOD} =GET - RewriteCond %{QUERY_STRING} !subView=core\.UserLogin - RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ - DirectoryIndex index.htm index.html index.php - <%- end -%> - - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> - - # Always rewrite login's - # Source: http://gallery.menalto.com/node/30558 - RewriteEngine On - RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] - RewriteCond %{QUERY_STRING} subView=core\.UserLogin - RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] - # https -> see below - # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS): - # $gallery->setConfig('baseUri', ''); - - <%- end -%> - <%- end -%> - - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ - DirectoryIndex index.htm index.html index.php - <%- end -%> - - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> - # Always rewrite login's (see above) - RewriteEngine On - RewriteCond %{HTTP_COOKIE} ="" - RewriteCond %{REQUEST_METHOD} =GET - RewriteCond %{QUERY_STRING} !subView=core\.UserLogin - RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] - - <%- end -%> - - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb new file mode 100644 index 0000000..ee2275a --- /dev/null +++ b/templates/vhosts/php_gallery2/php_gallery2.erb @@ -0,0 +1,400 @@ +# <%= servername %> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + +<%- end -%> +<%- unless ssl_mode.to_s == 'only' then -%> + + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- end -%> + + <%- if ssl_mode.to_s == 'force' then -%> + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] + + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + + AssignUserId <%= run_uid+" "+run_gid %> + + + <%- end -%> + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + php_admin_flag safe_mode Off + php_admin_value output_buffering Off + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %><%= ":#{real_upload_dir.to_s}" if upload_dir.to_s != 'absent' %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + # Always rewrite login's + # Source: http://gallery.menalto.com/node/30558 + RewriteEngine On + RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] + RewriteCond %{QUERY_STRING} subView=core\.UserLogin + RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] + # https -> see below + # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS): + # $gallery->setConfig('baseUri', ''); + + <%- end -%> + + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + <%- end -%> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- end -%> + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + + AssignUserId <%= run_uid+" "+run_gid %> + + + <%- end -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + php_admin_flag safe_mode Off + php_admin_value output_buffering Off + <%- unless php_default_charset.to_s == 'absent' then -%> + php_admin_value default_charset <%= php_default_charset %> + <%- end -%> + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %><%= ":#{real_upload_dir.to_s}" if upload_dir.to_s != 'absent' %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> + php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> + <%- end -%> + # turn allow_url_fopen on for the extension manager fetch + php_admin_value allow_url_fopen On + + # Always rewrite login's (see above) + RewriteEngine On + RewriteCond %{HTTP_COOKIE} ="" + RewriteCond %{REQUEST_METHOD} =GET + RewriteCond %{QUERY_STRING} !subView=core\.UserLogin + RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] + + + <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + <%- end -%> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> +<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> + + +<%- unless ssl_mode.to_s == 'only' then -%> + + Include include.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 + <%- else -%> + ProxyPass / http://127.0.0.1/ + <%- end -%> + ProxyPassReverse / http://127.0.0.1/ + + <%- if ssl_mode.to_s == 'force' then -%> + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] + + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' then -%> + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + + # Always rewrite login's + # Source: http://gallery.menalto.com/node/30558 + RewriteEngine On + RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] + RewriteCond %{QUERY_STRING} subView=core\.UserLogin + RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] + # https -> see below + # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS): + # $gallery->setConfig('baseUri', ''); + + <%- end -%> + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + DocumentRoot <%= documentroot %>/ + DirectoryIndex index.htm index.html index.php + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip + <%- else -%> + ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log + CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined + <%- end -%> + + ProxyPreserveHost On + ProxyRequests off + SSLProxyEngine On + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ + + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + + <%- end -%> + <%- if run_mode.to_s == 'static-itk' -%> + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + # Always rewrite login's (see above) + RewriteEngine On + RewriteCond %{HTTP_COOKIE} ="" + RewriteCond %{REQUEST_METHOD} =GET + RewriteCond %{QUERY_STRING} !subView=core\.UserLogin + RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] + + <%- end -%> + + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditEngine On + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> + +<%- end -%> + +<%- end -%> -- cgit v1.2.3 From 4b3a940b7396fcc7f0412eecf524c96580fa953b Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 1 Nov 2010 19:07:39 +0100 Subject: add possibility to proxy vhosts --- templates/vhosts/proxy/CentOS.erb | 1 + templates/vhosts/proxy/Debian.erb | 1 + templates/vhosts/proxy/OpenBSD.erb | 1 + templates/vhosts/proxy/proxy.erb | 78 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 81 insertions(+) create mode 120000 templates/vhosts/proxy/CentOS.erb create mode 120000 templates/vhosts/proxy/Debian.erb create mode 120000 templates/vhosts/proxy/OpenBSD.erb create mode 100644 templates/vhosts/proxy/proxy.erb (limited to 'templates') diff --git a/templates/vhosts/proxy/CentOS.erb b/templates/vhosts/proxy/CentOS.erb new file mode 120000 index 0000000..15a1b7c --- /dev/null +++ b/templates/vhosts/proxy/CentOS.erb @@ -0,0 +1 @@ +proxy.erb \ No newline at end of file diff --git a/templates/vhosts/proxy/Debian.erb b/templates/vhosts/proxy/Debian.erb new file mode 120000 index 0000000..15a1b7c --- /dev/null +++ b/templates/vhosts/proxy/Debian.erb @@ -0,0 +1 @@ +proxy.erb \ No newline at end of file diff --git a/templates/vhosts/proxy/OpenBSD.erb b/templates/vhosts/proxy/OpenBSD.erb new file mode 120000 index 0000000..15a1b7c --- /dev/null +++ b/templates/vhosts/proxy/OpenBSD.erb @@ -0,0 +1 @@ +proxy.erb \ No newline at end of file diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb new file mode 100644 index 0000000..5d94e69 --- /dev/null +++ b/templates/vhosts/proxy/proxy.erb @@ -0,0 +1,78 @@ +# <%= servername %> +<%- unless ssl_mode.to_s == 'only' then -%> + + Include include.d/defaults.inc + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] + <% else -%> + + Order deny,allow + Allow from all + + ProxyRequests Off + ProxyPass / <%= options %>/ + ProxyPassReverse / <%= options %>/ + <%- end -%> + +<%- end -%> + +<%- unless ssl_mode.to_s == 'false' then -%> + + Include include.d/defaults.inc + Include include.d/ssl_defaults.inc + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- end -%> + + + Order deny,allow + Allow from all + + ProxyRequests Off + ProxyPass / <%= options %>/ + ProxyPassReverse / <%= options %>/ + +<%- end -%> -- cgit v1.2.3 From c8c3719c722c23dc5c4187eaf487947340a95478 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 4 Nov 2010 12:01:18 +0100 Subject: allow setting of additional options for proxy vhosts --- templates/vhosts/proxy/proxy.erb | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'templates') diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb index 5d94e69..3251b7d 100644 --- a/templates/vhosts/proxy/proxy.erb +++ b/templates/vhosts/proxy/proxy.erb @@ -37,6 +37,10 @@ ProxyPass / <%= options %>/ ProxyPassReverse / <%= options %>/ <%- end -%> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> <%- end -%> @@ -74,5 +78,9 @@ ProxyRequests Off ProxyPass / <%= options %>/ ProxyPassReverse / <%= options %>/ + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> <%- end -%> -- cgit v1.2.3 From a87d7b91cc95c8ac7aee327e4cf4d3ce564cdea1 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 6 Dec 2010 17:40:46 +0100 Subject: add STS header for enforced SSL sites * http://en.wikipedia.org/wiki/Strict_Transport_Security This will tell browsers to interact with that site only per HTTPS. --- templates/vhosts/gitweb/gitweb.erb | 4 ++++ templates/vhosts/passenger/passenger.erb | 4 ++++ templates/vhosts/perl/perl.erb | 8 ++++++++ templates/vhosts/php/php.erb | 8 ++++++++ templates/vhosts/php_drupal/php_drupal.erb | 8 ++++++++ templates/vhosts/php_gallery2/php_gallery2.erb | 8 ++++++++ templates/vhosts/php_joomla/php_joomla.erb | 8 ++++++++ templates/vhosts/php_mediawiki/php_mediawiki.erb | 8 ++++++++ templates/vhosts/php_silverstripe/php_silverstripe.erb | 8 ++++++++ templates/vhosts/php_simplemachine/php_simplemachine.erb | 8 ++++++++ templates/vhosts/php_spip/php_spip.erb | 8 ++++++++ templates/vhosts/php_typo3/php_typo3.erb | 8 ++++++++ templates/vhosts/php_wordpress/php_wordpress.erb | 8 ++++++++ templates/vhosts/proxy/proxy.erb | 4 ++++ templates/vhosts/redirect/redirect.erb | 4 ++++ templates/vhosts/static/static.erb | 4 ++++ templates/vhosts/webdav/webdav.erb | 4 ++++ 17 files changed, 112 insertions(+) (limited to 'templates') diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index 4beda07..0f72447 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -116,6 +116,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> + SetEnv GITWEB_CONFIG <%= gitweb_config %> DirectoryIndex gitweb.cgi <%- if not ssl_mode.to_s == 'force' then -%> diff --git a/templates/vhosts/passenger/passenger.erb b/templates/vhosts/passenger/passenger.erb index fd9f555..33cf280 100644 --- a/templates/vhosts/passenger/passenger.erb +++ b/templates/vhosts/passenger/passenger.erb @@ -106,6 +106,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> + /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index b922637..5153925 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -130,6 +130,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -337,6 +341,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- unless run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index 97e9b10..5f05b7b 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -139,6 +139,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -332,6 +336,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index dc40e8a..0fdef81 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -160,6 +160,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -394,6 +398,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb index ee2275a..075db8c 100644 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ b/templates/vhosts/php_gallery2/php_gallery2.erb @@ -147,6 +147,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -354,6 +358,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index 47da796..1cd17ba 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -162,6 +162,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> Include include.d/joomla.inc @@ -393,6 +397,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index 170623f..2c9e1bd 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -130,6 +130,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -310,6 +314,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index 580af05..2973d3e 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -161,6 +161,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -394,6 +398,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index 37ac794..3b14edc 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -133,6 +133,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -320,6 +324,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index da42d40..13c1199 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -139,6 +139,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -332,6 +336,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index 8195e41..c364927 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -45,6 +45,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -373,6 +377,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index f30ad91..c1003fe 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -135,6 +135,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -323,6 +327,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb index 3251b7d..b007523 100644 --- a/templates/vhosts/proxy/proxy.erb +++ b/templates/vhosts/proxy/proxy.erb @@ -71,6 +71,10 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> Order deny,allow Allow from all diff --git a/templates/vhosts/redirect/redirect.erb b/templates/vhosts/redirect/redirect.erb index ba93c46..e1928b5 100644 --- a/templates/vhosts/redirect/redirect.erb +++ b/templates/vhosts/redirect/redirect.erb @@ -61,6 +61,10 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> Redirect permanent / https://<%= options %> diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index 18168c1..7eac5a9 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -106,6 +106,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if options.to_s != 'absent' or htpasswd_file.to_s != 'absent' then -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index a4508b3..72b3e9a 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -139,6 +139,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> DAVLockDB <%= real_dav_db_dir %>/DAVLock /"> -- cgit v1.2.3 From 22fba9762d707383c65c822c2310b17b1eb104c2 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 12 Dec 2010 18:47:06 +0100 Subject: enable HTS everywhere --- templates/vhosts/gitweb/gitweb.erb | 2 -- templates/vhosts/passenger/passenger.erb | 3 +-- templates/vhosts/perl/perl.erb | 12 ++++------- templates/vhosts/php/php.erb | 4 ---- templates/vhosts/php_drupal/php_drupal.erb | 14 +++++-------- templates/vhosts/php_gallery2/php_gallery2.erb | 14 +++++-------- templates/vhosts/php_joomla/php_joomla.erb | 13 +++++------- templates/vhosts/php_mediawiki/php_mediawiki.erb | 7 +++---- .../vhosts/php_silverstripe/php_silverstripe.erb | 15 +++++--------- .../vhosts/php_simplemachine/php_simplemachine.erb | 14 +++++-------- templates/vhosts/php_spip/php_spip.erb | 14 +++++-------- templates/vhosts/php_typo3/php_typo3.erb | 24 +++++++++------------- templates/vhosts/php_wordpress/php_wordpress.erb | 14 +++++-------- templates/vhosts/proxy/proxy.erb | 2 -- templates/vhosts/redirect/redirect.erb | 2 -- templates/vhosts/static/static.erb | 3 +-- templates/vhosts/webdav/webdav.erb | 14 ++++++------- 17 files changed, 61 insertions(+), 110 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index 0f72447..2c64b1c 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -116,9 +116,7 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> SetEnv GITWEB_CONFIG <%= gitweb_config %> DirectoryIndex gitweb.cgi diff --git a/templates/vhosts/passenger/passenger.erb b/templates/vhosts/passenger/passenger.erb index 33cf280..1b5d476 100644 --- a/templates/vhosts/passenger/passenger.erb +++ b/templates/vhosts/passenger/passenger.erb @@ -106,9 +106,8 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index 5153925..55e6e56 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -126,15 +126,13 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> @@ -337,15 +335,13 @@ ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- unless run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index 5f05b7b..ef50008 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -140,10 +140,8 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -337,10 +335,8 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index 0fdef81..1e3e0f4 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -150,21 +150,19 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -394,15 +392,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb index 075db8c..d4f210c 100644 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ b/templates/vhosts/php_gallery2/php_gallery2.erb @@ -137,21 +137,19 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -354,15 +352,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index 1cd17ba..ebaefd8 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -154,19 +154,18 @@ <%- end -%> <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> Include include.d/joomla.inc @@ -393,15 +392,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> Include include.d/joomla.inc diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index 2c9e1bd..2a33e1f 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -122,19 +122,18 @@ <%- end -%> <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index 2973d3e..de4dd5d 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -149,23 +149,20 @@ <%- else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -394,15 +391,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index 3b14edc..b53477e 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -123,21 +123,19 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -320,15 +318,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index 13c1199..05f8485 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -129,21 +129,19 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -332,15 +330,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index c364927..bf0bd5d 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -29,27 +29,23 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> - Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> AllowOverride <%= allow_override %> @@ -149,17 +145,19 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> + + Header add Strict-Transport-Security "max-age=15768000" + /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -373,15 +371,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index c1003fe..5ae6e24 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -125,21 +125,19 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -323,15 +321,13 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb index b007523..9a347ca 100644 --- a/templates/vhosts/proxy/proxy.erb +++ b/templates/vhosts/proxy/proxy.erb @@ -71,10 +71,8 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> Order deny,allow Allow from all diff --git a/templates/vhosts/redirect/redirect.erb b/templates/vhosts/redirect/redirect.erb index e1928b5..2374797 100644 --- a/templates/vhosts/redirect/redirect.erb +++ b/templates/vhosts/redirect/redirect.erb @@ -61,10 +61,8 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> Redirect permanent / https://<%= options %> diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index 7eac5a9..030d588 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -103,13 +103,12 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if options.to_s != 'absent' or htpasswd_file.to_s != 'absent' then -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index 72b3e9a..fa76b27 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -129,21 +129,19 @@ ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> DAVLockDB <%= real_dav_db_dir %>/DAVLock /"> Dav on @@ -298,11 +296,13 @@ SSLProxyEngine On ProxyPass / https://127.0.0.1/ ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> + AddDefaultCharset <%= default_charset %> <%- end -%> + + Header add Strict-Transport-Security "max-age=15768000" + <%- if mod_security.to_s == 'true' then -%> SecRuleEngine On -- cgit v1.2.3 From ea3ebee7153660f809d7f26224e7282f97029743 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 30 Jan 2011 23:08:03 +0100 Subject: adding htpasswd for proxy --- templates/vhosts/proxy/proxy.erb | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'templates') diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb index 9a347ca..5b1465f 100644 --- a/templates/vhosts/proxy/proxy.erb +++ b/templates/vhosts/proxy/proxy.erb @@ -32,6 +32,12 @@ Order deny,allow Allow from all + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> ProxyRequests Off ProxyPass / <%= options %>/ @@ -76,6 +82,12 @@ Order deny,allow Allow from all + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> ProxyRequests Off ProxyPass / <%= options %>/ -- cgit v1.2.3 From f14fd057987b5489228a40444c3a101768c5b6bb Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 22 Feb 2011 22:59:40 +0100 Subject: first way to a unified partial based vhost template --- templates/vhosts/default.erb | 16 ++++++++++++++++ templates/vhosts/partials/header_default.erb | 13 +++++++++++++ templates/vhosts/partials/logs.erb | 14 ++++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 templates/vhosts/default.erb create mode 100644 templates/vhosts/partials/header_default.erb create mode 100644 templates/vhosts/partials/logs.erb (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb new file mode 100644 index 0000000..9e16337 --- /dev/null +++ b/templates/vhosts/default.erb @@ -0,0 +1,16 @@ +<%- [:normal,:ssl].each do |vhost_part| %> + + + <%= scope.function_template('apache/vhost/partials/header_default.erb') %> + <%= scope.function_template('apache/vhost/partials/logs.erb') %> + + <%- if ssl_mode == 'force' && vhost_part == :ssl %> + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] + <%- else %> + <%= scope.function_template(template_partial) %> + <%- end %> + + +<%- end %> diff --git a/templates/vhosts/partials/header_default.erb b/templates/vhosts/partials/header_default.erb new file mode 100644 index 0000000..13eeea1 --- /dev/null +++ b/templates/vhosts/partials/header_default.erb @@ -0,0 +1,13 @@ + Include include.d/defaults.inc + <%- if vhost_part == :ssl %> + Include include.d/ssl_defaults.inc + <%- end %> + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ diff --git a/templates/vhosts/partials/logs.erb b/templates/vhosts/partials/logs.erb new file mode 100644 index 0000000..b61018c --- /dev/null +++ b/templates/vhosts/partials/logs.erb @@ -0,0 +1,14 @@ + <%- case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <%- when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <%- when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <%- else -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- end -%> -- cgit v1.2.3 From e32d342c758b30a32d0ee64d1d2363c5d9fc0f7a Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 22 Feb 2011 23:29:39 +0100 Subject: fix typo --- templates/vhosts/default.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 9e16337..654629a 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -1,5 +1,5 @@ <%- [:normal,:ssl].each do |vhost_part| %> - + > <%= scope.function_template('apache/vhost/partials/header_default.erb') %> <%= scope.function_template('apache/vhost/partials/logs.erb') %> -- cgit v1.2.3 From ecf2e416a19141d686fb92df5733500eb87cf793 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 22 Feb 2011 23:32:15 +0100 Subject: fix template paths --- templates/vhosts/default.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 654629a..509f660 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -1,8 +1,8 @@ <%- [:normal,:ssl].each do |vhost_part| %> > - <%= scope.function_template('apache/vhost/partials/header_default.erb') %> - <%= scope.function_template('apache/vhost/partials/logs.erb') %> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> + <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode == 'force' && vhost_part == :ssl %> RewriteEngine On -- cgit v1.2.3 From 420b74afaa1a222b3fc17c8bf91b2890aef3232d Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 22 Feb 2011 23:39:42 +0100 Subject: try to fix a variable problem --- templates/vhosts/default.erb | 5 ++++- templates/vhosts/partials/header_default.erb | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 509f660..4a7d7f4 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -1,4 +1,7 @@ -<%- [:normal,:ssl].each do |vhost_part| %> +<%- [:normal,:ssl].each do |vhost_part| + # we need this variable in included templates + @vhost_part = vhost_part +%> > <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> diff --git a/templates/vhosts/partials/header_default.erb b/templates/vhosts/partials/header_default.erb index 13eeea1..7d43bde 100644 --- a/templates/vhosts/partials/header_default.erb +++ b/templates/vhosts/partials/header_default.erb @@ -1,5 +1,5 @@ Include include.d/defaults.inc - <%- if vhost_part == :ssl %> + <%- if @vhost_part == :ssl %> Include include.d/ssl_defaults.inc <%- end %> -- cgit v1.2.3 From 33c5ede6de31667d5f2a2797b1aab2d98db8a6ae Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 22 Feb 2011 23:53:29 +0100 Subject: fixing mode stuff --- templates/vhosts/default.erb | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 4a7d7f4..172518c 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -1,4 +1,11 @@ -<%- [:normal,:ssl].each do |vhost_part| +<%- +vhost_parts = case ssl_mode + when 'only' then [:ssl] + when false then [:normal] + when 'false' then [:normal] + else [:normal,:ssl] +end +vhost_parts.each do |vhost_part| # we need this variable in included templates @vhost_part = vhost_part %> @@ -7,7 +14,7 @@ <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if ssl_mode == 'force' && vhost_part == :ssl %> + <%- if ssl_mode == 'force' && vhost_part == :normal %> RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] -- cgit v1.2.3 From c67f0b2119e0e3fb2101f722550d805534c37f91 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 25 Feb 2011 15:36:15 +0100 Subject: fixing template foo --- templates/vhosts/default.erb | 5 +++-- templates/vhosts/partials/header_default.erb | 25 ++++++++++++------------- templates/vhosts/partials/logs.erb | 10 +++++----- 3 files changed, 20 insertions(+), 20 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 172518c..22aa391 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -6,12 +6,13 @@ vhost_parts = case ssl_mode else [:normal,:ssl] end vhost_parts.each do |vhost_part| - # we need this variable in included templates - @vhost_part = vhost_part + scope.unsetvar('vhost_part') + scope.setvar('vhost_part',vhost_part) %> > <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> + <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode == 'force' && vhost_part == :normal %> diff --git a/templates/vhosts/partials/header_default.erb b/templates/vhosts/partials/header_default.erb index 7d43bde..f454bdf 100644 --- a/templates/vhosts/partials/header_default.erb +++ b/templates/vhosts/partials/header_default.erb @@ -1,13 +1,12 @@ - Include include.d/defaults.inc - <%- if @vhost_part == :ssl %> - Include include.d/ssl_defaults.inc - <%- end %> - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ + Include include.d/defaults.inc + <%- if vhost_part == :ssl %> + Include include.d/ssl_defaults.inc + <%- end %> + ServerName <%= servername %> + <%- unless (serveralias.to_s.empty? || serveralias.to_s == 'absent' -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? || (server_admin.to_s == 'absent') -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ diff --git a/templates/vhosts/partials/logs.erb b/templates/vhosts/partials/logs.erb index b61018c..9b03426 100644 --- a/templates/vhosts/partials/logs.erb +++ b/templates/vhosts/partials/logs.erb @@ -1,14 +1,14 @@ <%- case logmode.to_s - when 'nologs' -%> + when 'nologs' %> ErrorLog /dev/null CustomLog /dev/null - <%- when 'semianonym' -%> + <%- when 'semianonym' %> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> + <%- when 'anonym' %> ErrorLog /dev/null CustomLog <%= logdir %>/access_log noip - <%- else -%> + <%- else %> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined - <%- end -%> + <%- end %> -- cgit v1.2.3 From ef77991e5f8d3a05df8326fafbbfe346bc848c55 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 25 Feb 2011 15:57:27 +0100 Subject: fix template syntax --- templates/vhosts/partials/header_default.erb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/partials/header_default.erb b/templates/vhosts/partials/header_default.erb index f454bdf..968cfeb 100644 --- a/templates/vhosts/partials/header_default.erb +++ b/templates/vhosts/partials/header_default.erb @@ -3,10 +3,10 @@ Include include.d/ssl_defaults.inc <%- end %> ServerName <%= servername %> - <%- unless (serveralias.to_s.empty? || serveralias.to_s == 'absent' -%> + <%- unless serveralias.to_s.empty? || (serveralias.to_s == 'absent') %> ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? || (server_admin.to_s == 'absent') -%> + <%- end %> + <%- unless server_admin.to_s.empty? || (server_admin.to_s == 'absent') %> ServerAdmin <%= server_admin %> - <%- end -%> + <%- end %> DocumentRoot <%= documentroot %>/ -- cgit v1.2.3 From fd87aeefb846f7986d936e07fee453fbb25d4833 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 25 Feb 2011 16:13:50 +0100 Subject: cleanup rendering --- templates/vhosts/default.erb | 18 +++++++++--------- templates/vhosts/partials/header_default.erb | 14 +++++++------- templates/vhosts/partials/logs.erb | 28 ++++++++++++++-------------- 3 files changed, 30 insertions(+), 30 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 22aa391..69af8f0 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -1,4 +1,4 @@ -<%- +<% vhost_parts = case ssl_mode when 'only' then [:ssl] when false then [:normal] @@ -8,20 +8,20 @@ end vhost_parts.each do |vhost_part| scope.unsetvar('vhost_part') scope.setvar('vhost_part',vhost_part) -%> +-%> > - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> - <%= scope.function_template('apache/vhosts/partials/logs.erb') %> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if ssl_mode == 'force' && vhost_part == :normal %> + <% if ssl_mode == 'force' && vhost_part == :normal -%> RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- else %> - <%= scope.function_template(template_partial) %> - <%- end %> + <% else -%> +<%= scope.function_template(template_partial) %> + <% end -%> -<%- end %> +<% end -%> diff --git a/templates/vhosts/partials/header_default.erb b/templates/vhosts/partials/header_default.erb index 968cfeb..4080ac3 100644 --- a/templates/vhosts/partials/header_default.erb +++ b/templates/vhosts/partials/header_default.erb @@ -1,12 +1,12 @@ Include include.d/defaults.inc - <%- if vhost_part == :ssl %> + <% if vhost_part == :ssl -%> Include include.d/ssl_defaults.inc - <%- end %> + <% end -%> ServerName <%= servername %> - <%- unless serveralias.to_s.empty? || (serveralias.to_s == 'absent') %> - ServerAlias <%= serveralias %> - <%- end %> - <%- unless server_admin.to_s.empty? || (server_admin.to_s == 'absent') %> + <% unless serveralias.to_s.empty? || (serveralias.to_s == 'absent') -%> + ServerAlias <%= serveralias -%> + <% end -%> + <% unless server_admin.to_s.empty? || (server_admin.to_s == 'absent') -%> ServerAdmin <%= server_admin %> - <%- end %> + <% end -%> DocumentRoot <%= documentroot %>/ diff --git a/templates/vhosts/partials/logs.erb b/templates/vhosts/partials/logs.erb index 9b03426..0342c49 100644 --- a/templates/vhosts/partials/logs.erb +++ b/templates/vhosts/partials/logs.erb @@ -1,14 +1,14 @@ - <%- case logmode.to_s - when 'nologs' %> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' %> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' %> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else %> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end %> + <% case logmode.to_s + when 'nologs' -%> + ErrorLog /dev/null + CustomLog /dev/null + <% when 'semianonym' -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log noip + <% when 'anonym' -%> + ErrorLog /dev/null + CustomLog <%= logdir %>/access_log noip + <% else -%> + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <% end -%> -- cgit v1.2.3 From b1d5cf786cf1b9ae9d37917cef77e85506cb88ea Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 25 Feb 2011 16:33:13 +0100 Subject: we need a new line there --- templates/vhosts/partials/header_default.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/vhosts/partials/header_default.erb b/templates/vhosts/partials/header_default.erb index 4080ac3..32eb006 100644 --- a/templates/vhosts/partials/header_default.erb +++ b/templates/vhosts/partials/header_default.erb @@ -4,7 +4,7 @@ <% end -%> ServerName <%= servername %> <% unless serveralias.to_s.empty? || (serveralias.to_s == 'absent') -%> - ServerAlias <%= serveralias -%> + ServerAlias <%= serveralias %> <% end -%> <% unless server_admin.to_s.empty? || (server_admin.to_s == 'absent') -%> ServerAdmin <%= server_admin %> -- cgit v1.2.3 From f614f355a6321285406fe7cb23a664e302e1d79c Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 17 Mar 2011 13:14:22 +0100 Subject: add mod_security stuff to the new default template --- templates/vhosts/default.erb | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 69af8f0..41879c8 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -22,6 +22,26 @@ vhost_parts.each do |vhost_part| <% else -%> <%= scope.function_template(template_partial) %> <% end -%> + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> -<% end -%> +<% end -%> \ No newline at end of file -- cgit v1.2.3 From 5d6a8d82224a63c61d61b3a71703b41809f235d3 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 17 Mar 2011 13:17:10 +0100 Subject: put mod_security stuff in its own partial --- templates/vhosts/default.erb | 21 +++------------------ templates/vhosts/partials/mod_security.erb | 17 +++++++++++++++++ 2 files changed, 20 insertions(+), 18 deletions(-) create mode 100644 templates/vhosts/partials/mod_security.erb (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 41879c8..4acb6b4 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -22,26 +22,11 @@ vhost_parts.each do |vhost_part| <% else -%> <%= scope.function_template(template_partial) %> <% end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - + +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> -<% end -%> \ No newline at end of file +<% end -%> diff --git a/templates/vhosts/partials/mod_security.erb b/templates/vhosts/partials/mod_security.erb new file mode 100644 index 0000000..0e0f803 --- /dev/null +++ b/templates/vhosts/partials/mod_security.erb @@ -0,0 +1,17 @@ + + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- if mod_security_relevantonly.to_s == 'true' then -%> + SecAuditEngine RelevantOnly + <%- else -%> + SecAuditEngine On + <%- end -%> + <%- else -%> + SecRuleEngine Off + SecAuditEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + -- cgit v1.2.3 From db4dec6a9ab9205d5a76e76ac1d6244b33733c99 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 31 Mar 2011 23:17:07 +0200 Subject: improving passenger support --- templates/vhosts/partials/authentication.erb | 6 ++ templates/vhosts/passenger/CentOS.erb | 1 - templates/vhosts/passenger/Debian.erb | 1 - templates/vhosts/passenger/passenger.erb | 148 --------------------------- 4 files changed, 6 insertions(+), 150 deletions(-) create mode 100644 templates/vhosts/partials/authentication.erb delete mode 120000 templates/vhosts/passenger/CentOS.erb delete mode 120000 templates/vhosts/passenger/Debian.erb delete mode 100644 templates/vhosts/passenger/passenger.erb (limited to 'templates') diff --git a/templates/vhosts/partials/authentication.erb b/templates/vhosts/partials/authentication.erb new file mode 100644 index 0000000..bf871e7 --- /dev/null +++ b/templates/vhosts/partials/authentication.erb @@ -0,0 +1,6 @@ + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> \ No newline at end of file diff --git a/templates/vhosts/passenger/CentOS.erb b/templates/vhosts/passenger/CentOS.erb deleted file mode 120000 index c5062da..0000000 --- a/templates/vhosts/passenger/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -passenger.erb \ No newline at end of file diff --git a/templates/vhosts/passenger/Debian.erb b/templates/vhosts/passenger/Debian.erb deleted file mode 120000 index c5062da..0000000 --- a/templates/vhosts/passenger/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -passenger.erb \ No newline at end of file diff --git a/templates/vhosts/passenger/passenger.erb b/templates/vhosts/passenger/passenger.erb deleted file mode 100644 index 1b5d476..0000000 --- a/templates/vhosts/passenger/passenger.erb +++ /dev/null @@ -1,148 +0,0 @@ -# <%= servername %> -<%- unless ssl_mode.to_s == 'only' then -%> - - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/public - - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> - - <%- end -%> - - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/public - - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> - - Header add Strict-Transport-Security "max-age=15768000" - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> - - - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -- cgit v1.2.3 From 819afbcc311efd818abc72ffcf80e879d987b661 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 31 Mar 2011 23:30:12 +0200 Subject: add missing files and manage necessary files to run as specific user --- templates/vhosts/passenger/partial.erb | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 templates/vhosts/passenger/partial.erb (limited to 'templates') diff --git a/templates/vhosts/passenger/partial.erb b/templates/vhosts/passenger/partial.erb new file mode 100644 index 0000000..63f1b89 --- /dev/null +++ b/templates/vhosts/passenger/partial.erb @@ -0,0 +1,7 @@ + /> + AllowOverride <%= allow_override %> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- unless !options.to_s.include?('MultiViews') then -%> -MultiViews<%- end -%> + + <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + \ No newline at end of file -- cgit v1.2.3 From 7f254be7d55f2208f3ea7e2fe6d40284f92e04c8 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 1 Apr 2011 00:15:15 +0200 Subject: fix template error --- templates/vhosts/partials/authentication.erb | 2 +- templates/vhosts/passenger/partial.erb | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/partials/authentication.erb b/templates/vhosts/partials/authentication.erb index bf871e7..b038eb6 100644 --- a/templates/vhosts/partials/authentication.erb +++ b/templates/vhosts/partials/authentication.erb @@ -1,4 +1,4 @@ - <%- unless htpasswd_file.to_s == 'absent' then -%> + <%- unless htpasswd_file.to_s == 'absent' -%> AuthType Basic AuthName "Access fuer <%= servername %>" AuthUserFile <%= real_htpasswd_path %> diff --git a/templates/vhosts/passenger/partial.erb b/templates/vhosts/passenger/partial.erb index 63f1b89..3b314ce 100644 --- a/templates/vhosts/passenger/partial.erb +++ b/templates/vhosts/passenger/partial.erb @@ -1,7 +1,6 @@ /> AllowOverride <%= allow_override %> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- unless !options.to_s.include?('MultiViews') then -%> -MultiViews<%- end -%> + Options <%- unless options.to_s == 'absent' -%><%= options %><%- end -%><%- unless !options.to_s.include?('MultiViews') -%>-MultiViews<%- end -%> - <%- end -%> <%= scope.function_template('apache/vhosts/partials/authentication.erb') %> \ No newline at end of file -- cgit v1.2.3 From cbbffa1d3de5a19a72dd7bb88fb1bcb14e5384e1 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 17 May 2011 22:52:47 +0200 Subject: improve mod_security rules * handled now by a partial * possibility to add rules that should be removed * possibility to add custom mod_sec options" * use new infrastructure for existing mod_sec tweaks --- templates/vhosts/gitweb/gitweb.erb | 36 +----- templates/vhosts/partials/mod_security.erb | 22 +++- templates/vhosts/perl/perl.erb | 72 +----------- templates/vhosts/php/php.erb | 72 +----------- templates/vhosts/php_drupal/php_drupal.erb | 72 +----------- templates/vhosts/php_gallery2/php_gallery2.erb | 64 +---------- templates/vhosts/php_joomla/php_joomla.erb | 128 +-------------------- templates/vhosts/php_mediawiki/php_mediawiki.erb | 56 +-------- .../vhosts/php_silverstripe/php_silverstripe.erb | 80 +------------ .../vhosts/php_simplemachine/php_simplemachine.erb | 72 +----------- templates/vhosts/php_spip/php_spip.erb | 72 +----------- templates/vhosts/php_typo3/php_typo3.erb | 106 +---------------- templates/vhosts/php_wordpress/php_wordpress.erb | 69 +---------- templates/vhosts/proxy/proxy.erb | 4 + templates/vhosts/static/static.erb | 36 +----- templates/vhosts/webdav/webdav.erb | 72 +----------- 16 files changed, 72 insertions(+), 961 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index 2c64b1c..f732eb3 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -61,23 +61,7 @@ <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -144,23 +128,7 @@ <%- end %> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/partials/mod_security.erb b/templates/vhosts/partials/mod_security.erb index 0e0f803..e70b217 100644 --- a/templates/vhosts/partials/mod_security.erb +++ b/templates/vhosts/partials/mod_security.erb @@ -1,17 +1,27 @@ - <%- if mod_security.to_s == 'true' then -%> + <% if mod_security.to_s == 'true' then -%> SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> + <% if mod_security_relevantonly.to_s == 'true' then -%> SecAuditEngine RelevantOnly - <%- else -%> + <% else -%> SecAuditEngine On - <%- end -%> - <%- else -%> + <% end -%> + <% else -%> SecRuleEngine Off SecAuditEngine Off - <%- end -%> + <% end -%> SecAuditLogType Concurrent SecAuditLogStorageDir <%= logdir %>/ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log + <% unless mod_security_rules_to_disable.to_a.empty? -%> + + <% mod_security_rules_to_disable.to_a.each do |rule| + SecRuleRemoveById "<%= rule %>" + <% end -%> + <% end -%> + <% unless mod_security_additional_options.to_s == 'absent' -%> + + <%= mod_security_additional_options %> + <% end -%> diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index 55e6e56..6e79805 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -73,23 +73,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -164,23 +148,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -270,23 +238,7 @@ <%- end -%> <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -368,23 +320,7 @@ ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index ef50008..cbbc736 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -76,23 +76,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -170,23 +154,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -265,23 +233,7 @@ <%- end -%> <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -353,23 +305,7 @@ <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index 1e3e0f4..57bf6d9 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -97,23 +97,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -213,23 +197,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -327,23 +295,7 @@ <%- end -%> <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -433,23 +385,7 @@ <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb index d4f210c..ef2444f 100644 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ b/templates/vhosts/php_gallery2/php_gallery2.erb @@ -84,23 +84,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -186,19 +170,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -287,23 +259,7 @@ <%- end -%> <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -381,19 +337,7 @@ <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index ebaefd8..c7e06d7 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -85,37 +85,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - - SecRuleRemoveById 950013 - - - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" - - # Exceptions for Joomla Component Expose - - SecRuleRemoveById 960010 - - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -193,37 +163,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - - SecRuleRemoveById 950013 - - - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" - - # Exceptions for Joomla Component Expose - - SecRuleRemoveById 960010 - - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -313,37 +253,7 @@ <%- end -%> <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - - SecRuleRemoveById 950013 - - - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" - - # Exceptions for Joomla Component Expose - - SecRuleRemoveById 960010 - - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -417,37 +327,7 @@ <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - - SecRuleRemoveById 950013 - - - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" - - # Exceptions for Joomla Component Expose - - SecRuleRemoveById 960010 - - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index 2a33e1f..a5fd4f3 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -71,19 +71,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -157,19 +145,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -248,19 +224,7 @@ <%- end -%> <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -334,19 +298,7 @@ <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index de4dd5d..c2d8e49 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -95,25 +95,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -207,25 +189,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -325,25 +289,7 @@ <%- end -%> <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -431,25 +377,7 @@ <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index b53477e..dfe0af2 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -70,23 +70,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -158,23 +142,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -253,23 +221,7 @@ <%- end -%> <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -341,23 +293,7 @@ <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index 05f8485..ebd9d84 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -76,23 +76,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -170,23 +154,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -265,23 +233,7 @@ <%- end -%> <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -353,23 +305,7 @@ <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index bf0bd5d..e65a5c9 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -83,32 +83,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - - SecRuleEngine Off - SecAuditEngine Off - - - - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -185,32 +160,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - - SecRuleEngine Off - SecAuditEngine Off - - - - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -298,31 +248,7 @@ <%- end -%> <%- end -%> - - - SecRuleEngine Off - - - - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -394,31 +320,7 @@ <%- end -%> - - - SecRuleEngine Off - - - - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index 5ae6e24..de889ee 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -73,23 +73,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - SecRuleRemoveById "950018" - - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -163,22 +147,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - SecRuleRemoveById "950018" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -257,22 +226,7 @@ <%- end -%> <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - SecRuleRemoveById "950018" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -344,22 +298,7 @@ <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - SecAuditEngine On - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - SecRuleRemoveById "960010" - SecRuleRemoveById "950018" - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb index 5b1465f..885bce3 100644 --- a/templates/vhosts/proxy/proxy.erb +++ b/templates/vhosts/proxy/proxy.erb @@ -44,6 +44,8 @@ ProxyPassReverse / <%= options %>/ <%- end -%> +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> + <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> @@ -79,6 +81,8 @@ Header add Strict-Transport-Security "max-age=15768000" +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> + Order deny,allow Allow from all diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index 030d588..55ae5ac 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -51,23 +51,7 @@ <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -125,23 +109,7 @@ <%- end %> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index fa76b27..e498833 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -76,23 +76,7 @@ <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -170,23 +154,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> @@ -239,23 +207,7 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> @@ -303,23 +255,7 @@ Header add Strict-Transport-Security "max-age=15768000" - - <%- if mod_security.to_s == 'true' then -%> - SecRuleEngine On - <%- if mod_security_relevantonly.to_s == 'true' then -%> - SecAuditEngine RelevantOnly - <%- else -%> - SecAuditEngine On - <%- end -%> - <%- else -%> - SecRuleEngine Off - SecAuditEngine Off - <%- end -%> - SecAuditLogType Concurrent - SecAuditLogStorageDir <%= logdir %>/ - SecAuditLog <%= logdir %>/mod_security_audit.log - SecDebugLog <%= logdir %>/mod_security_debug.log - +<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> -- cgit v1.2.3 From 88ac72f017da9a0085e0299aa6aac46294cb1590 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 17 May 2011 22:59:31 +0200 Subject: fix template typo --- templates/vhosts/partials/mod_security.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/vhosts/partials/mod_security.erb b/templates/vhosts/partials/mod_security.erb index e70b217..bfb729d 100644 --- a/templates/vhosts/partials/mod_security.erb +++ b/templates/vhosts/partials/mod_security.erb @@ -16,7 +16,7 @@ SecDebugLog <%= logdir %>/mod_security_debug.log <% unless mod_security_rules_to_disable.to_a.empty? -%> - <% mod_security_rules_to_disable.to_a.each do |rule| + <% mod_security_rules_to_disable.to_a.each do |rule| -%> SecRuleRemoveById "<%= rule %>" <% end -%> <% end -%> -- cgit v1.2.3 From 09d598562f66e524e24ca4b1a924a43bb89cecfc Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 17 May 2011 23:09:12 +0200 Subject: indentation --- templates/vhosts/partials/mod_security.erb | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/partials/mod_security.erb b/templates/vhosts/partials/mod_security.erb index bfb729d..5b4fca8 100644 --- a/templates/vhosts/partials/mod_security.erb +++ b/templates/vhosts/partials/mod_security.erb @@ -1,27 +1,27 @@ - <% if mod_security.to_s == 'true' then -%> +<% if mod_security.to_s == 'true' then -%> SecRuleEngine On - <% if mod_security_relevantonly.to_s == 'true' then -%> +<% if mod_security_relevantonly.to_s == 'true' then -%> SecAuditEngine RelevantOnly - <% else -%> +<% else -%> SecAuditEngine On - <% end -%> - <% else -%> +<% end -%> +<% else -%> SecRuleEngine Off SecAuditEngine Off - <% end -%> +<% end -%> SecAuditLogType Concurrent SecAuditLogStorageDir <%= logdir %>/ SecAuditLog <%= logdir %>/mod_security_audit.log SecDebugLog <%= logdir %>/mod_security_debug.log - <% unless mod_security_rules_to_disable.to_a.empty? -%> +<% unless mod_security_rules_to_disable.to_a.empty? -%> - <% mod_security_rules_to_disable.to_a.each do |rule| -%> +<% mod_security_rules_to_disable.to_a.each do |rule| -%> SecRuleRemoveById "<%= rule %>" - <% end -%> - <% end -%> - <% unless mod_security_additional_options.to_s == 'absent' -%> +<% end -%> +<% end -%> +<% unless mod_security_additional_options.to_s == 'absent' -%> <%= mod_security_additional_options %> - <% end -%> +<% end -%> -- cgit v1.2.3 From cd1150af3af7411c88835d8fa5e41c40d40146fb Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 17 May 2011 23:16:43 +0200 Subject: switching logs over to partials --- templates/vhosts/gitweb/gitweb.erb | 30 +---------- templates/vhosts/perl/perl.erb | 60 ++-------------------- templates/vhosts/php/php.erb | 60 ++-------------------- templates/vhosts/php_drupal/php_drupal.erb | 60 ++-------------------- templates/vhosts/php_gallery2/php_gallery2.erb | 60 ++-------------------- templates/vhosts/php_joomla/php_joomla.erb | 60 ++-------------------- templates/vhosts/php_mediawiki/php_mediawiki.erb | 60 ++-------------------- .../vhosts/php_silverstripe/php_silverstripe.erb | 60 ++-------------------- .../vhosts/php_simplemachine/php_simplemachine.erb | 60 ++-------------------- templates/vhosts/php_spip/php_spip.erb | 60 ++-------------------- templates/vhosts/php_typo3/php_typo3.erb | 60 ++-------------------- templates/vhosts/php_wordpress/php_wordpress.erb | 60 ++-------------------- templates/vhosts/proxy/proxy.erb | 30 +---------- templates/vhosts/redirect/redirect.erb | 30 +---------- templates/vhosts/static/static.erb | 33 +----------- templates/vhosts/webdav/webdav.erb | 60 ++-------------------- 16 files changed, 56 insertions(+), 787 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index f732eb3..61ce15f 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -11,20 +11,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> @@ -82,20 +69,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index 6e79805..61bc179 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -15,20 +15,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On @@ -96,20 +83,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> @@ -176,20 +150,7 @@ DirectoryIndex index.htm index.html index.pl <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off @@ -273,20 +234,7 @@ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index cbbc736..4531d9f 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -15,20 +15,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On @@ -99,21 +86,8 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> @@ -181,20 +155,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off @@ -258,20 +219,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index 57bf6d9..01ba2fb 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -15,20 +15,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On RewriteCond %{HTTPS} !=on @@ -120,20 +107,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> @@ -224,20 +198,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off @@ -320,20 +281,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb index ef2444f..db4068d 100644 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ b/templates/vhosts/php_gallery2/php_gallery2.erb @@ -15,20 +15,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On @@ -107,20 +94,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> @@ -197,20 +171,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off @@ -284,20 +245,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index c7e06d7..09d1bda 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -15,20 +15,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On @@ -108,20 +95,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> @@ -190,20 +164,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off @@ -278,20 +239,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index a5fd4f3..b913c10 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -15,20 +15,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On @@ -94,20 +81,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> @@ -172,20 +146,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off @@ -249,20 +210,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index c2d8e49..19f48d1 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -15,20 +15,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On @@ -118,20 +105,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> @@ -216,20 +190,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off @@ -313,20 +274,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index dfe0af2..ebab10d 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -15,20 +15,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On @@ -93,20 +80,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> @@ -169,20 +143,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off @@ -246,20 +207,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index ebd9d84..48a6774 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -15,20 +15,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On @@ -99,20 +86,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> @@ -181,20 +155,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off @@ -258,20 +219,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index e65a5c9..1fd5a1a 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -15,20 +15,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On @@ -106,20 +93,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> @@ -187,20 +161,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off @@ -273,20 +234,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index de889ee..9180d9a 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -15,20 +15,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On @@ -95,20 +82,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> @@ -174,20 +148,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off @@ -251,20 +212,7 @@ DirectoryIndex index.htm index.html index.php <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb index 885bce3..bb31b6b 100644 --- a/templates/vhosts/proxy/proxy.erb +++ b/templates/vhosts/proxy/proxy.erb @@ -10,20 +10,7 @@ ServerAdmin <%= server_admin %> <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On RewriteCond %{HTTPS} !=on @@ -64,20 +51,7 @@ ServerAdmin <%= server_admin %> <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> Header add Strict-Transport-Security "max-age=15768000" diff --git a/templates/vhosts/redirect/redirect.erb b/templates/vhosts/redirect/redirect.erb index 2374797..43cfa02 100644 --- a/templates/vhosts/redirect/redirect.erb +++ b/templates/vhosts/redirect/redirect.erb @@ -10,20 +10,7 @@ ServerAdmin <%= server_admin %> <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On RewriteCond %{HTTPS} !=on @@ -46,20 +33,7 @@ ServerAdmin <%= server_admin %> <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> Header add Strict-Transport-Security "max-age=15768000" diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index 55ae5ac..05760d6 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -11,23 +11,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On RewriteCond %{HTTPS} !=on @@ -72,20 +56,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index e498833..30d76e3 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -15,20 +15,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On @@ -99,20 +86,7 @@ <%- end -%> DocumentRoot <%= documentroot %>/ - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip - <%- else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> @@ -177,20 +151,7 @@ ServerAdmin <%= server_admin %> <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off @@ -228,20 +189,7 @@ ServerAdmin <%= server_admin %> <%- end -%> - <%- case logmode.to_s - when 'nologs' -%> - ErrorLog /dev/null - CustomLog /dev/null - <%- when 'semianonym' -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- when 'anonym' -%> - ErrorLog /dev/null - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip - <%- else -%> - ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log - CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off -- cgit v1.2.3 From e6819524ebf02302d05d74d8c92f4c3dd90c06b4 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 17 May 2011 23:18:03 +0200 Subject: indentation --- templates/vhosts/partials/logs.erb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/partials/logs.erb b/templates/vhosts/partials/logs.erb index 0342c49..650b204 100644 --- a/templates/vhosts/partials/logs.erb +++ b/templates/vhosts/partials/logs.erb @@ -1,14 +1,14 @@ - <% case logmode.to_s +<% case logmode.to_s when 'nologs' -%> ErrorLog /dev/null CustomLog /dev/null - <% when 'semianonym' -%> +<% when 'semianonym' -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log noip - <% when 'anonym' -%> +<% when 'anonym' -%> ErrorLog /dev/null CustomLog <%= logdir %>/access_log noip - <% else -%> +<% else -%> ErrorLog <%= logdir %>/error_log CustomLog <%= logdir %>/access_log combined - <% end -%> +<% end -%> -- cgit v1.2.3 From 09feb96edeaff10bde462aabb8c4d0c961eadd1a Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 17 May 2011 23:30:11 +0200 Subject: migrate authentication to partials --- templates/vhosts/gitweb/gitweb.erb | 14 ++--------- templates/vhosts/partials/authentication.erb | 4 ++-- templates/vhosts/perl/perl.erb | 28 ++++------------------ templates/vhosts/php/php.erb | 28 ++++------------------ templates/vhosts/php_drupal/php_drupal.erb | 28 ++++------------------ templates/vhosts/php_gallery2/php_gallery2.erb | 28 ++++------------------ templates/vhosts/php_joomla/php_joomla.erb | 28 ++++------------------ templates/vhosts/php_mediawiki/php_mediawiki.erb | 28 ++++------------------ .../vhosts/php_silverstripe/php_silverstripe.erb | 28 ++++------------------ .../vhosts/php_simplemachine/php_simplemachine.erb | 28 ++++------------------ templates/vhosts/php_spip/php_spip.erb | 28 ++++------------------ templates/vhosts/php_typo3/php_typo3.erb | 28 ++++------------------ templates/vhosts/php_wordpress/php_wordpress.erb | 28 ++++------------------ templates/vhosts/proxy/proxy.erb | 14 ++--------- templates/vhosts/static/static.erb | 16 ++----------- templates/vhosts/webdav/webdav.erb | 14 ++--------- 16 files changed, 54 insertions(+), 316 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index 61ce15f..5bcfeb5 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -38,12 +38,7 @@ RewriteEngine on RewriteRule ^[a-zA-Z0-9_-]+.git/?(\?.)?$ /gitweb.cgi%{REQUESTURI} [L,PT] - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end -%> @@ -92,12 +87,7 @@ RewriteEngine on RewriteRule ^[a-zA-Z0-9_-]+.git/?(\?.)?$ /gitweb.cgi%{REQUESTURI} [L,PT] - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end %> diff --git a/templates/vhosts/partials/authentication.erb b/templates/vhosts/partials/authentication.erb index b038eb6..6ca1b03 100644 --- a/templates/vhosts/partials/authentication.erb +++ b/templates/vhosts/partials/authentication.erb @@ -1,6 +1,6 @@ - <%- unless htpasswd_file.to_s == 'absent' -%> +<% unless htpasswd_file.to_s == 'absent' -%> AuthType Basic AuthName "Access fuer <%= servername %>" AuthUserFile <%= real_htpasswd_path %> require valid-user - <%- end -%> \ No newline at end of file +<% end -%> \ No newline at end of file diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index 61bc179..1b49d62 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -40,12 +40,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- unless htpasswd_file.to_s == 'absent' then -%> @@ -103,12 +98,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ @@ -179,12 +169,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- unless htpasswd_file.to_s == 'absent' then -%> @@ -249,12 +234,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- if htpasswd_file.to_s == 'absent' then -%> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index 4531d9f..ae70a00 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -40,12 +40,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- if php_safe_mode.to_s == 'false' -%> php_admin_flag safe_mode Off @@ -106,12 +101,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- if php_safe_mode.to_s == 'false' -%> php_admin_flag safe_mode Off @@ -184,12 +174,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end -%> <%- end -%> @@ -244,12 +229,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end -%> diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index 01ba2fb..7300695 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -39,12 +39,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> @@ -127,12 +122,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> @@ -228,12 +218,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> # Protect files and directories from prying eyes. @@ -306,12 +291,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> # Protect files and directories from prying eyes. diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb index db4068d..22d56ad 100644 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ b/templates/vhosts/php_gallery2/php_gallery2.erb @@ -40,12 +40,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on php_admin_flag safe_mode Off php_admin_value output_buffering Off @@ -114,12 +109,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on php_admin_flag safe_mode Off php_admin_value output_buffering Off @@ -200,12 +190,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> # Always rewrite login's # Source: http://gallery.menalto.com/node/30558 @@ -270,12 +255,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> # Always rewrite login's (see above) RewriteEngine On RewriteCond %{HTTP_COOKIE} ="" diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index 09d1bda..dfb8136 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -42,12 +42,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> @@ -118,12 +113,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> @@ -195,12 +185,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> /administrator/"> RewriteEngine on @@ -266,12 +251,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end -%> diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index b913c10..af0ae8c 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -40,12 +40,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%><%- unless options.to_s.include?('+FollowSymLinks') -%> +FollowSymLinks<% end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on php_admin_value safe_mode off <%- unless php_default_charset.to_s == 'absent' then -%> @@ -102,12 +97,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on php_admin_value safe_mode off <%- unless php_default_charset.to_s == 'absent' then -%> @@ -175,12 +165,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%><%- unless options.to_s.include?('+FollowSymLinks') -%> +FollowSymLinks<% end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end -%> <%- end -%> @@ -237,12 +222,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end -%> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index 19f48d1..eaf944a 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -44,12 +44,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> @@ -125,12 +120,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> @@ -223,12 +213,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> # silverstripe .htaccess Order deny,allow @@ -299,12 +284,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> # silverstripe .htaccess diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index ebab10d..5d7c87e 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -40,12 +40,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> @@ -100,12 +95,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> @@ -172,12 +162,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end -%> <%- end -%> @@ -232,12 +217,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end -%> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index 48a6774..a4ffd19 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -40,12 +40,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- if php_safe_mode.to_s == 'false' -%> php_admin_flag safe_mode Off @@ -106,12 +101,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- if php_safe_mode.to_s == 'false' -%> php_admin_flag safe_mode Off @@ -184,12 +174,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end -%> <%- end -%> @@ -244,12 +229,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end -%> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index 1fd5a1a..1fec8e7 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -40,12 +40,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> @@ -113,12 +108,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> @@ -190,12 +180,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> /typo3/"> RewriteEngine on @@ -259,12 +244,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end -%> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index 9180d9a..fe713c8 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -40,12 +40,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> @@ -102,12 +97,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> @@ -177,12 +167,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end -%> <%- end -%> @@ -237,12 +222,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end -%> diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb index bb31b6b..1b1afd0 100644 --- a/templates/vhosts/proxy/proxy.erb +++ b/templates/vhosts/proxy/proxy.erb @@ -19,12 +19,7 @@ Order deny,allow Allow from all - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> ProxyRequests Off ProxyPass / <%= options %>/ @@ -60,12 +55,7 @@ Order deny,allow Allow from all - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> ProxyRequests Off ProxyPass / <%= options %>/ diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index 05760d6..db5f102 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -26,12 +26,7 @@ Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- end -%> @@ -64,21 +59,14 @@ Header add Strict-Transport-Security "max-age=15768000" - <%- if options.to_s != 'absent' or htpasswd_file.to_s != 'absent' then -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> Options <%= options %><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - <%- end %> <%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index 30d76e3..eb12e36 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -45,12 +45,7 @@ Options Indexes <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- if ldap_auth.to_s == 'true' then -%> Include include.d/ldap_auth.inc <%- unless ldap_user.to_s == 'any' -%> @@ -111,12 +106,7 @@ Options Indexes <%- end -%> - <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> <%- if ldap_auth.to_s == 'true' then -%> Include include.d/ldap_auth.inc <%- unless ldap_user.to_s == 'any' -%> -- cgit v1.2.3 From 29517a83414f478a0e28a9fc57b178e35e9ba112 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 17 May 2011 23:42:56 +0200 Subject: this is now in the include file --- templates/vhosts/gitweb/gitweb.erb | 8 +++----- templates/vhosts/partials/header_default.erb | 15 +++++++++------ templates/vhosts/perl/perl.erb | 4 ---- templates/vhosts/php/php.erb | 4 ---- templates/vhosts/php_drupal/php_drupal.erb | 4 ---- templates/vhosts/php_gallery2/php_gallery2.erb | 4 ---- templates/vhosts/php_joomla/php_joomla.erb | 4 ---- templates/vhosts/php_mediawiki/php_mediawiki.erb | 6 ------ templates/vhosts/php_silverstripe/php_silverstripe.erb | 4 ---- templates/vhosts/php_simplemachine/php_simplemachine.erb | 4 ---- templates/vhosts/php_spip/php_spip.erb | 4 ---- templates/vhosts/php_typo3/php_typo3.erb | 4 ---- templates/vhosts/php_wordpress/php_wordpress.erb | 4 ---- templates/vhosts/proxy/proxy.erb | 2 -- templates/vhosts/redirect/redirect.erb | 2 -- templates/vhosts/static/static.erb | 2 -- templates/vhosts/webdav/webdav.erb | 4 ---- 17 files changed, 12 insertions(+), 67 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index 5bcfeb5..6024d65 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -10,11 +10,11 @@ ServerAdmin <%= server_admin %> <%- end -%> DocumentRoot <%= documentroot %>/ - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> + +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On RewriteCond %{HTTPS} !=on @@ -63,13 +63,11 @@ ServerAdmin <%= server_admin %> <%- end -%> DocumentRoot <%= documentroot %>/ - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" +<%= scope.function_template('apache/vhosts/partials/logs.erb') %> SetEnv GITWEB_CONFIG <%= gitweb_config %> DirectoryIndex gitweb.cgi diff --git a/templates/vhosts/partials/header_default.erb b/templates/vhosts/partials/header_default.erb index 32eb006..05b2122 100644 --- a/templates/vhosts/partials/header_default.erb +++ b/templates/vhosts/partials/header_default.erb @@ -1,12 +1,15 @@ Include include.d/defaults.inc - <% if vhost_part == :ssl -%> +<% if vhost_part == :ssl -%> Include include.d/ssl_defaults.inc - <% end -%> +<% end -%> ServerName <%= servername %> - <% unless serveralias.to_s.empty? || (serveralias.to_s == 'absent') -%> +<% unless serveralias.to_s.empty? || (serveralias.to_s == 'absent') -%> ServerAlias <%= serveralias %> - <% end -%> - <% unless server_admin.to_s.empty? || (server_admin.to_s == 'absent') -%> +<% end -%> +<% unless server_admin.to_s.empty? || (server_admin.to_s == 'absent') -%> ServerAdmin <%= server_admin %> - <% end -%> +<% end -%> DocumentRoot <%= documentroot %>/ +<% if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> +<% end -%> \ No newline at end of file diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index 1b49d62..ca46e80 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -84,8 +84,6 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> @@ -225,8 +223,6 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - <%- unless run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index ae70a00..851bd52 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -93,8 +93,6 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -220,8 +218,6 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index 7300695..9fbda55 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -114,8 +114,6 @@ <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -282,8 +280,6 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb index 22d56ad..d936445 100644 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ b/templates/vhosts/php_gallery2/php_gallery2.erb @@ -101,8 +101,6 @@ <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -246,8 +244,6 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index dfb8136..b83d910 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -103,8 +103,6 @@ <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - /"> Include include.d/joomla.inc @@ -240,8 +238,6 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - <%- if run_mode.to_s == 'static-itk' -%> /"> Include include.d/joomla.inc diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index af0ae8c..e8252b9 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -89,8 +89,6 @@ <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -210,10 +208,6 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> - <%- end -%> - <%- if ssl_mode.to_s == 'force' then -%> - Header add Strict-Transport-Security "max-age=15768000" - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index eaf944a..dcc40aa 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -112,8 +112,6 @@ <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -275,8 +273,6 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index 5d7c87e..df04f77 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -87,8 +87,6 @@ <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -208,8 +206,6 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index a4ffd19..644c743 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -93,8 +93,6 @@ <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -220,8 +218,6 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index 1fec8e7..fd7d530 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -100,8 +100,6 @@ <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -235,8 +233,6 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index fe713c8..b8d7b5e 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -89,8 +89,6 @@ <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -213,8 +211,6 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb index 1b1afd0..d89fb80 100644 --- a/templates/vhosts/proxy/proxy.erb +++ b/templates/vhosts/proxy/proxy.erb @@ -48,8 +48,6 @@ <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - Header add Strict-Transport-Security "max-age=15768000" - <%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> diff --git a/templates/vhosts/redirect/redirect.erb b/templates/vhosts/redirect/redirect.erb index 43cfa02..c9729d3 100644 --- a/templates/vhosts/redirect/redirect.erb +++ b/templates/vhosts/redirect/redirect.erb @@ -35,8 +35,6 @@ <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - Header add Strict-Transport-Security "max-age=15768000" - Redirect permanent / https://<%= options %> diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index db5f102..287f413 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -57,8 +57,6 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index eb12e36..61ac41d 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -93,8 +93,6 @@ <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - DAVLockDB <%= real_dav_db_dir %>/DAVLock /"> Dav on @@ -191,8 +189,6 @@ AddDefaultCharset <%= default_charset %> <%- end -%> - Header add Strict-Transport-Security "max-age=15768000" - <%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> -- cgit v1.2.3 From 58847f6375cffe9c1018a7b51d5062b86796a534 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 18 May 2011 00:13:25 +0200 Subject: move header to partials --- templates/vhosts/gitweb/gitweb.erb | 31 ++------- templates/vhosts/perl/perl.erb | 73 +++------------------- templates/vhosts/php/php.erb | 72 +++------------------ templates/vhosts/php_drupal/php_drupal.erb | 63 +++---------------- templates/vhosts/php_gallery2/php_gallery2.erb | 72 +++------------------ templates/vhosts/php_joomla/php_joomla.erb | 55 +++------------- templates/vhosts/php_mediawiki/php_mediawiki.erb | 72 +++------------------ .../vhosts/php_silverstripe/php_silverstripe.erb | 70 +++------------------ .../vhosts/php_simplemachine/php_simplemachine.erb | 72 +++------------------ templates/vhosts/php_spip/php_spip.erb | 68 +++----------------- templates/vhosts/php_typo3/php_typo3.erb | 72 +++------------------ templates/vhosts/php_wordpress/php_wordpress.erb | 72 +++------------------ templates/vhosts/proxy/proxy.erb | 22 ++----- templates/vhosts/redirect/redirect.erb | 22 ++----- templates/vhosts/static/static.erb | 28 ++------- templates/vhosts/webdav/webdav.erb | 65 +++---------------- 16 files changed, 140 insertions(+), 789 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index 6024d65..a53120b 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -1,18 +1,8 @@ # <%= servername %> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> + <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> @@ -53,19 +43,10 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index ca46e80..35188aa 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -4,16 +4,7 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -22,10 +13,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -66,23 +53,12 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -123,20 +99,8 @@ <%- unless ssl_mode.to_s == 'only' then -%> - - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> DirectoryIndex index.htm index.html index.pl - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -154,10 +118,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' then -%> <%- if not ssl_mode.to_s == 'force' then -%> @@ -192,20 +152,11 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.pl - <%- end -%> ProxyPreserveHost On ProxyRequests off @@ -218,10 +169,6 @@ ProxyPassReverse / https://127.0.0.1/ <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- unless run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index 851bd52..c0e715c 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -4,16 +4,7 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -28,10 +19,6 @@ AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -69,17 +56,10 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -88,10 +68,6 @@ AssignUserId <%= run_uid+" "+run_gid %> - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> /"> AllowOverride <%= allow_override %> @@ -129,19 +105,8 @@ <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -159,10 +124,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' then -%> <%- if not ssl_mode.to_s == 'force' then -%> @@ -187,20 +148,11 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -214,10 +166,6 @@ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index 9fbda55..304e8b1 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -4,16 +4,7 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> @@ -90,23 +81,13 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -172,19 +153,8 @@ <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -249,20 +219,11 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -275,10 +236,6 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb index d936445..b351e9f 100644 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ b/templates/vhosts/php_gallery2/php_gallery2.erb @@ -4,16 +4,7 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -22,10 +13,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -77,23 +64,12 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -145,19 +121,8 @@ <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -175,10 +140,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' then -%> <%- if not ssl_mode.to_s == 'force' then -%> @@ -213,20 +174,11 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -239,10 +191,6 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index b83d910..35532da 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -4,16 +4,7 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -22,10 +13,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -78,24 +65,13 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -207,20 +183,11 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -233,10 +200,6 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index e8252b9..6803ed7 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -4,16 +4,7 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -22,10 +13,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -64,24 +51,13 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -120,19 +96,8 @@ <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -150,10 +115,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' then -%> <%- if not ssl_mode.to_s == 'force' then -%> @@ -178,20 +139,11 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -205,10 +157,6 @@ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index dcc40aa..71da476 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -4,16 +4,7 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -27,10 +18,6 @@ RedirectMatch /admin(.*) https://<%= servername %>/admin$1 RedirectMatch /Security(.*) https://<%= servername %>/Security$1 - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> @@ -89,22 +76,12 @@ <%- unless ssl_mode.to_s == 'false' then -%> Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -164,19 +141,8 @@ <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -199,10 +165,6 @@ RedirectMatch /admin(.*) https://<%= servername %>/admin$1 RedirectMatch /Security(.*) https://<%= servername %>/Security$1 - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - - <%- end -%> <%- if run_mode.to_s == 'static-itk' then -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -243,19 +205,11 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -268,10 +222,6 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index df04f77..abef976 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -4,16 +4,7 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -22,10 +13,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -63,23 +50,12 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -117,19 +93,8 @@ <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -147,10 +112,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' then -%> <%- if not ssl_mode.to_s == 'force' then -%> @@ -175,20 +136,11 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -201,10 +153,6 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index 644c743..b4542bc 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -4,16 +4,7 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -22,10 +13,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -69,23 +56,12 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -129,19 +105,8 @@ <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -159,10 +124,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' then -%> <%- if not ssl_mode.to_s == 'force' then -%> @@ -187,20 +148,11 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index fd7d530..88e47ab 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -4,16 +4,7 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> @@ -22,10 +13,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -76,23 +63,12 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -135,19 +111,8 @@ <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -165,10 +130,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' then -%> <%- if not ssl_mode.to_s == 'force' then -%> @@ -202,20 +163,11 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -228,10 +180,6 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index b8d7b5e..ef1fd82 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -4,16 +4,7 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -22,10 +13,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -65,23 +52,12 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -122,19 +98,8 @@ <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -152,10 +117,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' then -%> <%- if not ssl_mode.to_s == 'force' then -%> @@ -180,20 +141,11 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -206,10 +158,6 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb index d89fb80..b99d685 100644 --- a/templates/vhosts/proxy/proxy.erb +++ b/templates/vhosts/proxy/proxy.erb @@ -1,14 +1,7 @@ # <%= servername %> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> @@ -36,15 +29,10 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> diff --git a/templates/vhosts/redirect/redirect.erb b/templates/vhosts/redirect/redirect.erb index c9729d3..c788fdd 100644 --- a/templates/vhosts/redirect/redirect.erb +++ b/templates/vhosts/redirect/redirect.erb @@ -1,14 +1,7 @@ # <%= servername %> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> @@ -23,15 +16,10 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index 287f413..bbe8527 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -1,15 +1,7 @@ # <%= servername %> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> @@ -40,22 +32,12 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index 61ac41d..4b44298 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -4,16 +4,7 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -23,10 +14,7 @@ RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> @@ -69,23 +57,12 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -129,15 +106,7 @@ <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -151,10 +120,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> @@ -166,16 +131,10 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc - Include include.d/ssl_defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:ssl) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -184,10 +143,6 @@ SSLProxyEngine On ProxyPass / https://127.0.0.1/ ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> -- cgit v1.2.3 From c60153ac9850c9d3312db1f18abef60c495dee20 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 18 May 2011 00:26:33 +0200 Subject: fix template typo from a previous copy&paste error --- templates/vhosts/php_wordpress/php_wordpress.erb | 1 + 1 file changed, 1 insertion(+) (limited to 'templates') diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index ef1fd82..3b06fae 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -43,6 +43,7 @@ <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> + <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> -- cgit v1.2.3 From 7d5eae278c87136bc26f1d312b599b79f5782ee6 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 18 May 2011 00:40:27 +0200 Subject: we need to set the var also vor http parts --- templates/vhosts/gitweb/gitweb.erb | 5 ++++- templates/vhosts/perl/perl.erb | 10 +++++++-- templates/vhosts/php/php.erb | 10 +++++++-- templates/vhosts/php_drupal/php_drupal.erb | 18 +++++++--------- templates/vhosts/php_gallery2/php_gallery2.erb | 10 +++++++-- templates/vhosts/php_joomla/php_joomla.erb | 25 +++++++--------------- templates/vhosts/php_mediawiki/php_mediawiki.erb | 10 +++++++-- .../vhosts/php_silverstripe/php_silverstripe.erb | 11 +++++++--- .../vhosts/php_simplemachine/php_simplemachine.erb | 10 +++++++-- templates/vhosts/php_spip/php_spip.erb | 14 ++++++------ templates/vhosts/php_typo3/php_typo3.erb | 10 +++++++-- templates/vhosts/php_wordpress/php_wordpress.erb | 10 +++++++-- templates/vhosts/proxy/proxy.erb | 5 ++++- templates/vhosts/redirect/redirect.erb | 5 ++++- templates/vhosts/static/static.erb | 5 ++++- templates/vhosts/webdav/webdav.erb | 10 +++++++-- 16 files changed, 112 insertions(+), 56 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index a53120b..570c42b 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -1,7 +1,10 @@ # <%= servername %> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index 35188aa..e66981a 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -4,7 +4,10 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -99,7 +102,10 @@ <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.pl <%= scope.function_template('apache/vhosts/partials/logs.erb') %> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index c0e715c..b722b1e 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -4,7 +4,10 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -105,7 +108,10 @@ <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php <%= scope.function_template('apache/vhosts/partials/logs.erb') %> diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index 304e8b1..0e6faae 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -4,7 +4,10 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> @@ -12,10 +15,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -153,7 +152,10 @@ <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -174,10 +176,6 @@ <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - - <%- end -%> <%- if run_mode.to_s == 'static-itk' then -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb index b351e9f..5935b44 100644 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ b/templates/vhosts/php_gallery2/php_gallery2.erb @@ -4,7 +4,10 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -121,7 +124,10 @@ <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php <%= scope.function_template('apache/vhosts/partials/logs.erb') %> diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index 35532da..a0e013d 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -4,7 +4,10 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -114,19 +117,11 @@ <%- unless ssl_mode.to_s == 'only' then -%> - Include include.d/defaults.inc - - ServerName <%= servername %> - <%- unless serveralias.to_s.empty? then -%> - ServerAlias <%= serveralias %> - <%- end -%> - <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> - ServerAdmin <%= server_admin %> - <%- end -%> - <%- if run_mode.to_s == 'static-itk' -%> - DocumentRoot <%= documentroot %>/ +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php - <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -144,10 +139,6 @@ RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if default_charset.to_s != 'absent' then -%> - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' then -%> <%- if not ssl_mode.to_s == 'force' then -%> diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index 6803ed7..12830b5 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -4,7 +4,10 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -96,7 +99,10 @@ <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php <%= scope.function_template('apache/vhosts/partials/logs.erb') %> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index 71da476..e72c603 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -4,7 +4,10 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -75,7 +78,6 @@ <%- unless ssl_mode.to_s == 'false' then -%> - Include include.d/defaults.inc <% scope.unsetvar('vhost_part') scope.setvar('vhost_part',:ssl) -%> <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> @@ -141,7 +143,10 @@ <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php <%= scope.function_template('apache/vhosts/partials/logs.erb') %> diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index abef976..5316267 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -4,7 +4,10 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -93,7 +96,10 @@ <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php <%= scope.function_template('apache/vhosts/partials/logs.erb') %> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index b4542bc..9f93c18 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -4,7 +4,10 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -105,7 +108,10 @@ <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -165,10 +171,6 @@ ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ - <%- if default_charset.to_s != 'absent' then -%> - - AddDefaultCharset <%= default_charset %> - <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index 88e47ab..b1a632f 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -4,7 +4,10 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> @@ -111,7 +114,10 @@ <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php <%= scope.function_template('apache/vhosts/partials/logs.erb') %> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index 3b06fae..2811749 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -4,7 +4,10 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -99,7 +102,10 @@ <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> DirectoryIndex index.htm index.html index.php <%= scope.function_template('apache/vhosts/partials/logs.erb') %> diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb index b99d685..622dd43 100644 --- a/templates/vhosts/proxy/proxy.erb +++ b/templates/vhosts/proxy/proxy.erb @@ -1,7 +1,10 @@ # <%= servername %> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> diff --git a/templates/vhosts/redirect/redirect.erb b/templates/vhosts/redirect/redirect.erb index c788fdd..6fc6922 100644 --- a/templates/vhosts/redirect/redirect.erb +++ b/templates/vhosts/redirect/redirect.erb @@ -1,7 +1,10 @@ # <%= servername %> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index bbe8527..e8e278b 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -1,7 +1,10 @@ # <%= servername %> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index 4b44298..ad5f5e4 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -4,7 +4,10 @@ <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> @@ -106,7 +109,10 @@ <%- unless ssl_mode.to_s == 'only' then -%> -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') + scope.setvar('vhost_part',:normal) -%> + <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<% scope.unsetvar('vhost_part') -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> -- cgit v1.2.3 From 9c79c0f782204bceb305ebde1d088344c61fe827 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 18 May 2011 01:04:01 +0200 Subject: woraround that redirects do not have a documentroot --- templates/vhosts/partials/header_default.erb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'templates') diff --git a/templates/vhosts/partials/header_default.erb b/templates/vhosts/partials/header_default.erb index 05b2122..eff83cf 100644 --- a/templates/vhosts/partials/header_default.erb +++ b/templates/vhosts/partials/header_default.erb @@ -9,7 +9,9 @@ <% unless server_admin.to_s.empty? || (server_admin.to_s == 'absent') -%> ServerAdmin <%= server_admin %> <% end -%> +<% unless documentroot.to_s == 'really_absent' -%> DocumentRoot <%= documentroot %>/ +<% end -%> <% if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <% end -%> \ No newline at end of file -- cgit v1.2.3 From 34df80bc271f7ed17de879e82b54f31a98926e08 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 28 May 2011 11:32:39 +0200 Subject: first work on php_settings via hash --- templates/vhosts/partials/php_settings.erb | 7 +++++++ templates/vhosts/php_gallery2/php_gallery2.erb | 13 +------------ 2 files changed, 8 insertions(+), 12 deletions(-) create mode 100644 templates/vhosts/partials/php_settings.erb (limited to 'templates') diff --git a/templates/vhosts/partials/php_settings.erb b/templates/vhosts/partials/php_settings.erb new file mode 100644 index 0000000..be4662a --- /dev/null +++ b/templates/vhosts/partials/php_settings.erb @@ -0,0 +1,7 @@ +<% php_settings.each do |key,value| -%> +<% if ['on','off' ].include?(value.downcase) -%> + php_admin_flag <%= key %> <%= value %> +<% else -%> + php_admin_value <%= key %> <%= value %> +<% end -%> +<% end -%> \ No newline at end of file diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb index 5935b44..b0a6591 100644 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ b/templates/vhosts/php_gallery2/php_gallery2.erb @@ -31,18 +31,7 @@ <%- end -%> <%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - php_admin_flag safe_mode Off - php_admin_value output_buffering Off - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %><%= ":#{real_upload_dir.to_s}" if upload_dir.to_s != 'absent' %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> +<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> # Always rewrite login's # Source: http://gallery.menalto.com/node/30558 RewriteEngine On -- cgit v1.2.3 From 9f52ab2655acccd47cf7e3a824b603c5d6846f35 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 12:31:14 +0200 Subject: migrating a first part over to the new partial style --- templates/vhosts/gitweb/gitweb.erb | 83 ---------------------------------- templates/vhosts/gitweb/partial.erb | 18 ++++++++ templates/vhosts/proxy/CentOS.erb | 1 - templates/vhosts/proxy/Debian.erb | 1 - templates/vhosts/proxy/OpenBSD.erb | 1 - templates/vhosts/proxy/partial.erb | 8 ++++ templates/vhosts/proxy/proxy.erb | 57 ----------------------- templates/vhosts/redirect/partial.erb | 1 + templates/vhosts/redirect/redirect.erb | 32 ------------- templates/vhosts/static/CentOS.erb | 1 - templates/vhosts/static/Debian.erb | 1 - templates/vhosts/static/OpenBSD.erb | 1 - templates/vhosts/static/partial.erb | 8 ++++ templates/vhosts/static/static.erb | 60 ------------------------ 14 files changed, 35 insertions(+), 238 deletions(-) delete mode 100644 templates/vhosts/gitweb/gitweb.erb create mode 100644 templates/vhosts/gitweb/partial.erb delete mode 120000 templates/vhosts/proxy/CentOS.erb delete mode 120000 templates/vhosts/proxy/Debian.erb delete mode 120000 templates/vhosts/proxy/OpenBSD.erb create mode 100644 templates/vhosts/proxy/partial.erb delete mode 100644 templates/vhosts/proxy/proxy.erb create mode 100644 templates/vhosts/redirect/partial.erb delete mode 100644 templates/vhosts/redirect/redirect.erb delete mode 120000 templates/vhosts/static/CentOS.erb delete mode 120000 templates/vhosts/static/Debian.erb delete mode 120000 templates/vhosts/static/OpenBSD.erb create mode 100644 templates/vhosts/static/partial.erb delete mode 100644 templates/vhosts/static/static.erb (limited to 'templates') diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb deleted file mode 100644 index 570c42b..0000000 --- a/templates/vhosts/gitweb/gitweb.erb +++ /dev/null @@ -1,83 +0,0 @@ -# <%= servername %> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - - SetEnv GITWEB_CONFIG <%= gitweb_config %> - DirectoryIndex gitweb.cgi - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%><%- unless options.include?('+ExecCGI') then -%> +ExecCGI<%- end -%> - <%- end -%> - - AddHandler cgi-script .cgi - - Options ExecCGI FollowSymLinks - SetHandler cgi-script - - RewriteEngine on - RewriteRule ^[a-zA-Z0-9_-]+.git/?(\?.)?$ /gitweb.cgi%{REQUESTURI} [L,PT] - -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - SetEnv GITWEB_CONFIG <%= gitweb_config %> - DirectoryIndex gitweb.cgi - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%><%- unless options.include?('+ExecCGI') then -%> +ExecCGI<%- end -%> - <%- end -%> - - AddHandler cgi-script .cgi - - Options ExecCGI FollowSymLinks - SetHandler cgi-script - - RewriteEngine on - RewriteRule ^[a-zA-Z0-9_-]+.git/?(\?.)?$ /gitweb.cgi%{REQUESTURI} [L,PT] - -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - - <%- end %> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> diff --git a/templates/vhosts/gitweb/partial.erb b/templates/vhosts/gitweb/partial.erb new file mode 100644 index 0000000..593aaff --- /dev/null +++ b/templates/vhosts/gitweb/partial.erb @@ -0,0 +1,18 @@ + SetEnv GITWEB_CONFIG <%= gitweb_config %> + DirectoryIndex gitweb.cgi + <%- if not ssl_mode.to_s == 'force' then -%> + /"> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%><%- unless options.include?('+ExecCGI') then -%> +ExecCGI<%- end -%> + <%- end -%> + + AddHandler cgi-script .cgi + + Options ExecCGI FollowSymLinks + SetHandler cgi-script + + RewriteEngine on + RewriteRule ^[a-zA-Z0-9_-]+.git/?(\?.)?$ /gitweb.cgi%{REQUESTURI} [L,PT] + +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + \ No newline at end of file diff --git a/templates/vhosts/proxy/CentOS.erb b/templates/vhosts/proxy/CentOS.erb deleted file mode 120000 index 15a1b7c..0000000 --- a/templates/vhosts/proxy/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -proxy.erb \ No newline at end of file diff --git a/templates/vhosts/proxy/Debian.erb b/templates/vhosts/proxy/Debian.erb deleted file mode 120000 index 15a1b7c..0000000 --- a/templates/vhosts/proxy/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -proxy.erb \ No newline at end of file diff --git a/templates/vhosts/proxy/OpenBSD.erb b/templates/vhosts/proxy/OpenBSD.erb deleted file mode 120000 index 15a1b7c..0000000 --- a/templates/vhosts/proxy/OpenBSD.erb +++ /dev/null @@ -1 +0,0 @@ -proxy.erb \ No newline at end of file diff --git a/templates/vhosts/proxy/partial.erb b/templates/vhosts/proxy/partial.erb new file mode 100644 index 0000000..f0d4c9d --- /dev/null +++ b/templates/vhosts/proxy/partial.erb @@ -0,0 +1,8 @@ + + Order deny,allow + Allow from all +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + + ProxyRequests Off + ProxyPass / <%= options %>/ + ProxyPassReverse / <%= options %>/ \ No newline at end of file diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb deleted file mode 100644 index 622dd43..0000000 --- a/templates/vhosts/proxy/proxy.erb +++ /dev/null @@ -1,57 +0,0 @@ -# <%= servername %> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <% else -%> - - Order deny,allow - Allow from all -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - ProxyRequests Off - ProxyPass / <%= options %>/ - ProxyPassReverse / <%= options %>/ - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - - Order deny,allow - Allow from all -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - ProxyRequests Off - ProxyPass / <%= options %>/ - ProxyPassReverse / <%= options %>/ - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> diff --git a/templates/vhosts/redirect/partial.erb b/templates/vhosts/redirect/partial.erb new file mode 100644 index 0000000..bd012c8 --- /dev/null +++ b/templates/vhosts/redirect/partial.erb @@ -0,0 +1 @@ + Redirect permanent / https://<%= options %> \ No newline at end of file diff --git a/templates/vhosts/redirect/redirect.erb b/templates/vhosts/redirect/redirect.erb deleted file mode 100644 index 6fc6922..0000000 --- a/templates/vhosts/redirect/redirect.erb +++ /dev/null @@ -1,32 +0,0 @@ -# <%= servername %> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <% else -%> - Redirect permanent / http://<%= options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - Redirect permanent / https://<%= options %> - - -<%- end -%> diff --git a/templates/vhosts/static/CentOS.erb b/templates/vhosts/static/CentOS.erb deleted file mode 120000 index f10517f..0000000 --- a/templates/vhosts/static/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -static.erb \ No newline at end of file diff --git a/templates/vhosts/static/Debian.erb b/templates/vhosts/static/Debian.erb deleted file mode 120000 index f10517f..0000000 --- a/templates/vhosts/static/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -static.erb \ No newline at end of file diff --git a/templates/vhosts/static/OpenBSD.erb b/templates/vhosts/static/OpenBSD.erb deleted file mode 120000 index f10517f..0000000 --- a/templates/vhosts/static/OpenBSD.erb +++ /dev/null @@ -1 +0,0 @@ -static.erb \ No newline at end of file diff --git a/templates/vhosts/static/partial.erb b/templates/vhosts/static/partial.erb new file mode 100644 index 0000000..03bd2f8 --- /dev/null +++ b/templates/vhosts/static/partial.erb @@ -0,0 +1,8 @@ + /"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + \ No newline at end of file diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb deleted file mode 100644 index e8e278b..0000000 --- a/templates/vhosts/static/static.erb +++ /dev/null @@ -1,60 +0,0 @@ -# <%= servername %> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%= options %><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -- cgit v1.2.3 From 24c047d1cfc54c003eef7445e177e28f373c1da4 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 12:40:46 +0200 Subject: remove an unnecessary template --- templates/modules_dir_00_default_settings_ServerName.conf.erb | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 templates/modules_dir_00_default_settings_ServerName.conf.erb (limited to 'templates') diff --git a/templates/modules_dir_00_default_settings_ServerName.conf.erb b/templates/modules_dir_00_default_settings_ServerName.conf.erb deleted file mode 100644 index 93c048a..0000000 --- a/templates/modules_dir_00_default_settings_ServerName.conf.erb +++ /dev/null @@ -1,2 +0,0 @@ -ServerName <%= fqdn %> - -- cgit v1.2.3 From 2fa748dcc92e34b13bd4b6f7e452ef89b29490c4 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 19:22:40 +0200 Subject: introduce a new template style, less duplicated things, more handy options --- templates/vhosts/default.erb | 19 +- templates/vhosts/itk_plus.erb | 10 + templates/vhosts/itk_plus/partial.erb | 32 +++ templates/vhosts/partials/php_settings.erb | 18 +- templates/vhosts/partials/std_override_options.erb | 4 + templates/vhosts/perl/partial.erb | 15 ++ templates/vhosts/perl/perl.erb | 208 ---------------- templates/vhosts/php/CentOS.erb | 1 - templates/vhosts/php/Debian.erb | 1 - templates/vhosts/php/partial.erb | 7 + templates/vhosts/php/php.erb | 195 --------------- templates/vhosts/php_drupal/partial.erb | 26 ++ templates/vhosts/php_drupal/php_drupal.erb | 275 --------------------- templates/vhosts/php_gallery2/CentOS.erb | 1 - templates/vhosts/php_gallery2/Debian.erb | 1 - templates/vhosts/php_gallery2/partial.erb | 16 ++ templates/vhosts/php_gallery2/php_gallery2.erb | 215 ---------------- templates/vhosts/php_joomla/CentOS.erb | 1 - templates/vhosts/php_joomla/Debian.erb | 1 - templates/vhosts/php_joomla/php_joomla.erb | 205 +-------------- templates/vhosts/php_mediawiki/CentOS.erb | 1 - templates/vhosts/php_mediawiki/Debian.erb | 1 - templates/vhosts/php_mediawiki/php_mediawiki.erb | 185 -------------- templates/vhosts/php_silverstripe/partial.erb | 16 ++ .../vhosts/php_silverstripe/php_silverstripe.erb | 268 -------------------- templates/vhosts/php_simplemachine/CentOS.erb | 1 - templates/vhosts/php_simplemachine/Debian.erb | 1 - .../vhosts/php_simplemachine/php_simplemachine.erb | 182 -------------- templates/vhosts/php_spip/CentOS.erb | 1 - templates/vhosts/php_spip/Debian.erb | 1 - templates/vhosts/php_spip/php_spip.erb | 194 --------------- templates/vhosts/php_typo3/partial.erb | 10 + templates/vhosts/php_typo3/php_typo3.erb | 209 ---------------- templates/vhosts/php_wordpress/CentOS.erb | 1 - templates/vhosts/php_wordpress/Debian.erb | 1 - templates/vhosts/php_wordpress/php_wordpress.erb | 189 -------------- templates/vhosts/static/partial.erb | 5 +- templates/vhosts/webdav/partial.erb | 21 ++ templates/vhosts/webdav/webdav.erb | 161 ------------ 39 files changed, 188 insertions(+), 2511 deletions(-) create mode 100644 templates/vhosts/itk_plus.erb create mode 100644 templates/vhosts/itk_plus/partial.erb create mode 100644 templates/vhosts/partials/std_override_options.erb create mode 100644 templates/vhosts/perl/partial.erb delete mode 100644 templates/vhosts/perl/perl.erb delete mode 120000 templates/vhosts/php/CentOS.erb delete mode 120000 templates/vhosts/php/Debian.erb create mode 100644 templates/vhosts/php/partial.erb delete mode 100644 templates/vhosts/php/php.erb create mode 100644 templates/vhosts/php_drupal/partial.erb delete mode 100644 templates/vhosts/php_drupal/php_drupal.erb delete mode 120000 templates/vhosts/php_gallery2/CentOS.erb delete mode 120000 templates/vhosts/php_gallery2/Debian.erb create mode 100644 templates/vhosts/php_gallery2/partial.erb delete mode 100644 templates/vhosts/php_gallery2/php_gallery2.erb delete mode 120000 templates/vhosts/php_joomla/CentOS.erb delete mode 120000 templates/vhosts/php_joomla/Debian.erb delete mode 120000 templates/vhosts/php_mediawiki/CentOS.erb delete mode 120000 templates/vhosts/php_mediawiki/Debian.erb delete mode 100644 templates/vhosts/php_mediawiki/php_mediawiki.erb create mode 100644 templates/vhosts/php_silverstripe/partial.erb delete mode 100644 templates/vhosts/php_silverstripe/php_silverstripe.erb delete mode 120000 templates/vhosts/php_simplemachine/CentOS.erb delete mode 120000 templates/vhosts/php_simplemachine/Debian.erb delete mode 100644 templates/vhosts/php_simplemachine/php_simplemachine.erb delete mode 120000 templates/vhosts/php_spip/CentOS.erb delete mode 120000 templates/vhosts/php_spip/Debian.erb delete mode 100644 templates/vhosts/php_spip/php_spip.erb create mode 100644 templates/vhosts/php_typo3/partial.erb delete mode 100644 templates/vhosts/php_typo3/php_typo3.erb delete mode 120000 templates/vhosts/php_wordpress/CentOS.erb delete mode 120000 templates/vhosts/php_wordpress/Debian.erb delete mode 100644 templates/vhosts/php_wordpress/php_wordpress.erb create mode 100644 templates/vhosts/webdav/partial.erb delete mode 100644 templates/vhosts/webdav/webdav.erb (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 4acb6b4..5ab1d26 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -1,8 +1,7 @@ <% vhost_parts = case ssl_mode when 'only' then [:ssl] - when false then [:normal] - when 'false' then [:normal] + when false,'false' then [:normal] else [:normal,:ssl] end vhost_parts.each do |vhost_part| @@ -15,6 +14,12 @@ vhost_parts.each do |vhost_part| <%= scope.function_template('apache/vhosts/partials/logs.erb') %> + <% if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> + + AssignUserId <%= run_uid+" "+run_gid %> + + + <% end -%> <% if ssl_mode == 'force' && vhost_part == :normal -%> RewriteEngine On RewriteCond %{HTTPS} !=on @@ -22,11 +27,11 @@ vhost_parts.each do |vhost_part| <% else -%> <%= scope.function_template(template_partial) %> <% end -%> - +<%- unless template_partial == 'apache/vhosts/itk_plus/partial.erb' -%> <%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> +<% end -%> +<% unless additional_options.to_s == 'absent' -%> <%= additional_options %> - <%- end -%> - <% end -%> + +<% end -%> \ No newline at end of file diff --git a/templates/vhosts/itk_plus.erb b/templates/vhosts/itk_plus.erb new file mode 100644 index 0000000..2890ecf --- /dev/null +++ b/templates/vhosts/itk_plus.erb @@ -0,0 +1,10 @@ + +<%= scope.function_template('apache/vhost/default.erb') %> + + +<% + scope.unsetvar('template_partial') + scope.setvar('template_partial','apache/vhosts/itk_plus/partial.erb') +-%> +<%= scope.function_template('apache/vhost/default.erb') %> + \ No newline at end of file diff --git a/templates/vhosts/itk_plus/partial.erb b/templates/vhosts/itk_plus/partial.erb new file mode 100644 index 0000000..e37e418 --- /dev/null +++ b/templates/vhosts/itk_plus/partial.erb @@ -0,0 +1,32 @@ + + ProxyPreserveHost On + ProxyRequests off +<% if vhost_part == :ssl -%> + SSLProxyEngine On + <%- if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.<%= passing_extension %>/?.*)$ https://127.0.0.1/$1 + <%- else -%> + ProxyPass / https://127.0.0.1/ + <%- end -%> + ProxyPassReverse / https://127.0.0.1/ +<% else -%> + <% if run_mode.to_s == 'static-itk' -%> + ProxyPassMatch ^/(.*\.<%= passing_extension %>/?.*)$ http://127.0.0.1/$1 + <% else -%> + ProxyPass / http://127.0.0.1/ + <% end -%> + ProxyPassReverse / http://127.0.0.1/ +<% end %> + + <% if run_mode.to_s == 'static-itk' && (ssl_mode.to_s != 'force' || vhost_part == :ssl) -%> + /"> + AllowOverride <%= allow_override %> + <% if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <% unless options.to_s == 'absent' then -%><%= options %><% end -%><% if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<% end -%> + + <% end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + + <% end -%> + + diff --git a/templates/vhosts/partials/php_settings.erb b/templates/vhosts/partials/php_settings.erb index be4662a..8d4fec4 100644 --- a/templates/vhosts/partials/php_settings.erb +++ b/templates/vhosts/partials/php_settings.erb @@ -1,7 +1,17 @@ -<% php_settings.each do |key,value| -%> -<% if ['on','off' ].include?(value.downcase) -%> - php_admin_flag <%= key %> <%= value %> +<% php_settings.each do |key,value| + dvalue = value.to_s.downcase + munged_value = if dvalue == 'true' + 'on' + elsif dvalue == 'false' + 'off' + elsif ['on','off'].include?(dvalue) + dvalue + else + value + end + if ['on','off' ].include?(munged_value) -%> + php_admin_flag <%= key %> <%= munged_value %> <% else -%> - php_admin_value <%= key %> <%= value %> + php_admin_value <%= key %> <%= munged_value %> <% end -%> <% end -%> \ No newline at end of file diff --git a/templates/vhosts/partials/std_override_options.erb b/templates/vhosts/partials/std_override_options.erb new file mode 100644 index 0000000..d43b042 --- /dev/null +++ b/templates/vhosts/partials/std_override_options.erb @@ -0,0 +1,4 @@ + AllowOverride <%= allow_override %> + <% if options.to_s != 'absent' || do_includes.to_s == 'true' -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><% end -%><% if do_includes.to_s == 'true' && !options.include?('+Includes') -%> +Includes<% end -%> + <% end -%> \ No newline at end of file diff --git a/templates/vhosts/perl/partial.erb b/templates/vhosts/perl/partial.erb new file mode 100644 index 0000000..f75bf3f --- /dev/null +++ b/templates/vhosts/perl/partial.erb @@ -0,0 +1,15 @@ + /"> +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> + +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + + + <% unless htpasswd_file.to_s == 'absent' -%> + /"> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + + <% end -%> + ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ \ No newline at end of file diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb deleted file mode 100644 index e66981a..0000000 --- a/templates/vhosts/perl/perl.erb +++ /dev/null @@ -1,208 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - - <%- unless htpasswd_file.to_s == 'absent' then -%> - /"> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - - <%- end -%> - ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - - ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ - <%- unless htpasswd_file.to_s == 'absent' then -%> - /"> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.pl - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.pl/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - - <%- unless htpasswd_file.to_s == 'absent' then -%> - /"> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - - <%- end -%> - ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.pl - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.pl/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- unless run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - - <%- if htpasswd_file.to_s == 'absent' then -%> - /"> - AuthType Basic - AuthName "Access fuer <%= servername %>" - AuthUserFile <%= real_htpasswd_path %> - require valid-user - - <%- end -%> - ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php/CentOS.erb b/templates/vhosts/php/CentOS.erb deleted file mode 120000 index ef6a366..0000000 --- a/templates/vhosts/php/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php.erb \ No newline at end of file diff --git a/templates/vhosts/php/Debian.erb b/templates/vhosts/php/Debian.erb deleted file mode 120000 index ef6a366..0000000 --- a/templates/vhosts/php/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php.erb \ No newline at end of file diff --git a/templates/vhosts/php/partial.erb b/templates/vhosts/php/partial.erb new file mode 100644 index 0000000..dae201a --- /dev/null +++ b/templates/vhosts/php/partial.erb @@ -0,0 +1,7 @@ + /"> +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> + +<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> + +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + \ No newline at end of file diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb deleted file mode 100644 index b722b1e..0000000 --- a/templates/vhosts/php/php.erb +++ /dev/null @@ -1,195 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- if php_safe_mode.to_s == 'false' -%> - php_admin_flag safe_mode Off - <%- end -%> - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%- if php_use_smarty.to_s == 'true' -%>/usr/share/php/Smarty/:<%- end -%><%- if php_use_pear.to_s == 'true' -%>/usr/share/pear/:<%- end -%><%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- if php_safe_mode.to_s == 'false' -%> - php_admin_flag safe_mode Off - <%- end -%> - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%- if php_use_smarty.to_s == 'true' -%>/usr/share/php/Smarty/:<%- end -%><%- if php_use_pear.to_s == 'true' -%>/usr/share/pear/:<%- end -%><%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> - diff --git a/templates/vhosts/php_drupal/partial.erb b/templates/vhosts/php_drupal/partial.erb new file mode 100644 index 0000000..07e0d94 --- /dev/null +++ b/templates/vhosts/php_drupal/partial.erb @@ -0,0 +1,26 @@ + /"> +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> + + +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + +<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> + + # Protect files and directories from prying eyes. + + Order allow,deny + + + # Customized error messages. + ErrorDocument 404 /index.php + + RewriteEngine on + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] + + /files/"> + SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 + Options None + Options +FollowSymLinks + diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb deleted file mode 100644 index 0e6faae..0000000 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ /dev/null @@ -1,275 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - php_value magic_quotes_gpc 0 - php_value register_globals 0 - php_value session.auto_start 0 - php_value mbstring.http_input pass - php_value mbstring.http_output pass - php_value mbstring.encoding_translation 0 - - # Protect files and directories from prying eyes. - - Order allow,deny - - - # Customized error messages. - ErrorDocument 404 /index.php - - RewriteEngine on - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] - - /files/"> - SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 - Options None - Options +FollowSymLinks - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - php_value magic_quotes_gpc 0 - php_value register_globals 0 - php_value session.auto_start 0 - php_value mbstring.http_input pass - php_value mbstring.http_output pass - php_value mbstring.encoding_translation 0 - - # Protect files and directories from prying eyes. - - Order allow,deny - - - # Customized error messages. - ErrorDocument 404 /index.php - - RewriteEngine on - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] - - /files/"> - SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 - Options None - Options +FollowSymLinks - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - # Protect files and directories from prying eyes. - - Order allow,deny - - - # Customized error messages. - ErrorDocument 404 /index.php - - RewriteEngine on - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] - - /files/"> - SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 - Options None - Options +FollowSymLinks - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - # Protect files and directories from prying eyes. - - Order allow,deny - - - # Customized error messages. - ErrorDocument 404 /index.php - - RewriteEngine on - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] - - /files/"> - SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 - Options None - Options +FollowSymLinks - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php_gallery2/CentOS.erb b/templates/vhosts/php_gallery2/CentOS.erb deleted file mode 120000 index 33f1633..0000000 --- a/templates/vhosts/php_gallery2/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_gallery2.erb \ No newline at end of file diff --git a/templates/vhosts/php_gallery2/Debian.erb b/templates/vhosts/php_gallery2/Debian.erb deleted file mode 120000 index 33f1633..0000000 --- a/templates/vhosts/php_gallery2/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_gallery2.erb \ No newline at end of file diff --git a/templates/vhosts/php_gallery2/partial.erb b/templates/vhosts/php_gallery2/partial.erb new file mode 100644 index 0000000..05cc9f4 --- /dev/null +++ b/templates/vhosts/php_gallery2/partial.erb @@ -0,0 +1,16 @@ + /"> +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> + +<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> + +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + +<% if vhost_part != :ssl -%> + # Always rewrite login's + # Source: http://gallery.menalto.com/node/30558 + RewriteEngine On + RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] + RewriteCond %{QUERY_STRING} subView=core\.UserLogin + RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] +<% end -%> + \ No newline at end of file diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb deleted file mode 100644 index b0a6591..0000000 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ /dev/null @@ -1,215 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> -<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> - # Always rewrite login's - # Source: http://gallery.menalto.com/node/30558 - RewriteEngine On - RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] - RewriteCond %{QUERY_STRING} subView=core\.UserLogin - RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] - # https -> see below - # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS): - # $gallery->setConfig('baseUri', ''); - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - php_admin_flag safe_mode Off - php_admin_value output_buffering Off - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>:<%= gdatadir %><%= ":#{real_upload_dir.to_s}" if upload_dir.to_s != 'absent' %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - # turn allow_url_fopen on for the extension manager fetch - php_admin_value allow_url_fopen On - - # Always rewrite login's (see above) - RewriteEngine On - RewriteCond %{HTTP_COOKIE} ="" - RewriteCond %{REQUEST_METHOD} =GET - RewriteCond %{QUERY_STRING} !subView=core\.UserLogin - RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - # Always rewrite login's - # Source: http://gallery.menalto.com/node/30558 - RewriteEngine On - RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR] - RewriteCond %{QUERY_STRING} subView=core\.UserLogin - RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] - # https -> see below - # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS): - # $gallery->setConfig('baseUri', ''); - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - # Always rewrite login's (see above) - RewriteEngine On - RewriteCond %{HTTP_COOKIE} ="" - RewriteCond %{REQUEST_METHOD} =GET - RewriteCond %{QUERY_STRING} !subView=core\.UserLogin - RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php_joomla/CentOS.erb b/templates/vhosts/php_joomla/CentOS.erb deleted file mode 120000 index 307fc29..0000000 --- a/templates/vhosts/php_joomla/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_joomla.erb \ No newline at end of file diff --git a/templates/vhosts/php_joomla/Debian.erb b/templates/vhosts/php_joomla/Debian.erb deleted file mode 120000 index 307fc29..0000000 --- a/templates/vhosts/php_joomla/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_joomla.erb \ No newline at end of file diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index a0e013d..fa095ff 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -1,157 +1,13 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - Include include.d/joomla.inc - - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - <%- end -%> - - /administrator/"> - RewriteEngine on - - # Rewrite URLs to https that go for the admin area - RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ - RewriteCond %{HTTPS} !=on - RewriteCond %{REQUEST_URI} (.*/administrator/.*) - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - /"> - Include include.d/joomla.inc +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> +<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> - <%- end -%> <%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> Include include.d/joomla.inc - - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + /administrator/"> RewriteEngine on @@ -160,57 +16,4 @@ RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} (.*/administrator/.*) RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - Include include.d/joomla.inc - - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> + \ No newline at end of file diff --git a/templates/vhosts/php_mediawiki/CentOS.erb b/templates/vhosts/php_mediawiki/CentOS.erb deleted file mode 120000 index 8080262..0000000 --- a/templates/vhosts/php_mediawiki/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_mediawiki.erb \ No newline at end of file diff --git a/templates/vhosts/php_mediawiki/Debian.erb b/templates/vhosts/php_mediawiki/Debian.erb deleted file mode 120000 index 8080262..0000000 --- a/templates/vhosts/php_mediawiki/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_mediawiki.erb \ No newline at end of file diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb deleted file mode 100644 index 12830b5..0000000 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ /dev/null @@ -1,185 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%><%- unless options.to_s.include?('+FollowSymLinks') -%> +FollowSymLinks<% end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - php_admin_value safe_mode off - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir /var/www/mediawiki/:<%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - php_admin_value safe_mode off - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir /var/www/mediawiki/:<%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%><%- unless options.to_s.include?('+FollowSymLinks') -%> +FollowSymLinks<% end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php_silverstripe/partial.erb b/templates/vhosts/php_silverstripe/partial.erb new file mode 100644 index 0000000..a398829 --- /dev/null +++ b/templates/vhosts/php_silverstripe/partial.erb @@ -0,0 +1,16 @@ +<% if vhost_part != :ssl && ![false,'false'].include?(ssl_mode) -%> + # silverstripe + RedirectMatch /admin(.*) https://<%= servername %>/admin$1 + RedirectMatch /Security(.*) https://<%= servername %>/Security$1 + +<% end -%> + /"> + +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> + +<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> + +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + + Include include.d/silverstripe.inc + \ No newline at end of file diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb deleted file mode 100644 index e72c603..0000000 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ /dev/null @@ -1,268 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - # silverstripe - RedirectMatch /admin(.*) https://<%= servername %>/admin$1 - RedirectMatch /Security(.*) https://<%= servername %>/Security$1 - - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - # silverstripe .htaccess - - Order deny,allow - Deny from all - #Allow from 127.0.0.1 - - - - RewriteEngine On - #RewriteBase / - - RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) - - RewriteCond %{REQUEST_URI} ^(.*)$ - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] - - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - # turn allow_url_fopen on for the extension manager fetch - php_admin_value allow_url_fopen On - - # silverstripe .htaccess - - Order deny,allow - Deny from all - #Allow from 127.0.0.1 - - - RewriteEngine On - #RewriteBase / - - RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) - - RewriteCond %{REQUEST_URI} ^(.*)$ - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] - - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - # silverstripe - RedirectMatch /admin(.*) https://<%= servername %>/admin$1 - RedirectMatch /Security(.*) https://<%= servername %>/Security$1 - - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - # silverstripe .htaccess - - Order deny,allow - Deny from all - #Allow from 127.0.0.1 - - - - RewriteEngine On - #RewriteBase / - - RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) - - RewriteCond %{REQUEST_URI} ^(.*)$ - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] - - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - # silverstripe .htaccess - - Order deny,allow - Deny from all - #Allow from 127.0.0.1 - - - RewriteEngine On - #RewriteBase / - - RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) - - RewriteCond %{REQUEST_URI} ^(.*)$ - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] - - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> - diff --git a/templates/vhosts/php_simplemachine/CentOS.erb b/templates/vhosts/php_simplemachine/CentOS.erb deleted file mode 120000 index de3c614..0000000 --- a/templates/vhosts/php_simplemachine/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_simplemachine.erb \ No newline at end of file diff --git a/templates/vhosts/php_simplemachine/Debian.erb b/templates/vhosts/php_simplemachine/Debian.erb deleted file mode 120000 index de3c614..0000000 --- a/templates/vhosts/php_simplemachine/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_simplemachine.erb \ No newline at end of file diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb deleted file mode 100644 index 5316267..0000000 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ /dev/null @@ -1,182 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php_spip/CentOS.erb b/templates/vhosts/php_spip/CentOS.erb deleted file mode 120000 index 1ca4aec..0000000 --- a/templates/vhosts/php_spip/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_spip.erb \ No newline at end of file diff --git a/templates/vhosts/php_spip/Debian.erb b/templates/vhosts/php_spip/Debian.erb deleted file mode 120000 index 1ca4aec..0000000 --- a/templates/vhosts/php_spip/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_spip.erb \ No newline at end of file diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb deleted file mode 100644 index 9f93c18..0000000 --- a/templates/vhosts/php_spip/php_spip.erb +++ /dev/null @@ -1,194 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- if php_safe_mode.to_s == 'false' -%> - php_admin_flag safe_mode Off - <%- end -%> - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%- if php_use_smarty.to_s == 'true' -%>/usr/share/php/Smarty/:<%- end -%><%- if php_use_pear.to_s == 'true' -%>/usr/share/pear/:<%- end -%><%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- if php_safe_mode.to_s == 'false' -%> - php_admin_flag safe_mode Off - <%- end -%> - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%- if php_use_smarty.to_s == 'true' -%>/usr/share/php/Smarty/:<%- end -%><%- if php_use_pear.to_s == 'true' -%>/usr/share/pear/:<%- end -%><%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php_typo3/partial.erb b/templates/vhosts/php_typo3/partial.erb new file mode 100644 index 0000000..776fff2 --- /dev/null +++ b/templates/vhosts/php_typo3/partial.erb @@ -0,0 +1,10 @@ +<%= scope.function_template('apache/vhosts/php/partial.erb') %> + /typo3/"> + RewriteEngine on + + # Rewrite URLs to https that go for the admin area + RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ + RewriteCond %{HTTPS} !=on + RewriteCond %{REQUEST_URI} (.*/typo3/.*) + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] + \ No newline at end of file diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb deleted file mode 100644 index b1a632f..0000000 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ /dev/null @@ -1,209 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if ssl_mode.to_s == 'force' then -%> - - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - /typo3/"> - RewriteEngine on - - # Rewrite URLs to https that go for the admin area - RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ - RewriteCond %{HTTPS} !=on - RewriteCond %{REQUEST_URI} (.*/typo3/.*) - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] - - <%- end -%> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - # turn allow_url_fopen on for the extension manager fetch - php_admin_value allow_url_fopen On - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - /typo3/"> - RewriteEngine on - - # Rewrite URLs to https that go for the admin area - RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ - RewriteCond %{HTTPS} !=on - RewriteCond %{REQUEST_URI} (.*/typo3/.*) - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> diff --git a/templates/vhosts/php_wordpress/CentOS.erb b/templates/vhosts/php_wordpress/CentOS.erb deleted file mode 120000 index 36dc938..0000000 --- a/templates/vhosts/php_wordpress/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_wordpress.erb \ No newline at end of file diff --git a/templates/vhosts/php_wordpress/Debian.erb b/templates/vhosts/php_wordpress/Debian.erb deleted file mode 120000 index 36dc938..0000000 --- a/templates/vhosts/php_wordpress/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_wordpress.erb \ No newline at end of file diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb deleted file mode 100644 index 2811749..0000000 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ /dev/null @@ -1,189 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - php_admin_flag engine on - <%- unless php_default_charset.to_s == 'absent' then -%> - php_admin_value default_charset <%= php_default_charset %> - <%- end -%> - php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> - php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> - php_admin_value session.save_path <%= real_php_session_save_path %> - <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> - php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> - <%- end -%> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 - <%- else -%> - ProxyPass / http://127.0.0.1/ - <%- end -%> - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - <%- if run_mode.to_s == 'static-itk' then -%> - <%- if not ssl_mode.to_s == 'force' then -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - DirectoryIndex index.htm index.html index.php - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - <%- if run_mode.to_s == 'static-itk' -%> - ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 - <%- else -%> - ProxyPass / https://127.0.0.1/ - <%- end -%> - ProxyPassReverse / https://127.0.0.1/ - - <%- if run_mode.to_s == 'static-itk' -%> - /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - <%- end -%> - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> - diff --git a/templates/vhosts/static/partial.erb b/templates/vhosts/static/partial.erb index 03bd2f8..78dc925 100644 --- a/templates/vhosts/static/partial.erb +++ b/templates/vhosts/static/partial.erb @@ -1,8 +1,5 @@ /"> - AllowOverride <%= allow_override %> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> - <%- end -%> <%= scope.function_template('apache/vhosts/partials/authentication.erb') %> \ No newline at end of file diff --git a/templates/vhosts/webdav/partial.erb b/templates/vhosts/webdav/partial.erb new file mode 100644 index 0000000..2f78d7b --- /dev/null +++ b/templates/vhosts/webdav/partial.erb @@ -0,0 +1,21 @@ + DAVLockDB <%= real_dav_db_dir %>/DAVLock + /"> + Dav on + AllowOverride None + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- unless options.include?('Indexes') then -%> Indexes<%- end -%> + + <%- else -%> + Options Indexes + + <%- end -%> +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + <%- if ldap_auth.to_s == 'true' then -%> + Include include.d/ldap_auth.inc + <%- unless ldap_user.to_s == 'any' -%> + Require ldap-user <%= ldap_user.to_s %> + <%- else -%> + Require valid-user + <%- end -%> + <%- end -%> + diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb deleted file mode 100644 index ad5f5e4..0000000 --- a/templates/vhosts/webdav/webdav.erb +++ /dev/null @@ -1,161 +0,0 @@ -# <%= servername %> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - -<%- end -%> -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> - - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - AssignUserId <%= run_uid+" "+run_gid %> - - - <%- end -%> - <%- if not ssl_mode.to_s == 'force' then -%> - DAVLockDB <%= real_dav_db_dir %>/DAVLock - /"> - Dav on - AllowOverride None - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- unless options.include?('Indexes') then -%> Indexes<%- end -%> - - <%- else -%> - Options Indexes - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - <%- if ldap_auth.to_s == 'true' then -%> - Include include.d/ldap_auth.inc - <%- unless ldap_user.to_s == 'any' -%> - Require ldap-user <%= ldap_user.to_s %> - <%- else -%> - Require valid-user - <%- end -%> - <%- end -%> - - <%- end -%> - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> - - - AssignUserId <%= run_uid+" "+run_gid %> - - <%- end -%> - - DAVLockDB <%= real_dav_db_dir %>/DAVLock - /"> - Dav on - AllowOverride None - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- unless options.include?('Indexes') then -%> Indexes<%- end -%> - - <%- else -%> - Options Indexes - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - <%- if ldap_auth.to_s == 'true' then -%> - Include include.d/ldap_auth.inc - <%- unless ldap_user.to_s == 'any' -%> - Require ldap-user <%= ldap_user.to_s %> - <%- else -%> - Require valid-user - <%- end -%> - <%- end -%> - - - <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - <%- end -%> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> -<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> - - -<%- unless ssl_mode.to_s == 'only' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:normal) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - ProxyPass / http://127.0.0.1/ - ProxyPassReverse / http://127.0.0.1/ - - <%- if ssl_mode.to_s == 'force' then -%> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] - - <%- end -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- unless ssl_mode.to_s == 'false' then -%> - -<% scope.unsetvar('vhost_part') - scope.setvar('vhost_part',:ssl) -%> - <%= scope.function_template('apache/vhosts/partials/header_default.erb') %> -<% scope.unsetvar('vhost_part') -%> - -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> - - ProxyPreserveHost On - ProxyRequests off - SSLProxyEngine On - ProxyPass / https://127.0.0.1/ - ProxyPassReverse / https://127.0.0.1/ - -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> - - <%- unless additional_options.to_s == 'absent' then -%> - <%= additional_options %> - <%- end -%> - -<%- end -%> - -<%- end -%> -- cgit v1.2.3 From 1fc1184a4ceff562b969b148677a055ff99dc5f5 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 20:14:15 +0200 Subject: remove old files --- templates/vhosts/gitweb/CentOS.erb | 1 - templates/vhosts/gitweb/Debian.erb | 1 - templates/vhosts/perl/CentOS.erb | 1 - templates/vhosts/perl/Debian.erb | 1 - templates/vhosts/php_drupal/CentOS.erb | 1 - templates/vhosts/php_drupal/Debian.erb | 1 - templates/vhosts/php_silverstripe/CentOS.erb | 1 - templates/vhosts/php_silverstripe/Debian.erb | 1 - templates/vhosts/php_typo3/CentOS.erb | 1 - templates/vhosts/php_typo3/Debian.erb | 1 - templates/vhosts/redirect/CentOS.erb | 1 - templates/vhosts/redirect/Debian.erb | 1 - templates/vhosts/webdav/CentOS.erb | 1 - templates/vhosts/webdav/Debian.erb | 1 - 14 files changed, 14 deletions(-) delete mode 120000 templates/vhosts/gitweb/CentOS.erb delete mode 120000 templates/vhosts/gitweb/Debian.erb delete mode 120000 templates/vhosts/perl/CentOS.erb delete mode 120000 templates/vhosts/perl/Debian.erb delete mode 120000 templates/vhosts/php_drupal/CentOS.erb delete mode 120000 templates/vhosts/php_drupal/Debian.erb delete mode 120000 templates/vhosts/php_silverstripe/CentOS.erb delete mode 120000 templates/vhosts/php_silverstripe/Debian.erb delete mode 120000 templates/vhosts/php_typo3/CentOS.erb delete mode 120000 templates/vhosts/php_typo3/Debian.erb delete mode 120000 templates/vhosts/redirect/CentOS.erb delete mode 120000 templates/vhosts/redirect/Debian.erb delete mode 120000 templates/vhosts/webdav/CentOS.erb delete mode 120000 templates/vhosts/webdav/Debian.erb (limited to 'templates') diff --git a/templates/vhosts/gitweb/CentOS.erb b/templates/vhosts/gitweb/CentOS.erb deleted file mode 120000 index a3f2135..0000000 --- a/templates/vhosts/gitweb/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -gitweb.erb \ No newline at end of file diff --git a/templates/vhosts/gitweb/Debian.erb b/templates/vhosts/gitweb/Debian.erb deleted file mode 120000 index a3f2135..0000000 --- a/templates/vhosts/gitweb/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -gitweb.erb \ No newline at end of file diff --git a/templates/vhosts/perl/CentOS.erb b/templates/vhosts/perl/CentOS.erb deleted file mode 120000 index c721da2..0000000 --- a/templates/vhosts/perl/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -perl.erb \ No newline at end of file diff --git a/templates/vhosts/perl/Debian.erb b/templates/vhosts/perl/Debian.erb deleted file mode 120000 index c721da2..0000000 --- a/templates/vhosts/perl/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -perl.erb \ No newline at end of file diff --git a/templates/vhosts/php_drupal/CentOS.erb b/templates/vhosts/php_drupal/CentOS.erb deleted file mode 120000 index 5e933a5..0000000 --- a/templates/vhosts/php_drupal/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_drupal.erb \ No newline at end of file diff --git a/templates/vhosts/php_drupal/Debian.erb b/templates/vhosts/php_drupal/Debian.erb deleted file mode 120000 index 5e933a5..0000000 --- a/templates/vhosts/php_drupal/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_drupal.erb \ No newline at end of file diff --git a/templates/vhosts/php_silverstripe/CentOS.erb b/templates/vhosts/php_silverstripe/CentOS.erb deleted file mode 120000 index 9ac244f..0000000 --- a/templates/vhosts/php_silverstripe/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_silverstripe.erb \ No newline at end of file diff --git a/templates/vhosts/php_silverstripe/Debian.erb b/templates/vhosts/php_silverstripe/Debian.erb deleted file mode 120000 index 9ac244f..0000000 --- a/templates/vhosts/php_silverstripe/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_silverstripe.erb \ No newline at end of file diff --git a/templates/vhosts/php_typo3/CentOS.erb b/templates/vhosts/php_typo3/CentOS.erb deleted file mode 120000 index 398f400..0000000 --- a/templates/vhosts/php_typo3/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -php_typo3.erb \ No newline at end of file diff --git a/templates/vhosts/php_typo3/Debian.erb b/templates/vhosts/php_typo3/Debian.erb deleted file mode 120000 index 398f400..0000000 --- a/templates/vhosts/php_typo3/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -php_typo3.erb \ No newline at end of file diff --git a/templates/vhosts/redirect/CentOS.erb b/templates/vhosts/redirect/CentOS.erb deleted file mode 120000 index 12a8583..0000000 --- a/templates/vhosts/redirect/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -redirect.erb \ No newline at end of file diff --git a/templates/vhosts/redirect/Debian.erb b/templates/vhosts/redirect/Debian.erb deleted file mode 120000 index 12a8583..0000000 --- a/templates/vhosts/redirect/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -redirect.erb \ No newline at end of file diff --git a/templates/vhosts/webdav/CentOS.erb b/templates/vhosts/webdav/CentOS.erb deleted file mode 120000 index 872843a..0000000 --- a/templates/vhosts/webdav/CentOS.erb +++ /dev/null @@ -1 +0,0 @@ -webdav.erb \ No newline at end of file diff --git a/templates/vhosts/webdav/Debian.erb b/templates/vhosts/webdav/Debian.erb deleted file mode 120000 index 872843a..0000000 --- a/templates/vhosts/webdav/Debian.erb +++ /dev/null @@ -1 +0,0 @@ -webdav.erb \ No newline at end of file -- cgit v1.2.3 From 6a579bc57146a5fb3060fd1c4189465c7a603611 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 20:27:52 +0200 Subject: remove dead file --- templates/vhosts/redirect/OpenBSD.erb | 1 - 1 file changed, 1 deletion(-) delete mode 120000 templates/vhosts/redirect/OpenBSD.erb (limited to 'templates') diff --git a/templates/vhosts/redirect/OpenBSD.erb b/templates/vhosts/redirect/OpenBSD.erb deleted file mode 120000 index 12a8583..0000000 --- a/templates/vhosts/redirect/OpenBSD.erb +++ /dev/null @@ -1 +0,0 @@ -redirect.erb \ No newline at end of file -- cgit v1.2.3 From 391dbaae8af22cf6f157aa4f741762a14cf0b483 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 22:27:37 +0200 Subject: add mod_fcgid stuff --- templates/vhosts/default.erb | 10 ++++++++++ templates/vhosts/partials/std_override_options.erb | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 5ab1d26..02dcb5b 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -19,6 +19,16 @@ vhost_parts.each do |vhost_part| AssignUserId <%= run_uid+" "+run_gid %> + <% elsif run_mod.to_s == 'fcgid' -%> + + SuexecUserGroup <%= run_uid+" "+run_gid %> + <% if passing_extension.to_s == 'php' -%> + PHP_Fix_Pathinfo_Enable 1 + <% end -%> + FCGIWrapper /var/www/mod_fcgid-starters/<%= name %> .<%= passing_extension %> + AddHandler fcgid-script .<%= passing_extension %> + + <% end -%> <% if ssl_mode == 'force' && vhost_part == :normal -%> RewriteEngine On diff --git a/templates/vhosts/partials/std_override_options.erb b/templates/vhosts/partials/std_override_options.erb index d43b042..845fcc0 100644 --- a/templates/vhosts/partials/std_override_options.erb +++ b/templates/vhosts/partials/std_override_options.erb @@ -1,4 +1,4 @@ AllowOverride <%= allow_override %> <% if options.to_s != 'absent' || do_includes.to_s == 'true' -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><% end -%><% if do_includes.to_s == 'true' && !options.include?('+Includes') -%> +Includes<% end -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><% end -%><% if do_includes.to_s == 'true' && !options.include?('+Includes') -%> +Includes<% end -%><% if run_mode == 'fcgid' && !options.include?('+ExecCGI') -%>+ExecCGI<% end -%> <% end -%> \ No newline at end of file -- cgit v1.2.3 From 85a551f74b55a838fe3f4fa63bc104f74605f3d4 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 23:16:35 +0200 Subject: fix naming --- templates/vhosts/default.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 02dcb5b..4328931 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -19,7 +19,7 @@ vhost_parts.each do |vhost_part| AssignUserId <%= run_uid+" "+run_gid %> - <% elsif run_mod.to_s == 'fcgid' -%> + <% elsif run_mode.to_s == 'fcgid' -%> SuexecUserGroup <%= run_uid+" "+run_gid %> <% if passing_extension.to_s == 'php' -%> -- cgit v1.2.3 From 968676d43da076d4ecc9d33c4a5f8a2fb532285c Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 23:44:15 +0200 Subject: pass php_settings to fcgid-starter and only set them in vhost, if we don't run as fgcid --- templates/vhosts/partials/php_settings.erb | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/partials/php_settings.erb b/templates/vhosts/partials/php_settings.erb index 8d4fec4..acc81f7 100644 --- a/templates/vhosts/partials/php_settings.erb +++ b/templates/vhosts/partials/php_settings.erb @@ -1,17 +1,19 @@ -<% php_settings.each do |key,value| - dvalue = value.to_s.downcase - munged_value = if dvalue == 'true' - 'on' - elsif dvalue == 'false' - 'off' - elsif ['on','off'].include?(dvalue) - dvalue - else - value - end - if ['on','off' ].include?(munged_value) -%> +<% if run_mode != 'fcgid' + php_settings.each do |key,value| + dvalue = value.to_s.downcase + munged_value = if dvalue == 'true' + 'on' + elsif dvalue == 'false' + 'off' + elsif ['on','off'].include?(dvalue) + dvalue + else + value + end + if ['on','off' ].include?(munged_value) -%> php_admin_flag <%= key %> <%= munged_value %> <% else -%> php_admin_value <%= key %> <%= munged_value %> <% end -%> +<% end -%> <% end -%> \ No newline at end of file -- cgit v1.2.3 From bff168f1aad2a82e4b2fec5ca9b8260164cf7e27 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 00:27:06 +0200 Subject: this options should be set globally --- templates/vhosts/default.erb | 3 --- 1 file changed, 3 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 4328931..98482d4 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -22,9 +22,6 @@ vhost_parts.each do |vhost_part| <% elsif run_mode.to_s == 'fcgid' -%> SuexecUserGroup <%= run_uid+" "+run_gid %> - <% if passing_extension.to_s == 'php' -%> - PHP_Fix_Pathinfo_Enable 1 - <% end -%> FCGIWrapper /var/www/mod_fcgid-starters/<%= name %> .<%= passing_extension %> AddHandler fcgid-script .<%= passing_extension %> -- cgit v1.2.3 From 7a2bc42c1ae63b08f90825446f51ee626b8a5f27 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 01:13:47 +0200 Subject: ensure that execcgi is passed and add extension index --- templates/vhosts/partials/header_default.erb | 3 +++ templates/vhosts/partials/std_override_options.erb | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/vhosts/partials/header_default.erb b/templates/vhosts/partials/header_default.erb index eff83cf..1c9309d 100644 --- a/templates/vhosts/partials/header_default.erb +++ b/templates/vhosts/partials/header_default.erb @@ -14,4 +14,7 @@ <% end -%> <% if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> +<% end -%> +<% unless passed_extension.to_s.empty? -%> + DirectoryIndex index.htm index.html index.<%= passed_extension %> <% end -%> \ No newline at end of file diff --git a/templates/vhosts/partials/std_override_options.erb b/templates/vhosts/partials/std_override_options.erb index 845fcc0..6be9ff1 100644 --- a/templates/vhosts/partials/std_override_options.erb +++ b/templates/vhosts/partials/std_override_options.erb @@ -1,4 +1,4 @@ AllowOverride <%= allow_override %> - <% if options.to_s != 'absent' || do_includes.to_s == 'true' -%> + <% if options.to_s != 'absent' || do_includes.to_s == 'true' || run_mode == 'fcgid' -%> Options <%- unless options.to_s == 'absent' then -%><%= options %><% end -%><% if do_includes.to_s == 'true' && !options.include?('+Includes') -%> +Includes<% end -%><% if run_mode == 'fcgid' && !options.include?('+ExecCGI') -%>+ExecCGI<% end -%> <% end -%> \ No newline at end of file -- cgit v1.2.3 From 7532b47f7e62dc705e92051beee75968f5c226c5 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 01:20:23 +0200 Subject: fix naming --- templates/vhosts/partials/header_default.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/partials/header_default.erb b/templates/vhosts/partials/header_default.erb index 1c9309d..4b4bcc2 100644 --- a/templates/vhosts/partials/header_default.erb +++ b/templates/vhosts/partials/header_default.erb @@ -15,6 +15,6 @@ <% if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <% end -%> -<% unless passed_extension.to_s.empty? -%> - DirectoryIndex index.htm index.html index.<%= passed_extension %> +<% unless passing_extension.to_s.empty? -%> + DirectoryIndex index.htm index.html index.<%= passing_extension %> <% end -%> \ No newline at end of file -- cgit v1.2.3 From 57efdb7a465750a6e197b1c0954e0ad21b7e55bc Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 01:22:56 +0200 Subject: passing extension is not everyhwere defined --- templates/vhosts/partials/header_default.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/vhosts/partials/header_default.erb b/templates/vhosts/partials/header_default.erb index 4b4bcc2..a9a87bc 100644 --- a/templates/vhosts/partials/header_default.erb +++ b/templates/vhosts/partials/header_default.erb @@ -15,6 +15,6 @@ <% if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <% end -%> -<% unless passing_extension.to_s.empty? -%> +<% if has_variable?('passing_extension') && !passing_extension.to_s.empty? -%> DirectoryIndex index.htm index.html index.<%= passing_extension %> <% end -%> \ No newline at end of file -- cgit v1.2.3 From c5f89ba130e2027a37d821d803da018583009f69 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 01:43:46 +0200 Subject: the script must be in its own location --- templates/vhosts/default.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 98482d4..3073499 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -22,7 +22,7 @@ vhost_parts.each do |vhost_part| <% elsif run_mode.to_s == 'fcgid' -%> SuexecUserGroup <%= run_uid+" "+run_gid %> - FCGIWrapper /var/www/mod_fcgid-starters/<%= name %> .<%= passing_extension %> + FCGIWrapper /var/www/mod_fcgid-starters/<%= name %>/<%= name %>-starter .<%= passing_extension %> AddHandler fcgid-script .<%= passing_extension %> -- cgit v1.2.3 From 811928eed982bd18776e6abfe0b5e1b9864d7c55 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 02:22:39 +0200 Subject: we need these rewrite rules, otherwise it won't work with cgi --- templates/vhosts/php_mediawiki/partial.erb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 templates/vhosts/php_mediawiki/partial.erb (limited to 'templates') diff --git a/templates/vhosts/php_mediawiki/partial.erb b/templates/vhosts/php_mediawiki/partial.erb new file mode 100644 index 0000000..38f9663 --- /dev/null +++ b/templates/vhosts/php_mediawiki/partial.erb @@ -0,0 +1,16 @@ +<% if run_mode == 'fcgid' -%> + RewriteEngine On + RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f + RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-d + RewriteRule ^/?index.php/(.*)$ /index.php?title=$1 [PT,L,QSA] +<% end -%> +<%= scope.function_template('apache/vhosts/php/partial.erb') %> + /typo3/"> + RewriteEngine on + + # Rewrite URLs to https that go for the admin area + RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ + RewriteCond %{HTTPS} !=on + RewriteCond %{REQUEST_URI} (.*/typo3/.*) + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] + \ No newline at end of file -- cgit v1.2.3 From b2898d6ece7ae4fa1d26baa4234597ec5a05d985 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 02:45:20 +0200 Subject: set max requests on the same as the php requests, as per https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html --- templates/vhosts/default.erb | 1 + 1 file changed, 1 insertion(+) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 3073499..fdc9aee 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -22,6 +22,7 @@ vhost_parts.each do |vhost_part| <% elsif run_mode.to_s == 'fcgid' -%> SuexecUserGroup <%= run_uid+" "+run_gid %> + FcgidMaxRequestsPerProcess 5000 FCGIWrapper /var/www/mod_fcgid-starters/<%= name %>/<%= name %>-starter .<%= passing_extension %> AddHandler fcgid-script .<%= passing_extension %> -- cgit v1.2.3 From 5fd2611fa89bcafaeeb921f58bd495602f664f0c Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 05:13:23 +0200 Subject: hashs are not sorted, but for idempotence we should sort it --- templates/vhosts/partials/php_settings.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/partials/php_settings.erb b/templates/vhosts/partials/php_settings.erb index acc81f7..77a4253 100644 --- a/templates/vhosts/partials/php_settings.erb +++ b/templates/vhosts/partials/php_settings.erb @@ -1,6 +1,6 @@ <% if run_mode != 'fcgid' - php_settings.each do |key,value| - dvalue = value.to_s.downcase + php_settings.keys.sort.each do |key| + dvalue = php_settings[value].to_s.downcase munged_value = if dvalue == 'true' 'on' elsif dvalue == 'false' -- cgit v1.2.3 From 7de7f1e01766acf0105be8854653f39babd46c12 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 05:18:42 +0200 Subject: we should take the key not the value :/ --- templates/vhosts/partials/php_settings.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/vhosts/partials/php_settings.erb b/templates/vhosts/partials/php_settings.erb index 77a4253..3a1ab5c 100644 --- a/templates/vhosts/partials/php_settings.erb +++ b/templates/vhosts/partials/php_settings.erb @@ -1,6 +1,6 @@ <% if run_mode != 'fcgid' php_settings.keys.sort.each do |key| - dvalue = php_settings[value].to_s.downcase + dvalue = php_settings[keys].to_s.downcase munged_value = if dvalue == 'true' 'on' elsif dvalue == 'false' -- cgit v1.2.3 From 70b4688cc6e9915b39d6c7326a100ec38d6affd2 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 14:45:46 +0200 Subject: no need to configure fcgid on redirect hosts --- templates/vhosts/default.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index fdc9aee..9342d06 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -19,7 +19,7 @@ vhost_parts.each do |vhost_part| AssignUserId <%= run_uid+" "+run_gid %> - <% elsif run_mode.to_s == 'fcgid' -%> + <% elsif run_mode.to_s == 'fcgid' && !(ssl_mode == 'force' && vhost_part == :normal) -%> SuexecUserGroup <%= run_uid+" "+run_gid %> FcgidMaxRequestsPerProcess 5000 -- cgit v1.2.3 From 041b1930c77117c7f23c07f23ea14bff77bcf49d Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 12 Oct 2011 23:38:24 +0200 Subject: rename partial correctly --- templates/vhosts/php_joomla/partial.erb | 19 +++++++++++++++++++ templates/vhosts/php_joomla/php_joomla.erb | 19 ------------------- 2 files changed, 19 insertions(+), 19 deletions(-) create mode 100644 templates/vhosts/php_joomla/partial.erb delete mode 100644 templates/vhosts/php_joomla/php_joomla.erb (limited to 'templates') diff --git a/templates/vhosts/php_joomla/partial.erb b/templates/vhosts/php_joomla/partial.erb new file mode 100644 index 0000000..fa095ff --- /dev/null +++ b/templates/vhosts/php_joomla/partial.erb @@ -0,0 +1,19 @@ + /"> +<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> + +<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> + +<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> + + Include include.d/joomla.inc + + + /administrator/"> + RewriteEngine on + + # Rewrite URLs to https that go for the admin area + RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ + RewriteCond %{HTTPS} !=on + RewriteCond %{REQUEST_URI} (.*/administrator/.*) + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] + \ No newline at end of file diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb deleted file mode 100644 index fa095ff..0000000 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ /dev/null @@ -1,19 +0,0 @@ - /"> -<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> - -<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> - -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - - Include include.d/joomla.inc - - - /administrator/"> - RewriteEngine on - - # Rewrite URLs to https that go for the admin area - RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$ - RewriteCond %{HTTPS} !=on - RewriteCond %{REQUEST_URI} (.*/administrator/.*) - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] - \ No newline at end of file -- cgit v1.2.3 From 15505ed10296e48c1f023791c073c320d094ae12 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 13 Oct 2011 00:06:32 +0200 Subject: enforce space between options --- templates/vhosts/partials/std_override_options.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/partials/std_override_options.erb b/templates/vhosts/partials/std_override_options.erb index 6be9ff1..95a5e6a 100644 --- a/templates/vhosts/partials/std_override_options.erb +++ b/templates/vhosts/partials/std_override_options.erb @@ -1,4 +1,4 @@ AllowOverride <%= allow_override %> <% if options.to_s != 'absent' || do_includes.to_s == 'true' || run_mode == 'fcgid' -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><% end -%><% if do_includes.to_s == 'true' && !options.include?('+Includes') -%> +Includes<% end -%><% if run_mode == 'fcgid' && !options.include?('+ExecCGI') -%>+ExecCGI<% end -%> - <% end -%> \ No newline at end of file + Options <%- unless options.to_s == 'absent' then -%><%= options %><% end -%><% if do_includes.to_s == 'true' && !options.include?('+Includes') -%> +Includes<% end -%><% if run_mode == 'fcgid' && !options.include?('+ExecCGI') -%> +ExecCGI<% end -%> + <% end -%> -- cgit v1.2.3 From 0c408d9dbaadb64bfb35c462f270528a7ea88b71 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 18 Oct 2011 00:04:19 +0200 Subject: fix value lookup --- templates/vhosts/partials/php_settings.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/vhosts/partials/php_settings.erb b/templates/vhosts/partials/php_settings.erb index 3a1ab5c..a2c7297 100644 --- a/templates/vhosts/partials/php_settings.erb +++ b/templates/vhosts/partials/php_settings.erb @@ -1,6 +1,6 @@ <% if run_mode != 'fcgid' php_settings.keys.sort.each do |key| - dvalue = php_settings[keys].to_s.downcase + dvalue = php_settings[key].to_s.downcase munged_value = if dvalue == 'true' 'on' elsif dvalue == 'false' -- cgit v1.2.3 From 3a529767ec5f378b839178d54483837aa33bdd8b Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 18 Oct 2011 00:11:30 +0200 Subject: fix value lookup - take 2 --- templates/vhosts/partials/php_settings.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/vhosts/partials/php_settings.erb b/templates/vhosts/partials/php_settings.erb index a2c7297..ae50bf8 100644 --- a/templates/vhosts/partials/php_settings.erb +++ b/templates/vhosts/partials/php_settings.erb @@ -8,7 +8,7 @@ elsif ['on','off'].include?(dvalue) dvalue else - value + php_settings[key] end if ['on','off' ].include?(munged_value) -%> php_admin_flag <%= key %> <%= munged_value %> -- cgit v1.2.3 From 56b558c9e49cda84a047f339b5671cccb2bc1166 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 27 Dec 2011 16:00:17 +0100 Subject: reject undef items --- templates/vhosts/partials/php_settings.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/partials/php_settings.erb b/templates/vhosts/partials/php_settings.erb index ae50bf8..7840987 100644 --- a/templates/vhosts/partials/php_settings.erb +++ b/templates/vhosts/partials/php_settings.erb @@ -1,5 +1,5 @@ <% if run_mode != 'fcgid' - php_settings.keys.sort.each do |key| + php_settings.reject{|k,v| v == :undef }.keys.sort.each do |key| dvalue = php_settings[key].to_s.downcase munged_value = if dvalue == 'true' 'on' @@ -16,4 +16,4 @@ php_admin_value <%= key %> <%= munged_value %> <% end -%> <% end -%> -<% end -%> \ No newline at end of file +<% end -%> -- cgit v1.2.3 From f498fa4f3453387ba669abdea3bea64b03b78e76 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 28 Dec 2011 02:14:56 +0100 Subject: set gem_home for the ruby apps --- templates/vhosts/passenger/partial.erb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/vhosts/passenger/partial.erb b/templates/vhosts/passenger/partial.erb index 3b314ce..abbec79 100644 --- a/templates/vhosts/passenger/partial.erb +++ b/templates/vhosts/passenger/partial.erb @@ -1,6 +1,7 @@ + SetEnv GEM_HOME <%= gempath %> /> AllowOverride <%= allow_override %> Options <%- unless options.to_s == 'absent' -%><%= options %><%- end -%><%- unless !options.to_s.include?('MultiViews') -%>-MultiViews<%- end -%> <%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - \ No newline at end of file + -- cgit v1.2.3 From 076909377eaa3aa41936e3acb7e02a9b5b14d493 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 31 May 2012 11:38:45 +0200 Subject: fix various puppet language things --- templates/default/default_index.erb | 4 ++-- templates/itk_plus/CentOS/00-listen-ssl.conf.erb | 2 +- templates/itk_plus/CentOS/00-listen.conf.erb | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'templates') diff --git a/templates/default/default_index.erb b/templates/default/default_index.erb index dbe9954..b35ecd9 100644 --- a/templates/default/default_index.erb +++ b/templates/default/default_index.erb @@ -1,13 +1,13 @@ - <%= hostname %> + <%= scope.lookupvar('::hostname') %>

No page @ this location

- <%= hostname %> + <%= scope.lookupvar('::hostname') %>

diff --git a/templates/itk_plus/CentOS/00-listen-ssl.conf.erb b/templates/itk_plus/CentOS/00-listen-ssl.conf.erb index 1c06433..83f7bee 100644 --- a/templates/itk_plus/CentOS/00-listen-ssl.conf.erb +++ b/templates/itk_plus/CentOS/00-listen-ssl.conf.erb @@ -2,5 +2,5 @@ Listen 127.0.0.1:443
-Listen <%= ipaddress %>:443 +Listen <%= scope.lookupvar('::ipaddress') %>:443 diff --git a/templates/itk_plus/CentOS/00-listen.conf.erb b/templates/itk_plus/CentOS/00-listen.conf.erb index 9f2c626..30b2046 100644 --- a/templates/itk_plus/CentOS/00-listen.conf.erb +++ b/templates/itk_plus/CentOS/00-listen.conf.erb @@ -3,6 +3,6 @@ Listen 127.0.0.1:80 PidFile run/httpdlocal.pid
-Listen <%= ipaddress %>:80 +Listen <%= scope.lookupvar('::ipaddress') %>:80 PidFile run/httpd.pid -- cgit v1.2.3 From edc2afe65136d49501b6aaeb805269b3f7bb141f Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 6 Jun 2012 01:25:24 -0300 Subject: fix for new style for 2.7 --- templates/vhosts/gitweb/partial.erb | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/gitweb/partial.erb b/templates/vhosts/gitweb/partial.erb index 593aaff..8bfe6ce 100644 --- a/templates/vhosts/gitweb/partial.erb +++ b/templates/vhosts/gitweb/partial.erb @@ -1,10 +1,10 @@ + <% unless ssl_mode.to_s == 'force' -%> SetEnv GITWEB_CONFIG <%= gitweb_config %> DirectoryIndex gitweb.cgi - <%- if not ssl_mode.to_s == 'force' then -%> /"> - <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> - Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%><%- unless options.include?('+ExecCGI') then -%> +ExecCGI<%- end -%> - <%- end -%> + <% if options.to_s != 'absent' or do_includes.to_s == 'true'-%> + Options <% unless options.to_s == 'absent' -%><%= options %><% end -%><% if do_includes.to_s == 'true' && !options.include?('+Includes') -%> +Includes<% end -%><% unless options.include?('+ExecCGI') -%> +ExecCGI<% end -%> + <% end -%> AddHandler cgi-script .cgi @@ -15,4 +15,5 @@ RewriteRule ^[a-zA-Z0-9_-]+.git/?(\?.)?$ /gitweb.cgi%{REQUESTURI} [L,PT] <%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - \ No newline at end of file +
+ <% end -%> -- cgit v1.2.3 From 9cbf2fafee3f4623b75d1a6b70458ab097e64924 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 8 Jun 2012 12:09:39 -0300 Subject: fix dynamic scope variables, function access --- templates/vhosts/default.erb | 10 +++++----- templates/vhosts/gitweb/partial.erb | 2 +- templates/vhosts/itk_plus.erb | 6 +++--- templates/vhosts/itk_plus/partial.erb | 2 +- templates/vhosts/partials/header_default.erb | 12 ++++++------ templates/vhosts/passenger/partial.erb | 2 +- templates/vhosts/perl/partial.erb | 6 +++--- templates/vhosts/php/partial.erb | 8 ++++---- templates/vhosts/php_drupal/partial.erb | 6 +++--- templates/vhosts/php_gallery2/partial.erb | 8 ++++---- templates/vhosts/php_joomla/partial.erb | 8 ++++---- templates/vhosts/php_mediawiki/partial.erb | 4 ++-- templates/vhosts/php_silverstripe/partial.erb | 8 ++++---- templates/vhosts/php_typo3/partial.erb | 4 ++-- templates/vhosts/proxy/partial.erb | 4 ++-- templates/vhosts/redirect/partial.erb | 2 +- templates/vhosts/static/partial.erb | 6 +++--- templates/vhosts/webdav/partial.erb | 2 +- 18 files changed, 50 insertions(+), 50 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 9342d06..62edf69 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -10,9 +10,9 @@ vhost_parts.each do |vhost_part| -%> > -<%= scope.function_template('apache/vhosts/partials/header_default.erb') %> +<%= scope.function_template(['apache/vhosts/partials/header_default.erb']) %> -<%= scope.function_template('apache/vhosts/partials/logs.erb') %> +<%= scope.function_template(['apache/vhosts/partials/logs.erb']) %> <% if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -33,13 +33,13 @@ vhost_parts.each do |vhost_part| RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <% else -%> -<%= scope.function_template(template_partial) %> +<%= scope.function_template([template_partial]) %> <% end -%> <%- unless template_partial == 'apache/vhosts/itk_plus/partial.erb' -%> -<%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> +<%= scope.function_template(['apache/vhosts/partials/mod_security.erb']) %> <% end -%> <% unless additional_options.to_s == 'absent' -%> <%= additional_options %> <% end -%> -<% end -%> \ No newline at end of file +<% end -%> diff --git a/templates/vhosts/gitweb/partial.erb b/templates/vhosts/gitweb/partial.erb index 8bfe6ce..7238ebe 100644 --- a/templates/vhosts/gitweb/partial.erb +++ b/templates/vhosts/gitweb/partial.erb @@ -14,6 +14,6 @@ RewriteEngine on RewriteRule ^[a-zA-Z0-9_-]+.git/?(\?.)?$ /gitweb.cgi%{REQUESTURI} [L,PT] -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> +<%= scope.function_template(['apache/vhosts/partials/authentication.erb']) %>
<% end -%> diff --git a/templates/vhosts/itk_plus.erb b/templates/vhosts/itk_plus.erb index 2890ecf..b7cb180 100644 --- a/templates/vhosts/itk_plus.erb +++ b/templates/vhosts/itk_plus.erb @@ -1,10 +1,10 @@ -<%= scope.function_template('apache/vhost/default.erb') %> +<%= scope.function_template(['apache/vhost/default.erb']) %> <% scope.unsetvar('template_partial') scope.setvar('template_partial','apache/vhosts/itk_plus/partial.erb') -%> -<%= scope.function_template('apache/vhost/default.erb') %> - \ No newline at end of file +<%= scope.function_template(['apache/vhost/default.erb']) %> +
diff --git a/templates/vhosts/itk_plus/partial.erb b/templates/vhosts/itk_plus/partial.erb index e37e418..5b05dd8 100644 --- a/templates/vhosts/itk_plus/partial.erb +++ b/templates/vhosts/itk_plus/partial.erb @@ -25,7 +25,7 @@ Options <% unless options.to_s == 'absent' then -%><%= options %><% end -%><% if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<% end -%> <% end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> +<%= scope.function_template(['apache/vhosts/partials/authentication.erb']) %>
<% end -%> diff --git a/templates/vhosts/partials/header_default.erb b/templates/vhosts/partials/header_default.erb index a9a87bc..d6d8c86 100644 --- a/templates/vhosts/partials/header_default.erb +++ b/templates/vhosts/partials/header_default.erb @@ -3,18 +3,18 @@ Include include.d/ssl_defaults.inc <% end -%> ServerName <%= servername %> -<% unless serveralias.to_s.empty? || (serveralias.to_s == 'absent') -%> +<% unless serveralias.empty? || (serveralias == 'absent') -%> ServerAlias <%= serveralias %> <% end -%> -<% unless server_admin.to_s.empty? || (server_admin.to_s == 'absent') -%> +<% unless server_admin.empty? || (server_admin == 'absent') -%> ServerAdmin <%= server_admin %> <% end -%> -<% unless documentroot.to_s == 'really_absent' -%> +<% unless documentroot == 'really_absent' -%> DocumentRoot <%= documentroot %>/ <% end -%> -<% if default_charset.to_s != 'absent' then -%> +<% if default_charset != 'absent' then -%> AddDefaultCharset <%= default_charset %> <% end -%> -<% if has_variable?('passing_extension') && !passing_extension.to_s.empty? -%> +<% if passing_extension != 'absent' -%> DirectoryIndex index.htm index.html index.<%= passing_extension %> -<% end -%> \ No newline at end of file +<% end -%> diff --git a/templates/vhosts/passenger/partial.erb b/templates/vhosts/passenger/partial.erb index abbec79..490649e 100644 --- a/templates/vhosts/passenger/partial.erb +++ b/templates/vhosts/passenger/partial.erb @@ -3,5 +3,5 @@ AllowOverride <%= allow_override %> Options <%- unless options.to_s == 'absent' -%><%= options %><%- end -%><%- unless !options.to_s.include?('MultiViews') -%>-MultiViews<%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> +<%= scope.function_template(['apache/vhosts/partials/authentication.erb']) %>
diff --git a/templates/vhosts/perl/partial.erb b/templates/vhosts/perl/partial.erb index f75bf3f..a8c30c3 100644 --- a/templates/vhosts/perl/partial.erb +++ b/templates/vhosts/perl/partial.erb @@ -1,7 +1,7 @@ /"> -<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> +<%= scope.function_template(['apache/vhosts/partials/std_override_options.erb']) %> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> +<%= scope.function_template(['apache/vhosts/partials/authentication.erb']) %> <% unless htpasswd_file.to_s == 'absent' -%> @@ -12,4 +12,4 @@ require valid-user
<% end -%> - ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ \ No newline at end of file + ScriptAlias /cgi-bin/ <%= cgi_binpath %>/ diff --git a/templates/vhosts/php/partial.erb b/templates/vhosts/php/partial.erb index dae201a..f8e5c53 100644 --- a/templates/vhosts/php/partial.erb +++ b/templates/vhosts/php/partial.erb @@ -1,7 +1,7 @@ /"> -<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> +<%= scope.function_template(['apache/vhosts/partials/std_override_options.erb']) %> -<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> +<%= scope.function_template(['apache/vhosts/partials/php_settings.erb']) %> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - \ No newline at end of file +<%= scope.function_template(['apache/vhosts/partials/authentication.erb']) %> +
diff --git a/templates/vhosts/php_drupal/partial.erb b/templates/vhosts/php_drupal/partial.erb index 07e0d94..3c420b1 100644 --- a/templates/vhosts/php_drupal/partial.erb +++ b/templates/vhosts/php_drupal/partial.erb @@ -1,10 +1,10 @@ /"> -<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> +<%= scope.function_template(['apache/vhosts/partials/std_override_options.erb']) %> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> +<%= scope.function_template(['apache/vhosts/partials/authentication.erb']) %> -<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> +<%= scope.function_template(['apache/vhosts/partials/php_settings.erb']) %> # Protect files and directories from prying eyes. diff --git a/templates/vhosts/php_gallery2/partial.erb b/templates/vhosts/php_gallery2/partial.erb index 05cc9f4..448f720 100644 --- a/templates/vhosts/php_gallery2/partial.erb +++ b/templates/vhosts/php_gallery2/partial.erb @@ -1,9 +1,9 @@ /"> -<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> +<%= scope.function_template(['apache/vhosts/partials/std_override_options.erb']) %> -<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> +<%= scope.function_template(['apache/vhosts/partials/php_settings.erb']) %> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> +<%= scope.function_template(['apache/vhosts/partials/authentication.erb']) %> <% if vhost_part != :ssl -%> # Always rewrite login's @@ -13,4 +13,4 @@ RewriteCond %{QUERY_STRING} subView=core\.UserLogin RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] <% end -%> - \ No newline at end of file + diff --git a/templates/vhosts/php_joomla/partial.erb b/templates/vhosts/php_joomla/partial.erb index fa095ff..526352a 100644 --- a/templates/vhosts/php_joomla/partial.erb +++ b/templates/vhosts/php_joomla/partial.erb @@ -1,9 +1,9 @@ /"> -<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> +<%= scope.function_template(['apache/vhosts/partials/std_override_options.erb']) %> -<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> +<%= scope.function_template(['apache/vhosts/partials/php_settings.erb']) %> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> +<%= scope.function_template(['apache/vhosts/partials/authentication.erb']) %> Include include.d/joomla.inc @@ -16,4 +16,4 @@ RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} (.*/administrator/.*) RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] -
\ No newline at end of file +
diff --git a/templates/vhosts/php_mediawiki/partial.erb b/templates/vhosts/php_mediawiki/partial.erb index 38f9663..cf30f5f 100644 --- a/templates/vhosts/php_mediawiki/partial.erb +++ b/templates/vhosts/php_mediawiki/partial.erb @@ -4,7 +4,7 @@ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-d RewriteRule ^/?index.php/(.*)$ /index.php?title=$1 [PT,L,QSA] <% end -%> -<%= scope.function_template('apache/vhosts/php/partial.erb') %> +<%= scope.function_template(['apache/vhosts/php/partial.erb']) %> /typo3/"> RewriteEngine on @@ -13,4 +13,4 @@ RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} (.*/typo3/.*) RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] - \ No newline at end of file +
diff --git a/templates/vhosts/php_silverstripe/partial.erb b/templates/vhosts/php_silverstripe/partial.erb index a398829..89a6052 100644 --- a/templates/vhosts/php_silverstripe/partial.erb +++ b/templates/vhosts/php_silverstripe/partial.erb @@ -6,11 +6,11 @@ <% end -%> /"> -<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> +<%= scope.function_template(['apache/vhosts/partials/std_override_options.erb']) %> -<%= scope.function_template('apache/vhosts/partials/php_settings.erb') %> +<%= scope.function_template(['apache/vhosts/partials/php_settings.erb']) %> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> +<%= scope.function_template(['apache/vhosts/partials/authentication.erb']) %> Include include.d/silverstripe.inc - \ No newline at end of file +
diff --git a/templates/vhosts/php_typo3/partial.erb b/templates/vhosts/php_typo3/partial.erb index 776fff2..5c06570 100644 --- a/templates/vhosts/php_typo3/partial.erb +++ b/templates/vhosts/php_typo3/partial.erb @@ -1,4 +1,4 @@ -<%= scope.function_template('apache/vhosts/php/partial.erb') %> +<%= scope.function_template(['apache/vhosts/php/partial.erb']) %> /typo3/"> RewriteEngine on @@ -7,4 +7,4 @@ RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} (.*/typo3/.*) RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R] - \ No newline at end of file +
diff --git a/templates/vhosts/proxy/partial.erb b/templates/vhosts/proxy/partial.erb index f0d4c9d..bbf3c64 100644 --- a/templates/vhosts/proxy/partial.erb +++ b/templates/vhosts/proxy/partial.erb @@ -1,8 +1,8 @@ Order deny,allow Allow from all -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> +<%= scope.function_template(['apache/vhosts/partials/authentication.erb']) %> ProxyRequests Off ProxyPass / <%= options %>/ - ProxyPassReverse / <%= options %>/ \ No newline at end of file + ProxyPassReverse / <%= options %>/ diff --git a/templates/vhosts/redirect/partial.erb b/templates/vhosts/redirect/partial.erb index bd012c8..3b7af7a 100644 --- a/templates/vhosts/redirect/partial.erb +++ b/templates/vhosts/redirect/partial.erb @@ -1 +1 @@ - Redirect permanent / https://<%= options %> \ No newline at end of file + Redirect permanent / https://<%= options %> diff --git a/templates/vhosts/static/partial.erb b/templates/vhosts/static/partial.erb index 78dc925..f2cc46b 100644 --- a/templates/vhosts/static/partial.erb +++ b/templates/vhosts/static/partial.erb @@ -1,5 +1,5 @@ /"> -<%= scope.function_template('apache/vhosts/partials/std_override_options.erb') %> +<%= scope.function_template(['apache/vhosts/partials/std_override_options.erb']) %> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> - \ No newline at end of file +<%= scope.function_template(['apache/vhosts/partials/authentication.erb']) %> +
diff --git a/templates/vhosts/webdav/partial.erb b/templates/vhosts/webdav/partial.erb index 2f78d7b..d89da50 100644 --- a/templates/vhosts/webdav/partial.erb +++ b/templates/vhosts/webdav/partial.erb @@ -9,7 +9,7 @@ Options Indexes <%- end -%> -<%= scope.function_template('apache/vhosts/partials/authentication.erb') %> +<%= scope.function_template(['apache/vhosts/partials/authentication.erb']) %> <%- if ldap_auth.to_s == 'true' then -%> Include include.d/ldap_auth.inc <%- unless ldap_user.to_s == 'any' -%> -- cgit v1.2.3 From fe4113a36c48128474a2d7c3784c50d5af3e3931 Mon Sep 17 00:00:00 2001 From: o Date: Fri, 28 Dec 2012 13:42:31 +0100 Subject: add a workaround for http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh to all wordpress vhosts mend --- templates/vhosts/php_wordpress/partial.erb | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 templates/vhosts/php_wordpress/partial.erb (limited to 'templates') diff --git a/templates/vhosts/php_wordpress/partial.erb b/templates/vhosts/php_wordpress/partial.erb new file mode 100644 index 0000000..972ab99 --- /dev/null +++ b/templates/vhosts/php_wordpress/partial.erb @@ -0,0 +1,6 @@ +<%= scope.function_template(['apache/vhosts/php/partial.erb']) %> + +# fixes: http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh +/wp-content/w3tc/dbcache"> + Deny From All + -- cgit v1.2.3 From 966956844377b8aa28dba04a7460678b3d73730b Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 10 Mar 2013 16:46:51 +0100 Subject: introduce logprefix --- templates/vhosts/partials/logs.erb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/partials/logs.erb b/templates/vhosts/partials/logs.erb index 650b204..68403a8 100644 --- a/templates/vhosts/partials/logs.erb +++ b/templates/vhosts/partials/logs.erb @@ -3,12 +3,12 @@ ErrorLog /dev/null CustomLog /dev/null <% when 'semianonym' -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log noip + ErrorLog <%= logdir %>/<%= logprefix %>error_log + CustomLog <%= logdir %>/<%= logprefix %>access_log noip <% when 'anonym' -%> ErrorLog /dev/null - CustomLog <%= logdir %>/access_log noip + CustomLog <%= logdir %>/<%= logprefix %>access_log noip <% else -%> - ErrorLog <%= logdir %>/error_log - CustomLog <%= logdir %>/access_log combined + ErrorLog <%= logdir %>/<%= logprefix %>error_log + CustomLog <%= logdir %>/<%= logprefix %>access_log combined <% end -%> -- cgit v1.2.3 From 9c17d2b696e026eeca9d4c4b862f839479bbae64 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 17 Mar 2013 15:51:55 +0100 Subject: deny directories that shouldn't be web accessible --- templates/vhosts/php_joomla/partial.erb | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'templates') diff --git a/templates/vhosts/php_joomla/partial.erb b/templates/vhosts/php_joomla/partial.erb index 526352a..3046129 100644 --- a/templates/vhosts/php_joomla/partial.erb +++ b/templates/vhosts/php_joomla/partial.erb @@ -17,3 +17,16 @@ RewriteCond %{REQUEST_URI} (.*/administrator/.*) RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
+ + # Deny various directories that + # shouldn't be webaccessible + /tmp/"> + Deny From All + + /logs/"> + Deny From All + + /cli/"> + Deny From All + + -- cgit v1.2.3 From 2671311f38f8891d76b55c08d5ea1b2d9599ecad Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 20 Mar 2013 21:51:36 +0100 Subject: make things puppet 3 ready --- templates/vhosts/default.erb | 9 +++------ templates/vhosts/itk_plus.erb | 6 +----- 2 files changed, 4 insertions(+), 11 deletions(-) (limited to 'templates') diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb index 62edf69..809cd9b 100644 --- a/templates/vhosts/default.erb +++ b/templates/vhosts/default.erb @@ -4,13 +4,10 @@ vhost_parts = case ssl_mode when false,'false' then [:normal] else [:normal,:ssl] end -vhost_parts.each do |vhost_part| - scope.unsetvar('vhost_part') - scope.setvar('vhost_part',vhost_part) --%> +vhost_parts.each do |vhost_part| -%> > -<%= scope.function_template(['apache/vhosts/partials/header_default.erb']) %> +<%= scope.function_templatewlv(['apache/vhosts/partials/header_default.erb', {'vhost_part' => vhost_part } ]) %> <%= scope.function_template(['apache/vhosts/partials/logs.erb']) %> @@ -33,7 +30,7 @@ vhost_parts.each do |vhost_part| RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <% else -%> -<%= scope.function_template([template_partial]) %> +<%= scope.function_templatewlv([template_partial, {'vhost_part' => vhost_part } ]) %> <% end -%> <%- unless template_partial == 'apache/vhosts/itk_plus/partial.erb' -%> <%= scope.function_template(['apache/vhosts/partials/mod_security.erb']) %> diff --git a/templates/vhosts/itk_plus.erb b/templates/vhosts/itk_plus.erb index b7cb180..b546196 100644 --- a/templates/vhosts/itk_plus.erb +++ b/templates/vhosts/itk_plus.erb @@ -2,9 +2,5 @@ <%= scope.function_template(['apache/vhost/default.erb']) %> -<% - scope.unsetvar('template_partial') - scope.setvar('template_partial','apache/vhosts/itk_plus/partial.erb') --%> -<%= scope.function_template(['apache/vhost/default.erb']) %> +<%= scope.function_templatewlv(['apache/vhost/default.erb', {'template_partial' => 'apache/vhosts/itk_plus/partial.erb' }]) %> -- cgit v1.2.3