# <%= servername %> <%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- end -%> <%- unless ssl_mode.to_s == 'only' then -%> Include include.d/defaults.inc ServerName <%= servername %> <%- unless serveralias.to_s.empty? then -%> ServerAlias <%= serveralias %> <%- end -%> <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> ServerAdmin <%= server_admin %> <%- end -%> DocumentRoot <%= documentroot %>/ <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> # silverstripe RedirectMatch /admin(.*) https://<%= servername %>/admin$1 RedirectMatch /Security(.*) https://<%= servername %>/Security$1 <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> <%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> <%- end -%> php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> php_admin_value session.save_path <%= real_php_session_save_path %> <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> <%- end -%> # silverstripe .htaccess Order deny,allow Deny from all #Allow from 127.0.0.1 RewriteEngine On #RewriteBase / RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) RewriteCond %{REQUEST_URI} ^(.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] <%- end -%> <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> <%- end -%> <%- unless ssl_mode.to_s == 'false' then -%> Include include.d/defaults.inc Include include.d/ssl_defaults.inc ServerName <%= servername %> <%- unless serveralias.to_s.empty? then -%> ServerAlias <%= serveralias %> <%- end -%> <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> ServerAdmin <%= server_admin %> <%- end -%> DocumentRoot <%= documentroot %>/ <%= scope.function_template('apache/vhosts/partials/logs.erb') %> <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> AssignUserId <%= run_uid+" "+run_gid %> <%- end -%> Header add Strict-Transport-Security "max-age=15768000" /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> <%= scope.function_template('apache/vhosts/partials/authentication.erb') %> php_admin_flag engine on <%- unless php_default_charset.to_s == 'absent' then -%> php_admin_value default_charset <%= php_default_charset %> <%- end -%> php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> php_admin_value session.save_path <%= real_php_session_save_path %> <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%> php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %> <%- end -%> # turn allow_url_fopen on for the extension manager fetch php_admin_value allow_url_fopen On # silverstripe .htaccess Order deny,allow Deny from all #Allow from 127.0.0.1 RewriteEngine On #RewriteBase / RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) RewriteCond %{REQUEST_URI} ^(.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- end -%> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%> <%- unless ssl_mode.to_s == 'only' then -%> Include include.d/defaults.inc ServerName <%= servername %> <%- unless serveralias.to_s.empty? then -%> ServerAlias <%= serveralias %> <%- end -%> <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> ServerAdmin <%= server_admin %> <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> DocumentRoot <%= documentroot %>/ DirectoryIndex index.htm index.html index.php <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off <%- if run_mode.to_s == 'static-itk' -%> ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1 <%- else -%> ProxyPass / http://127.0.0.1/ <%- end -%> ProxyPassReverse / http://127.0.0.1/ <%- if ssl_mode.to_s == 'force' then -%> RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L] <%- end -%> # silverstripe RedirectMatch /admin(.*) https://<%= servername %>/admin$1 RedirectMatch /Security(.*) https://<%= servername %>/Security$1 <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> <%- if run_mode.to_s == 'static-itk' then -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> <%= scope.function_template('apache/vhosts/partials/authentication.erb') %> # silverstripe .htaccess Order deny,allow Deny from all #Allow from 127.0.0.1 RewriteEngine On #RewriteBase / RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) RewriteCond %{REQUEST_URI} ^(.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] <%- end -%> <%- end -%> <%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> <%- end -%> <%- unless ssl_mode.to_s == 'false' then -%> Include include.d/defaults.inc Include include.d/ssl_defaults.inc ServerName <%= servername %> <%- unless serveralias.to_s.empty? then -%> ServerAlias <%= serveralias %> <%- end -%> <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> ServerAdmin <%= server_admin %> <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> DocumentRoot <%= documentroot %>/ DirectoryIndex index.htm index.html index.php <%- end -%> <%= scope.function_template('apache/vhosts/partials/logs.erb') %> ProxyPreserveHost On ProxyRequests off SSLProxyEngine On <%- if run_mode.to_s == 'static-itk' -%> ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1 <%- else -%> ProxyPass / https://127.0.0.1/ <%- end -%> ProxyPassReverse / https://127.0.0.1/ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> Header add Strict-Transport-Security "max-age=15768000" <%- if run_mode.to_s == 'static-itk' -%> /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> <%- end -%> <%= scope.function_template('apache/vhosts/partials/authentication.erb') %> # silverstripe .htaccess Order deny,allow Deny from all #Allow from 127.0.0.1 RewriteEngine On #RewriteBase / RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) RewriteCond %{REQUEST_URI} ^(.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] <%- end -%> <%= scope.function_template('apache/vhosts/partials/mod_security.erb') %> <%- unless additional_options.to_s == 'absent' then -%> <%= additional_options %> <%- end -%> <%- end -%> <%- end -%>