# <%= servername %>
<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<%- end -%>
<%- unless ssl_mode.to_s == 'only' then -%>
Include include.d/defaults.inc
ServerName <%= servername %>
<%- unless serveralias.to_s.empty? then -%>
ServerAlias <%= serveralias %>
<%- end -%>
<%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
ServerAdmin <%= server_admin %>
<%- end -%>
DocumentRoot <%= documentroot %>/
<%- case logmode.to_s
when 'nologs' -%>
ErrorLog /dev/null
CustomLog /dev/null
<%- when 'semianonym' -%>
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log noip
<%- when 'anonym' -%>
ErrorLog /dev/null
CustomLog <%= logdir %>/access_log noip
<%- else -%>
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
<%- if ssl_mode.to_s == 'force' then -%>
Redirect permanent / https://<%= servername %>/
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
<%- end -%>
<%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
AssignUserId <%= run_uid+" "+run_gid %>
<%- end -%>
<%- if not ssl_mode.to_s == 'force' then -%>
/">
AllowOverride <%= allow_override %>
<%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
<%- end -%>
<%- unless htpasswd_file.to_s == 'absent' then -%>
AuthType Basic
AuthName "Access fuer <%= servername %>"
AuthUserFile <%= real_htpasswd_path %>
require valid-user
<%- end -%>
php_admin_flag engine on
<%- unless php_default_charset.to_s == 'absent' then -%>
php_admin_value default_charset <%= php_default_charset %>
<%- end -%>
php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>
php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %>
php_admin_value session.save_path <%= real_php_session_save_path %>
<%- end -%>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
<%- if mod_security_relevantonly.to_s == 'true' then -%>
SecAuditEngine RelevantOnly
<%- else -%>
SecAuditEngine On
<%- end -%>
<%- else -%>
SecRuleEngine Off
SecAuditEngine Off
<%- end -%>
SecAuditLogType Concurrent
SecAuditLogStorageDir <%= logdir %>/
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
<%- end -%>
<%- end -%>
<%- unless ssl_mode.to_s == 'false' then -%>
Include include.d/defaults.inc
Include include.d/ssl_defaults.inc
ServerName <%= servername %>
<%- unless serveralias.to_s.empty? then -%>
ServerAlias <%= serveralias %>
<%- end -%>
<%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
ServerAdmin <%= server_admin %>
<%- end -%>
DocumentRoot <%= documentroot %>/
<%- case logmode.to_s
when 'nologs' -%>
ErrorLog /dev/null
CustomLog /dev/null
<%- when 'semianonym' -%>
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log noip
<%- when 'anonym' -%>
ErrorLog /dev/null
CustomLog <%= logdir %>/access_log noip
<%- else -%>
ErrorLog <%= logdir %>/error_log
CustomLog <%= logdir %>/access_log combined
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
<%- end -%>
<%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
AssignUserId <%= run_uid+" "+run_gid %>
<%- end -%>
/">
AllowOverride <%= allow_override %>
<%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
<%- end -%>
<%- unless htpasswd_file.to_s == 'absent' then -%>
AuthType Basic
AuthName "Access fuer <%= servername %>"
AuthUserFile <%= real_htpasswd_path %>
require valid-user
<%- end -%>
php_admin_flag engine on
<%- unless php_default_charset.to_s == 'absent' then -%>
php_admin_value default_charset <%= php_default_charset %>
<%- end -%>
php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>
php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %>
php_admin_value session.save_path <%= real_php_session_save_path %>
<%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
<%- if mod_security_relevantonly.to_s == 'true' then -%>
SecAuditEngine RelevantOnly
<%- else -%>
SecAuditEngine On
<%- end -%>
<%- else -%>
SecRuleEngine Off
SecAuditEngine Off
<%- end -%>
SecAuditLogType Concurrent
SecAuditLogStorageDir <%= logdir %>/
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
<%- end -%>
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
<%- end -%>
<%- end -%>
<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
<%- unless ssl_mode.to_s == 'only' then -%>
Include include.d/defaults.inc
ServerName <%= servername %>
<%- unless serveralias.to_s.empty? then -%>
ServerAlias <%= serveralias %>
<%- end -%>
<%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
ServerAdmin <%= server_admin %>
<%- end -%>
<%- if run_mode.to_s == 'static-itk' -%>
DocumentRoot <%= documentroot %>/
DirectoryIndex index.htm index.html index.php
<%- end -%>
<%- case logmode.to_s
when 'nologs' -%>
ErrorLog /dev/null
CustomLog /dev/null
<%- when 'semianonym' -%>
ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
<%- when 'anonym' -%>
ErrorLog /dev/null
CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
<%- else -%>
ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
<%- end -%>
ProxyPreserveHost On
ProxyRequests off
<%- if run_mode.to_s == 'static-itk' -%>
ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1
<%- else -%>
ProxyPass / http://127.0.0.1/
<%- end -%>
ProxyPassReverse / http://127.0.0.1/
<%- if ssl_mode.to_s == 'force' then -%>
Redirect permanent / https://<%= servername %>/
<%- end -%>
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
<%- end -%>
<%- if run_mode.to_s == 'static-itk' then -%>
<%- if not ssl_mode.to_s == 'force' then -%>
/">
AllowOverride <%= allow_override %>
<%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
<%- end -%>
<%- unless htpasswd_file.to_s == 'absent' then -%>
AuthType Basic
AuthName "Access fuer <%= servername %>"
AuthUserFile <%= real_htpasswd_path %>
require valid-user
<%- end -%>
<%- end -%>
<%- end -%>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
<%- if mod_security_relevantonly.to_s == 'true' then -%>
SecAuditEngine RelevantOnly
<%- else -%>
SecAuditEngine On
<%- end -%>
<%- else -%>
SecRuleEngine Off
SecAuditEngine Off
<%- end -%>
SecAuditLogType Concurrent
SecAuditLogStorageDir <%= logdir %>/
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
<%- end -%>
<%- end -%>
<%- unless ssl_mode.to_s == 'false' then -%>
Include include.d/defaults.inc
Include include.d/ssl_defaults.inc
ServerName <%= servername %>
<%- unless serveralias.to_s.empty? then -%>
ServerAlias <%= serveralias %>
<%- end -%>
<%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
ServerAdmin <%= server_admin %>
<%- end -%>
<%- if run_mode.to_s == 'static-itk' -%>
DocumentRoot <%= documentroot %>/
DirectoryIndex index.htm index.html index.php
<%- end -%>
<%- case logmode.to_s
when 'nologs' -%>
ErrorLog /dev/null
CustomLog /dev/null
<%- when 'semianonym' -%>
ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
<%- when 'anonym' -%>
ErrorLog /dev/null
CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
<%- else -%>
ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
<%- end -%>
ProxyPreserveHost On
ProxyRequests off
<%- if run_mode.to_s == 'static-itk' -%>
ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1
<%- else -%>
ProxyPass / https://127.0.0.1/
<%- end -%>
ProxyPassReverse / https://127.0.0.1/
<%- if default_charset.to_s != 'absent' then -%>
AddDefaultCharset <%= default_charset %>
<%- end -%>
<%- if run_mode.to_s == 'static-itk' -%>
/">
AllowOverride <%= allow_override %>
<%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
<%- end -%>
<%- unless htpasswd_file.to_s == 'absent' then -%>
AuthType Basic
AuthName "Access fuer <%= servername %>"
AuthUserFile <%= real_htpasswd_path %>
require valid-user
<%- end -%>
<%- end -%>
<%- if mod_security.to_s == 'true' then -%>
SecRuleEngine On
<%- if mod_security_relevantonly.to_s == 'true' then -%>
SecAuditEngine RelevantOnly
<%- else -%>
SecAuditEngine On
<%- end -%>
<%- else -%>
SecRuleEngine Off
SecAuditEngine Off
<%- end -%>
SecAuditLogType Concurrent
SecAuditLogStorageDir <%= logdir %>/
SecAuditLog <%= logdir %>/mod_security_audit.log
SecDebugLog <%= logdir %>/mod_security_debug.log
<%- unless additional_options.to_s == 'absent' then -%>
<%= additional_options %>
<%- end -%>
<%- end -%>
<%- end -%>