summaryrefslogtreecommitdiff
path: root/templates/vhosts/default.erb
blob: 41879c8e17b741f6123038bf60bffad95aa42efa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<%
vhost_parts = case ssl_mode
  when 'only' then [:ssl]
  when false then  [:normal]
  when 'false' then  [:normal]
  else [:normal,:ssl]
end
vhost_parts.each do |vhost_part|
  scope.unsetvar('vhost_part')
  scope.setvar('vhost_part',vhost_part)
-%>
<VirtualHost *:<%= vhost_part == :ssl ? '443' : '80' %> >

<%= scope.function_template('apache/vhosts/partials/header_default.erb') %>

<%= scope.function_template('apache/vhosts/partials/logs.erb') %>

  <% if ssl_mode == 'force' && vhost_part == :normal -%>
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L]
  <% else -%>
<%= scope.function_template(template_partial) %>
  <% end -%>
  <IfModule mod_security2.c>
    <%- if mod_security.to_s == 'true' then -%>
    SecRuleEngine On
    <%- if mod_security_relevantonly.to_s == 'true' then -%>
    SecAuditEngine RelevantOnly
    <%- else -%>
    SecAuditEngine On
    <%- end -%>
    <%- else -%>
    SecRuleEngine Off
    SecAuditEngine Off
    <%- end -%>
    SecAuditLogType Concurrent
    SecAuditLogStorageDir <%= logdir %>/
    SecAuditLog <%= logdir %>/mod_security_audit.log
    SecDebugLog <%= logdir %>/mod_security_debug.log
  </IfModule>

  <%- unless additional_options.to_s == 'absent' then -%>
  <%= additional_options %>
  <%- end -%>
</VirtualHost>
<% end -%>