templates/vhosts/php_joomla/CentOS.erb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

# <%= servername %>
<VirtualHost *:80>
    Include conf.d/defaults.inc

    ServerName <%= servername %>
    <%- unless serveralias.to_s.empty? then -%>
    ServerAlias <%= serveralias %>
    <%- end -%> 
    DocumentRoot <%= documentroot %>/

    ErrorLog <%= logdir %>/error_log
    CustomLog <%= logdir %>/access_log combined
    <%- if ssl_mode.to_s == 'force' then -%>
    Redirect permanent / https://<%= servername %>/
    <%- end -%>
    <%- if default_charset.to_s != 'absent' then -%>
    AddDefaultCharset <%= default_charset %>
    <%- end -%>
    <%- if run_mode.to_s == 'itk' -%>
    <IfModule mpm_itk_module>
        AssignUserId <%= run_uid+" "+run_gid %>
    </IfModule>
    <%- end -%>
    <%- if not ssl_mode.to_s == 'force' then -%>
    <Directory "<%= documentroot %>/">
        Include conf.d/joomla.inc

        AllowOverride <%= allow_override %>
        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%> <%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%>+Includes<%- end -%>

        <%- end -%>
        <%- unless htpasswd_file.to_s == 'absent' then -%>
        AuthType Basic
        AuthName "Access fuer <%= servername %>"
        AuthUserFile <%= real_htpasswd_path %>
        require valid-user
        <%- end -%>
        php_admin_flag engine on
        php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>
        php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %>
        php_admin_value session.save_path <%= real_php_session_save_path %>
    </Directory>
    <%- end -%>
	
    <Directory "<%= documentroot %>/administrator/">
        RewriteEngine on

        # Rewrite URLs to https that go for the admin area
        RewriteCond %{REMOTE_ADDR} !^127\.[0-9]+\.[0-9]+\.[0-9]+$
        RewriteCond %{HTTPS} !=on
        RewriteCond %{REQUEST_URI} (.*/administrator/.*)
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
    </Directory>

    <IfModule mod_security2.c>
        <%- if mod_security.to_s == 'true' then -%>
        SecRuleEngine On
        SecAuditLog <%= logdir %>/mod_security_audit.log
        SecDebugLog <%= logdir %>/mod_security_debug.log
        # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
        SecRuleRemoveById "960010"
        <%- else -%>
        SecRuleEngine Off
        <%- end -%>
    </IfModule>

    <%- unless additional_options.to_s == 'absent' then -%>
    <%= additional_options %>
    <%- end -%>
</VirtualHost>

<%- unless ssl_mode.to_s == 'false'  then -%>
<VirtualHost *:443>
    Include conf.d/defaults.inc
    Include conf.d/ssl_defaults.inc

    ServerName <%= servername %>
    <%- unless serveralias.to_s.empty? then -%>
    ServerAlias <%= serveralias %>
    <%- end -%> 
    DocumentRoot <%= documentroot %>/

    ErrorLog <%= logdir %>/error_log
    CustomLog <%= logdir %>/access_log combined
    <%- if default_charset.to_s != 'absent' then -%>
    AddDefaultCharset <%= default_charset %>
    <%- end -%>
    <%- if run_mode.to_s == 'itk' -%>
    <IfModule mpm_itk_module>
        AssignUserId <%= run_uid+" "+run_gid %>
    </IfModule>
    <%- end -%>
    <%- if ssl_mode.to_s == 'force' then -%>
    Redirect permanent / https://<%= servername %>/
    <%- end -%>
    <%- if default_charset.to_s != 'absent' then -%>
    AddDefaultCharset <%= default_charset %>
    <%- end -%>
    <Directory "<%= documentroot %>/">
        Include conf.d/joomla.inc

        AllowOverride <%= allow_override %>
        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%> <%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%>+Includes<%- end -%>

        <%- end -%>
        <%- unless htpasswd_file.to_s == 'absent' then -%>
        AuthType Basic
        AuthName "Access fuer <%= servername %>"
        AuthUserFile <%= real_htpasswd_path %>
        require valid-user
        <%- end -%>
        php_admin_flag engine on
        php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>
        php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %>
        php_admin_value session.save_path <%= real_php_session_save_path %>
    </Directory>

    <IfModule mod_security2.c>
        SecRuleEngine <%= if mod_security.to_s == 'true' then "On" else "Off" end %>
        <%- if mod_security.to_s == 'true' then -%>
        SecRuleEngine On
        SecAuditLog <%= logdir %>/mod_security_audit.log
        SecDebugLog <%= logdir %>/mod_security_debug.log
        # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
        SecRuleRemoveById "960010"
        <%- else -%>
        SecRuleEngine Off
        <%- end -%>
    </IfModule>

    <%- unless additional_options.to_s == 'absent' then -%>
    <%= additional_options %>
    <%- end -%>
</VirtualHost>
<%- end -%>