forked from evolix/ansible-roles
106 lines
3.4 KiB
Django/Jinja
106 lines
3.4 KiB
Django/Jinja
<VirtualHost *:80>
|
|
ServerName {{ ansible_fqdn }}
|
|
#ServerAlias {{ ansible_fqdn }}
|
|
|
|
DocumentRoot /var/www/
|
|
|
|
<Directory />
|
|
Include /etc/apache2/private_ipaddr_whitelist.conf
|
|
</Directory>
|
|
<Directory /var/www/>
|
|
Options -Indexes
|
|
Require all denied
|
|
Include /etc/apache2/private_ipaddr_whitelist.conf
|
|
</Directory>
|
|
|
|
# Munin. We need to set Directory directive as Alias take precedence.
|
|
Alias /munin /var/cache/munin/www
|
|
<Directory /var/cache/munin/>
|
|
Require all denied
|
|
Include /etc/apache2/private_ipaddr_whitelist.conf
|
|
</Directory>
|
|
<Directory /usr/lib/munin/cgi/>
|
|
Options -Indexes
|
|
Require all denied
|
|
Include /etc/apache2/private_ipaddr_whitelist.conf
|
|
</Directory>
|
|
|
|
# For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence.
|
|
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
|
|
<Directory /usr/lib/cgi-bin>
|
|
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
|
Require all denied
|
|
Include /etc/apache2/private_ipaddr_whitelist.conf
|
|
</Directory>
|
|
|
|
CustomLog /var/log/apache2/access.log vhost_combined
|
|
ErrorLog /var/log/apache2/error.log
|
|
LogLevel warn
|
|
|
|
<IfModule mod_ssl.c>
|
|
RewriteEngine on
|
|
# Redirect to HTTPS, execpt for munin, because some plugins
|
|
# can't handle HTTPS! :(
|
|
RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC] [OR]
|
|
RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC]
|
|
RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent]
|
|
</IfModule>
|
|
|
|
<Location /munin_opcache.php>
|
|
Require local
|
|
</Location>
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName {{ ansible_fqdn }}
|
|
#ServerAlias {{ ansible_fqdn }}
|
|
|
|
DocumentRoot /var/www/
|
|
|
|
<Directory />
|
|
Include /etc/apache2/private_ipaddr_whitelist.conf
|
|
</Directory>
|
|
<Directory /var/www/>
|
|
Options -Indexes
|
|
Require all denied
|
|
Include /etc/apache2/private_ipaddr_whitelist.conf
|
|
</Directory>
|
|
|
|
SSLEngine on
|
|
SSLCertificateFile {{ apache_evolinux_default_ssl_cert }}
|
|
SSLCertificateKeyFile {{ apache_evolinux_default_ssl_key }}
|
|
|
|
# We override these 2 Directory directives setted in apache2.conf.
|
|
# We want no access except from allowed IP address.
|
|
<Directory />
|
|
Include /etc/apache2/private_ipaddr_whitelist.conf
|
|
</Directory>
|
|
|
|
# Munin. We need to set Directory directive as Alias take precedence.
|
|
Alias /munin /var/cache/munin/www
|
|
<Directory /var/cache/munin/>
|
|
Require all denied
|
|
Include /etc/apache2/private_ipaddr_whitelist.conf
|
|
</Directory>
|
|
<Directory /usr/lib/munin/cgi/>
|
|
Options -Indexes
|
|
Require all denied
|
|
Include /etc/apache2/private_ipaddr_whitelist.conf
|
|
</Directory>
|
|
|
|
# For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence.
|
|
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
|
|
<Directory /usr/lib/cgi-bin>
|
|
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
|
Require all denied
|
|
Include /etc/apache2/private_ipaddr_whitelist.conf
|
|
</Directory>
|
|
|
|
CustomLog /var/log/apache2/access.log vhost_combined
|
|
ErrorLog /var/log/apache2/error.log
|
|
LogLevel warn
|
|
|
|
</VirtualHost>
|
|
</IfModule>
|