2017-07-06 14:51:40 +02:00
|
|
|
<VirtualHost *:80>
|
2016-11-07 14:00:57 +01:00
|
|
|
ServerName {{ ansible_fqdn }}
|
2017-07-22 22:40:31 +02:00
|
|
|
#ServerAlias {{ ansible_fqdn }}
|
2017-07-06 14:51:40 +02:00
|
|
|
|
2017-07-18 17:05:47 +02:00
|
|
|
DocumentRoot /var/www/
|
|
|
|
|
2017-07-22 22:40:31 +02:00
|
|
|
<Directory />
|
2017-08-18 02:31:41 +02:00
|
|
|
Include /etc/apache2/ipaddr_whitelist.conf
|
2017-07-22 22:40:31 +02:00
|
|
|
</Directory>
|
|
|
|
<Directory /var/www/>
|
|
|
|
Options -Indexes
|
|
|
|
Require all denied
|
2017-08-18 02:31:41 +02:00
|
|
|
Include /etc/apache2/ipaddr_whitelist.conf
|
2017-07-22 22:40:31 +02:00
|
|
|
</Directory>
|
|
|
|
|
|
|
|
# Munin. We need to set Directory directive as Alias take precedence.
|
|
|
|
Alias /munin /var/cache/munin/www
|
|
|
|
<Directory /var/cache/munin/>
|
|
|
|
Require all denied
|
2017-08-18 02:31:41 +02:00
|
|
|
Include /etc/apache2/ipaddr_whitelist.conf
|
2017-07-22 22:40:31 +02:00
|
|
|
</Directory>
|
2017-07-20 09:33:22 +02:00
|
|
|
# munin-cgi-graph, used for zooming on graphs.
|
2017-07-19 18:25:22 +02:00
|
|
|
ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
|
|
|
|
<Location /munin-cgi/munin-cgi-graph>
|
|
|
|
Options +ExecCGI
|
2017-07-22 22:40:31 +02:00
|
|
|
Require all denied
|
2017-10-07 12:56:05 +02:00
|
|
|
Include /etc/apache2/ipaddr_whitelist.conf
|
2017-07-19 18:25:22 +02:00
|
|
|
</Location>
|
2017-07-22 22:40:31 +02:00
|
|
|
|
|
|
|
# For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence.
|
|
|
|
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
|
|
|
|
<Directory /usr/lib/cgi-bin>
|
|
|
|
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
|
|
|
Require all denied
|
2017-08-18 02:31:41 +02:00
|
|
|
Include /etc/apache2/ipaddr_whitelist.conf
|
2017-07-22 22:40:31 +02:00
|
|
|
</Directory>
|
|
|
|
|
|
|
|
CustomLog /var/log/apache2/access.log vhost_combined
|
|
|
|
ErrorLog /var/log/apache2/error.log
|
|
|
|
LogLevel warn
|
|
|
|
|
|
|
|
<IfModule mod_ssl.c>
|
2017-07-28 21:27:34 +02:00
|
|
|
RewriteEngine on
|
|
|
|
# Redirect to HTTPS, execpt for munin, because some plugins
|
|
|
|
# can't handle HTTPS! :(
|
|
|
|
RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC] [OR]
|
|
|
|
RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC]
|
|
|
|
RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent]
|
2017-07-22 22:40:31 +02:00
|
|
|
</IfModule>
|
2017-07-18 17:05:47 +02:00
|
|
|
|
|
|
|
<Location /munin_opcache.php>
|
2017-07-28 21:28:03 +02:00
|
|
|
Require local
|
2017-07-18 17:05:47 +02:00
|
|
|
</Location>
|
2017-07-28 21:28:19 +02:00
|
|
|
|
|
|
|
<IfModule mod_status.c>
|
2018-01-02 19:41:32 +01:00
|
|
|
<Location /server-status-{{ apache_serverstatus_suffix | mandatory }}>
|
2017-07-28 21:28:19 +02:00
|
|
|
SetHandler server-status
|
2017-08-18 02:31:41 +02:00
|
|
|
include /etc/apache2/ipaddr_whitelist.conf
|
2017-07-28 21:28:19 +02:00
|
|
|
Require local
|
|
|
|
</Location>
|
|
|
|
</IfModule>
|
|
|
|
|
2017-07-06 14:51:40 +02:00
|
|
|
</VirtualHost>
|
|
|
|
|
2017-07-22 22:40:31 +02:00
|
|
|
<IfModule mod_ssl.c>
|
2017-07-28 21:27:34 +02:00
|
|
|
<VirtualHost *:443>
|
|
|
|
ServerName {{ ansible_fqdn }}
|
|
|
|
#ServerAlias {{ ansible_fqdn }}
|
2017-07-06 14:51:40 +02:00
|
|
|
|
2017-07-28 21:27:34 +02:00
|
|
|
DocumentRoot /var/www/
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2017-09-07 01:20:12 +02:00
|
|
|
# We override these 2 Directory directives setted in apache2.conf.
|
|
|
|
# We want no access except from allowed IP address.
|
2017-07-28 21:27:34 +02:00
|
|
|
<Directory />
|
2017-08-18 02:31:41 +02:00
|
|
|
Include /etc/apache2/ipaddr_whitelist.conf
|
2017-07-28 21:27:34 +02:00
|
|
|
</Directory>
|
|
|
|
<Directory /var/www/>
|
|
|
|
Options -Indexes
|
|
|
|
Require all denied
|
2017-08-18 02:31:41 +02:00
|
|
|
Include /etc/apache2/ipaddr_whitelist.conf
|
2017-07-28 21:27:34 +02:00
|
|
|
</Directory>
|
2017-07-22 22:40:31 +02:00
|
|
|
|
2017-07-28 21:27:34 +02:00
|
|
|
SSLEngine on
|
|
|
|
SSLCertificateFile {{ apache_evolinux_default_ssl_cert }}
|
|
|
|
SSLCertificateKeyFile {{ apache_evolinux_default_ssl_key }}
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2017-07-28 21:27:34 +02:00
|
|
|
# Munin. We need to set Directory directive as Alias take precedence.
|
|
|
|
Alias /munin /var/cache/munin/www
|
|
|
|
<Directory /var/cache/munin/>
|
|
|
|
Require all denied
|
2017-08-18 02:31:41 +02:00
|
|
|
Include /etc/apache2/ipaddr_whitelist.conf
|
2017-07-28 21:27:34 +02:00
|
|
|
</Directory>
|
|
|
|
<Directory /usr/lib/munin/cgi/>
|
|
|
|
Options -Indexes
|
|
|
|
Require all denied
|
2017-08-18 02:31:41 +02:00
|
|
|
Include /etc/apache2/ipaddr_whitelist.conf
|
2017-07-28 21:27:34 +02:00
|
|
|
</Directory>
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2017-07-28 21:27:34 +02:00
|
|
|
# For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence.
|
|
|
|
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
|
|
|
|
<Directory /usr/lib/cgi-bin>
|
|
|
|
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
|
|
|
Require all denied
|
2017-08-18 02:31:41 +02:00
|
|
|
Include /etc/apache2/ipaddr_whitelist.conf
|
2017-07-28 21:27:34 +02:00
|
|
|
</Directory>
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2017-09-07 01:16:45 +02:00
|
|
|
# BEGIN phpMyAdmin section
|
|
|
|
# END phpMyAdmin section
|
2017-09-06 19:34:04 +02:00
|
|
|
|
2017-07-28 21:27:34 +02:00
|
|
|
CustomLog /var/log/apache2/access.log vhost_combined
|
|
|
|
ErrorLog /var/log/apache2/error.log
|
|
|
|
LogLevel warn
|
|
|
|
|
2017-07-28 21:28:19 +02:00
|
|
|
<IfModule mod_status.c>
|
2018-01-02 19:41:32 +01:00
|
|
|
<Location /server-status-{{ apache_serverstatus_suffix | mandatory }}>
|
2017-07-28 21:28:19 +02:00
|
|
|
SetHandler server-status
|
2017-08-18 02:31:41 +02:00
|
|
|
include /etc/apache2/ipaddr_whitelist.conf
|
2017-07-28 21:28:19 +02:00
|
|
|
Require local
|
|
|
|
</Location>
|
|
|
|
</IfModule>
|
|
|
|
|
2017-07-28 21:27:34 +02:00
|
|
|
</VirtualHost>
|
2017-07-22 22:40:31 +02:00
|
|
|
</IfModule>
|