ServerName {{ ansible_fqdn }} #ServerAlias {{ ansible_fqdn }} DocumentRoot /var/www/ Include /etc/apache2/ipaddr_whitelist.conf Options -Indexes Require all denied Include /etc/apache2/ipaddr_whitelist.conf # Munin. We need to set Directory directive as Alias take precedence. Alias /munin /var/cache/munin/www Require all denied Include /etc/apache2/ipaddr_whitelist.conf # munin-cgi-graph, used for zooming on graphs. ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph Options +ExecCGI Require all denied Include /etc/apache2/ipaddr_whitelist.conf # For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence. ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Require all denied Include /etc/apache2/ipaddr_whitelist.conf CustomLog /var/log/apache2/access.log vhost_combined ErrorLog /var/log/apache2/error.log LogLevel warn RewriteEngine on # Redirect to HTTPS, execpt for munin, because some plugins # can't handle HTTPS! :( RewriteCond %{REQUEST_URI} !^/.well-known.*$ [NC] [OR] RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC] [OR] RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC] RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent] Require local SetHandler server-status include /etc/apache2/ipaddr_whitelist.conf Require local SecRuleEngine Off ServerName {{ ansible_fqdn }} #ServerAlias {{ ansible_fqdn }} DocumentRoot /var/www/ # We override these 2 Directory directives setted in apache2.conf. # We want no access except from allowed IP address. Include /etc/apache2/ipaddr_whitelist.conf Options -Indexes Require all denied Include /etc/apache2/ipaddr_whitelist.conf SSLEngine on SSLCertificateFile {{ apache_evolinux_default_ssl_cert }} SSLCertificateKeyFile {{ apache_evolinux_default_ssl_key }} # Munin. We need to set Directory directive as Alias take precedence. Alias /munin /var/cache/munin/www Require all denied Include /etc/apache2/ipaddr_whitelist.conf Options -Indexes Require all denied Include /etc/apache2/ipaddr_whitelist.conf # For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence. ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Require all denied Include /etc/apache2/ipaddr_whitelist.conf ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph Options +ExecCGI SetHandler fcgid-script Require all denied Include /etc/apache2/ipaddr_whitelist.conf # BEGIN phpMyAdmin section # END phpMyAdmin section CustomLog /var/log/apache2/access.log vhost_combined ErrorLog /var/log/apache2/error.log LogLevel warn SetHandler server-status include /etc/apache2/ipaddr_whitelist.conf Require local SecRuleEngine Off