ServerName {{ ansible_fqdn }} ServerAdmin webmaster@localhost DocumentRoot /var/www/ RewriteEngine on # Redirect to HTTPS, execpt for munin, because some plugins # can't handle HTTPS! :( RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC] [OR] RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC] RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent] Require ip 127.0.0.1 ServerName {{ ansible_fqdn }} ServerAdmin webmaster@localhost DocumentRoot /var/www/ SSLEngine on SSLCertificateFile {{ apache_evolinux_default_ssl_cert }} SSLCertificateKeyFile {{ apache_evolinux_default_ssl_key }} # We override these 2 Directory directives setted in apache2.conf. # We want no access except from allowed IP address. Options -Indexes Require all denied Include /etc/apache2/private_ipaddr_whitelist.conf Options -Indexes Require all denied Include /etc/apache2/private_ipaddr_whitelist.conf # Munin. We need to set Directory directive as Alias take precedence. Alias /munin /var/cache/munin/www Options -Indexes Require all denied Include /etc/apache2/private_ipaddr_whitelist.conf Options -Indexes Require all denied Include /etc/apache2/private_ipaddr_whitelist.conf # Munin cgi # Ensure we can run (fast)cgi scripts ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph Options +ExecCGI SetHandler fcgid-script SetHandler fastcgi-script SetHandler cgi-script Allow from all # For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence. ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Require all denied Include /etc/apache2/private_ipaddr_whitelist.conf CustomLog /var/log/apache2/access.log vhost_combined ErrorLog /var/log/apache2/error.log LogLevel warn Alias /phpmyadmin-{{ apache_phpmyadmin_suffix }} /usr/share/phpmyadmin/ IncludeOptional /etc/apache2/conf-available/phpmyadmin* Require all denied