evolix
/
ansible-roles
22
2
Fork 2
Code Issues 61 Pull Requests 18 Releases 32 Wiki Activity
ansible-roles/apache/templates/evolinux-default.conf.j2

142 lines
4.5 KiB
Django/Jinja
Raw Blame History

<VirtualHost *:80>
ServerName {{ ansible_fqdn }}
#ServerAlias {{ ansible_fqdn }}
DocumentRoot /var/www/
<Directory />
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
<Directory /var/www/>
Options -Indexes
Require all denied
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
# Munin. We need to set Directory directive as Alias take precedence.
Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/>
Require all denied
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
# munin-cgi-graph, used for zooming on graphs.
ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
<Location /munin-cgi/munin-cgi-graph>
Options +ExecCGI
Require all denied
Include /etc/apache2/ipaddr_whitelist.conf
</Location>
# For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence.
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory /usr/lib/cgi-bin>
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Require all denied
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
CustomLog /var/log/apache2/access.log vhost_combined
ErrorLog /var/log/apache2/error.log
LogLevel warn
<IfModule mod_ssl.c>
RewriteEngine on
# Redirect to HTTPS, execpt for munin, because some plugins
# can't handle HTTPS! :(
RewriteCond %{REQUEST_URI} !^/.well-known.*$ [NC] [OR]
RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC] [OR]
RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC]
RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent]
</IfModule>
<Location /munin_opcache.php>
Require local
</Location>
<IfModule mod_status.c>
<Location /server-status-{{ apache_serverstatus_suffix | mandatory }}>
SetHandler server-status
include /etc/apache2/ipaddr_whitelist.conf
Require local
</Location>
</IfModule>
<IfModule security2_module>
SecRuleEngine Off
</IfModule>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName {{ ansible_fqdn }}
#ServerAlias {{ ansible_fqdn }}
DocumentRoot /var/www/
# We override these 2 Directory directives setted in apache2.conf.
# We want no access except from allowed IP address.
<Directory />
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
<Directory /var/www/>
Options -Indexes
Require all denied
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
SSLEngine on
SSLCertificateFile {{ apache_evolinux_default_ssl_cert }}
SSLCertificateKeyFile {{ apache_evolinux_default_ssl_key }}
# Munin. We need to set Directory directive as Alias take precedence.
Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/>
Require all denied
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
<Directory /usr/lib/munin/cgi/>
Options -Indexes
Require all denied
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
# For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence.
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory /usr/lib/cgi-bin>
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Require all denied
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
<Location /munin-cgi/munin-cgi-graph>
Options +ExecCGI
<IfModule mod_fcgid.c>
SetHandler fcgid-script
</IfModule>
Require all denied
Include /etc/apache2/ipaddr_whitelist.conf
</Location>
# BEGIN phpMyAdmin section
# END phpMyAdmin section
CustomLog /var/log/apache2/access.log vhost_combined
ErrorLog /var/log/apache2/error.log
LogLevel warn
<IfModule mod_status.c>
<Location /server-status-{{ apache_serverstatus_suffix | mandatory }}>
SetHandler server-status
include /etc/apache2/ipaddr_whitelist.conf
Require local
</Location>
</IfModule>
<IfModule security2_module>
SecRuleEngine Off
</IfModule>
</VirtualHost>
</IfModule>
Reference in New Issue View Git Blame Copy Permalink