ServerAdmin webmaster@openstreetmap.org
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended
ErrorLog /var/log/apache2/<%= @name %>-error.log
RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
RedirectPermanent / https://<%= @name %>/
</VirtualHost>
+<% unless @aliases.empty? -%>
<VirtualHost *:443>
- ServerName <%= @name %>
-<% @aliases.each do |alias_name| -%>
+ ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
ServerAlias <%= alias_name %>
+<% end -%>
ServerAdmin webmaster@openstreetmap.org
SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended
ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+ RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
<% end -%>
+<VirtualHost *:443>
+ ServerName <%= @name %>
+
+ ServerAdmin webmaster@openstreetmap.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
+
DocumentRoot <%= @directory %>
<% @urls.each do |url,directory| -%>
Alias <%= url %> <%= directory %>
</Directory>
<% end -%>
- ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir=<%= @directory %>/:/usr/share/php/:/tmp/\ndisable_functions=exec,shell_exec,system,passthru,popen"
- ProxyFCGISetEnvIf "true" PHP_VALUE "upload_max_filesize=70M\npost_max_size=100M"
-
<Directory <%= @directory %>>
RewriteEngine on
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
RewriteRule ^readme\.html$ [F,L]
+ RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
AllowOverride AuthConfig
Require all granted
+
+ # https://www.wp-pay.org/http-authorization-header-missing/
+ CGIPassAuth on
+
+ <FilesMatch ".+\.ph(ar|p|tml)$">
+ SetHandler "proxy:unix:/run/php/php-<%= @name %>-fpm.sock|fcgi://127.0.0.1"
+ </FilesMatch>
</Directory>
<Files <%= @directory %>/wp-config.php>
Require all denied
</Directory>
- <Files ~ "\.(txt|md)$">
+ <Files ~ "(?<!robots|ads|security|humans)\.(txt|md)$">
Require all denied
</Files>
<Files ~ "~$">
Require all denied
</Files>
+
+ <Files "xmlrpc.php">
+ Require all denied
+ </Files>
</VirtualHost>