Enable proc_open

[chef.git] / cookbooks / wordpress / templates / default / apache.erb

diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb
index 3695fc2b7ead29c975a23ad467dfe9447883f60b..9b691798203ed299d64bb6c7b4d2932864a6b015 100644 (file)
--- a/cookbooks/wordpress/templates/default/apache.erb
+++ b/cookbooks/wordpress/templates/default/apache.erb
@@ -11,7 +11,7 @@
   CustomLog /var/log/apache2/<%= @name %>-access.log combined
   ErrorLog /var/log/apache2/<%= @name %>-error.log
 
   CustomLog /var/log/apache2/<%= @name %>-access.log combined
   ErrorLog /var/log/apache2/<%= @name %>-error.log
 

-<% if @ssl_enabled -%>
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/

   RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
 
   RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
 


@@ -19,14 +19,12 @@
   ServerName <%= @name %>
 <% @aliases.each do |alias_name| -%>
   ServerAlias <%= alias_name %>
   ServerName <%= @name %>
 <% @aliases.each do |alias_name| -%>
   ServerAlias <%= alias_name %>

-<% end -%>

 
   ServerAdmin webmaster@openstreetmap.org
 
 
   ServerAdmin webmaster@openstreetmap.org
 

-  #
-  # Enable SSL
-  #

   SSLEngine on
   SSLEngine on

+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key

 
   CustomLog /var/log/apache2/<%= @name %>-access.log combined
   ErrorLog /var/log/apache2/<%= @name %>-error.log
 
   CustomLog /var/log/apache2/<%= @name %>-access.log combined
   ErrorLog /var/log/apache2/<%= @name %>-error.log


@@ -35,12 +33,17 @@
   DocumentRoot <%= @directory %>
 <% @urls.each do |url,directory| -%>
   Alias <%= url %> <%= directory %>
   DocumentRoot <%= @directory %>
 <% @urls.each do |url,directory| -%>
   Alias <%= url %> <%= directory %>

+  <Directory <%= directory %>>
+    AllowOverride None
+    Require all granted
+    <FilesMatch ".+\.ph(ar|p|tml)$">
+      SetHandler None
+    </FilesMatch>
+  </Directory>

 <% end -%>
 
 <% end -%>
 

-  php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
-  php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
-  php_value upload_max_filesize 70M
-  php_value post_max_size 100M
+  ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir=<%= @directory %>/:/usr/share/php/:/tmp/\ndisable_functions=exec,shell_exec,system,passthru,popen"
+  ProxyFCGISetEnvIf "true" PHP_VALUE "upload_max_filesize=70M\npost_max_size=100M"

 
   <Directory <%= @directory %>>
     RewriteEngine on
 
   <Directory <%= @directory %>>
     RewriteEngine on


@@ -50,11 +53,13 @@
     RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
     RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
     RewriteRule ^wp-includes/theme-compat/ - [F,L]
     RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
     RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
     RewriteRule ^wp-includes/theme-compat/ - [F,L]

+    RewriteRule ^readme\.html$ [F,L]

     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteRule . /index.php [L]
 
     Options -Indexes
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteRule . /index.php [L]
 
     Options -Indexes

+    AllowOverride AuthConfig

 
     Require all granted
   </Directory>
 
     Require all granted
   </Directory>


@@ -66,7 +71,9 @@
   <Directory <%= @directory %>/uploads>
     AllowOverride None
     AddType text/plain .html .htm .shtml
   <Directory <%= @directory %>/uploads>
     AllowOverride None
     AddType text/plain .html .htm .shtml

-    php_admin_flag engine off
+    <FilesMatch ".+\.ph(ar|p|tml)$">
+      SetHandler None
+    </FilesMatch>

   </Directory>
 
   <Directory ~ "\.svn">
   </Directory>
 
   <Directory ~ "\.svn">


@@ -77,6 +84,10 @@
     Require all denied
   </Directory>
 
     Require all denied
   </Directory>
 

+  <Files ~ "\.(txt|md)$">
+    Require all denied
+  </Files>
+

   <Files ~ "~$">
     Require all denied
   </Files>
   <Files ~ "~$">
     Require all denied
   </Files>