Update carto stylesheet to v4.20.0

[chef.git] / cookbooks / wordpress / templates / default / apache.erb

diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb
index 90adc23a29c6ae908af45fdb3a9b36d3ed3aed28..34c25059d659cd84db200dd2e853377a7459ba8a 100644 (file)
--- a/cookbooks/wordpress/templates/default/apache.erb
+++ b/cookbooks/wordpress/templates/default/apache.erb
@@ -11,30 +11,33 @@
   CustomLog /var/log/apache2/<%= @name %>-access.log combined
   ErrorLog /var/log/apache2/<%= @name %>-error.log
 
   CustomLog /var/log/apache2/<%= @name %>-access.log combined
   ErrorLog /var/log/apache2/<%= @name %>-error.log
 

+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+  RedirectPermanent / https://<%= @name %>/
+</VirtualHost>

 
 

-<% if @ssl_enabled -%>
-    RedirectPermanent / https://<%= @name %>/
-  </VirtualHost>
-  <VirtualHost *:443>
-    ServerName <%= @name %>
-  <% @aliases.each do |alias_name| -%>
-    ServerAlias <%= alias_name %>
-  <% end -%>
+<VirtualHost *:443>
+  ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+  ServerAlias <%= alias_name %>

 
 

-    ServerAdmin webmaster@openstreetmap.org
+  ServerAdmin webmaster@openstreetmap.org

 
 

-    #
-    # Enable SSL
-    #
-    SSLEngine on
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key

 
 

-    CustomLog /var/log/apache2/<%= @name %>-access.log combined
-    ErrorLog /var/log/apache2/<%= @name %>-error.log
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log

 <% end -%>
 
   DocumentRoot <%= @directory %>
 <% @urls.each do |url,directory| -%>
   Alias <%= url %> <%= directory %>
 <% end -%>
 
   DocumentRoot <%= @directory %>
 <% @urls.each do |url,directory| -%>
   Alias <%= url %> <%= directory %>

+  <Directory <%= directory %>>
+    AllowOverride None
+    php_admin_flag engine off
+    Require all granted
+  </Directory>

 <% end -%>
 
   php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
 <% end -%>
 
   php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/


@@ -50,15 +53,19 @@
     RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
     RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
     RewriteRule ^wp-includes/theme-compat/ - [F,L]
     RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
     RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
     RewriteRule ^wp-includes/theme-compat/ - [F,L]

+    RewriteRule ^readme\.html$ [F,L]

     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteRule . /index.php [L]
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteRule . /index.php [L]

+

     Options -Indexes
     Options -Indexes

+    AllowOverride AuthConfig
+
+    Require all granted

   </Directory>
 
   <Files <%= @directory %>/wp-config.php>
   </Directory>
 
   <Files <%= @directory %>/wp-config.php>

-    Order allow,deny
-    Deny from all
+    Require all denied

   </Files>
 
   <Directory <%= @directory %>/uploads>
   </Files>
 
   <Directory <%= @directory %>/uploads>


@@ -68,17 +75,18 @@
   </Directory>
 
   <Directory ~ "\.svn">
   </Directory>
 
   <Directory ~ "\.svn">

-    Order allow,deny
-    Deny from all
+    Require all denied

   </Directory>
 
   <Directory ~ "\.git">
   </Directory>
 
   <Directory ~ "\.git">

-    Order allow,deny
-    Deny from all
+    Require all denied

   </Directory>
 
   </Directory>
 

+  <Files ~ "\.(txt|md)$">
+    Require all denied
+  </Files>
+

   <Files ~ "~$">
   <Files ~ "~$">

-    Order allow,deny
-    Deny from all
+    Require all denied

   </Files>
 </VirtualHost>
   </Files>
 </VirtualHost>