CustomLog /var/log/apache2/<%= @name %>-access.log combined
ErrorLog /var/log/apache2/<%= @name %>-error.log
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+ RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
-<% if @ssl_enabled -%>
- RedirectPermanent / https://<%= @name %>/
- </VirtualHost>
- <VirtualHost *:443>
- ServerName <%= @name %>
- <% @aliases.each do |alias_name| -%>
- ServerAlias <%= alias_name %>
- <% end -%>
+<VirtualHost *:443>
+ ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
- ServerAdmin webmaster@openstreetmap.org
+ ServerAdmin webmaster@openstreetmap.org
- #
- # Enable SSL
- #
- SSLEngine on
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
<% end -%>
DocumentRoot <%= @directory %>
<% @urls.each do |url,directory| -%>
Alias <%= url %> <%= directory %>
+ <Directory <%= directory %>>
+ AllowOverride None
+ Require all granted
+ <FilesMatch ".+\.ph(ar|p|tml)$">
+ SetHandler None
+ </FilesMatch>
+ </Directory>
<% end -%>
- php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
- php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
- php_value upload_max_filesize 70M
- php_value post_max_size 100M
-
<Directory <%= @directory %>>
RewriteEngine on
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
+ RewriteRule ^readme\.html$ [F,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
+
Options -Indexes
+ AllowOverride AuthConfig
+
+ Require all granted
+
+ <FilesMatch ".+\.ph(ar|p|tml)$">
+ SetHandler "proxy:unix:/run/php/<%= @name %>.sock|fcgi://127.0.0.1"
+ </FilesMatch>
</Directory>
<Files <%= @directory %>/wp-config.php>
- Order allow,deny
- Deny from all
+ Require all denied
</Files>
<Directory <%= @directory %>/uploads>
AllowOverride None
AddType text/plain .html .htm .shtml
- php_admin_flag engine off
+ <FilesMatch ".+\.ph(ar|p|tml)$">
+ SetHandler None
+ </FilesMatch>
</Directory>
<Directory ~ "\.svn">
- Order allow,deny
- Deny from all
+ Require all denied
</Directory>
<Directory ~ "\.git">
- Order allow,deny
- Deny from all
+ Require all denied
</Directory>
+ <Files ~ "\.(txt|md)$">
+ Require all denied
+ </Files>
+
<Files ~ "~$">
- Order allow,deny
- Deny from all
+ Require all denied
</Files>
</VirtualHost>