X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/1952990836d6687ed4030bb95ca5f9e535eaf61f..11fdeeaa56975b200a46cc3ee7124e529621fba9:/cookbooks/wordpress/templates/default/apache.erb?ds=inline
diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb
index b62705100..b15ec55d9 100644
--- a/cookbooks/wordpress/templates/default/apache.erb
+++ b/cookbooks/wordpress/templates/default/apache.erb
@@ -8,48 +8,57 @@
ServerAdmin webmaster@openstreetmap.org
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended
ErrorLog /var/log/apache2/<%= @name %>-error.log
-<% if @ssl_enabled -%>
RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
RedirectPermanent / https://<%= @name %>/
+<% unless @aliases.empty? -%>
- ServerName <%= @name %>
-<% @aliases.each do |alias_name| -%>
+ ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
ServerAlias <%= alias_name %>
<% end -%>
ServerAdmin webmaster@openstreetmap.org
- #
- # Enable SSL
- #
SSLEngine on
-<% if @ssl_certificate -%>
- SSLCertificateFile /etc/ssl/certs/<%= @ssl_certificate %>.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @ssl_certificate %>.key
-<% end -%>
-<% if @ssl_certificate -%>
- SSLCertificateChainFile /etc/ssl/certs/<%= @ssl_certificate_chain %>.pem
-<% end -%>
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended
ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+ RedirectPermanent / https://<%= @name %>/
+
<% end -%>
+
+ ServerName <%= @name %>
+
+ ServerAdmin webmaster@openstreetmap.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
+
DocumentRoot <%= @directory %>
<% @urls.each do |url,directory| -%>
Alias <%= url %> <%= directory %>
+ >
+ AllowOverride None
+ Require all granted
+
+ SetHandler None
+
+
<% end -%>
- php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
- php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
- php_value upload_max_filesize 70M
- php_value post_max_size 100M
-
>
RewriteEngine on
@@ -59,6 +68,7 @@
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
RewriteRule ^readme\.html$ [F,L]
+ RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
@@ -67,6 +77,13 @@
AllowOverride AuthConfig
Require all granted
+
+ # https://www.wp-pay.org/http-authorization-header-missing/
+ CGIPassAuth on
+
+
+ SetHandler "proxy:unix:/run/php/php-<%= @name %>-fpm.sock|fcgi://127.0.0.1"
+
/wp-config.php>
@@ -76,7 +93,9 @@
/uploads>
AllowOverride None
AddType text/plain .html .htm .shtml
- php_admin_flag engine off
+
+ SetHandler None
+
@@ -87,11 +106,15 @@
Require all denied
-
+
Require all denied
Require all denied
+
+
+ Require all denied
+