X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/360b1a78d4679e022c130e8c05ffffd1547dd7d9..38354834734e621082397dd448034c284f9127c7:/cookbooks/wordpress/templates/default/apache.erb diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb index 997b44322..9b6917982 100644 --- a/cookbooks/wordpress/templates/default/apache.erb +++ b/cookbooks/wordpress/templates/default/apache.erb @@ -11,7 +11,7 @@ CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log -<% if @ssl_enabled -%> + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ RedirectPermanent / https://<%= @name %>/ @@ -19,14 +19,12 @@ ServerName <%= @name %> <% @aliases.each do |alias_name| -%> ServerAlias <%= alias_name %> -<% end -%> ServerAdmin webmaster@openstreetmap.org - # - # Enable SSL - # SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log @@ -35,12 +33,17 @@ DocumentRoot <%= @directory %> <% @urls.each do |url,directory| -%> Alias <%= url %> <%= directory %> + > + AllowOverride None + Require all granted + + SetHandler None + + <% end -%> - php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/ - php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open" - php_value upload_max_filesize 70M - php_value post_max_size 100M + ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir=<%= @directory %>/:/usr/share/php/:/tmp/\ndisable_functions=exec,shell_exec,system,passthru,popen" + ProxyFCGISetEnvIf "true" PHP_VALUE "upload_max_filesize=70M\npost_max_size=100M" > RewriteEngine on @@ -50,35 +53,42 @@ RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] + RewriteRule ^readme\.html$ [F,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] + Options -Indexes + AllowOverride AuthConfig + + Require all granted /wp-config.php> - Order allow,deny - Deny from all + Require all denied /uploads> AllowOverride None AddType text/plain .html .htm .shtml - php_admin_flag engine off + + SetHandler None + - Order allow,deny - Deny from all + Require all denied - Order allow,deny - Deny from all + Require all denied + + Require all denied + + - Order allow,deny - Deny from all + Require all denied