X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/360b1a78d4679e022c130e8c05ffffd1547dd7d9..38354834734e621082397dd448034c284f9127c7:/cookbooks/wordpress/templates/default/apache.erb
diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb
index 997b44322..9b6917982 100644
--- a/cookbooks/wordpress/templates/default/apache.erb
+++ b/cookbooks/wordpress/templates/default/apache.erb
@@ -11,7 +11,7 @@
CustomLog /var/log/apache2/<%= @name %>-access.log combined
ErrorLog /var/log/apache2/<%= @name %>-error.log
-<% if @ssl_enabled -%>
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
RedirectPermanent / https://<%= @name %>/
@@ -19,14 +19,12 @@
ServerName <%= @name %>
<% @aliases.each do |alias_name| -%>
ServerAlias <%= alias_name %>
-<% end -%>
ServerAdmin webmaster@openstreetmap.org
- #
- # Enable SSL
- #
SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
CustomLog /var/log/apache2/<%= @name %>-access.log combined
ErrorLog /var/log/apache2/<%= @name %>-error.log
@@ -35,12 +33,17 @@
DocumentRoot <%= @directory %>
<% @urls.each do |url,directory| -%>
Alias <%= url %> <%= directory %>
+ >
+ AllowOverride None
+ Require all granted
+
+ SetHandler None
+
+
<% end -%>
- php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
- php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
- php_value upload_max_filesize 70M
- php_value post_max_size 100M
+ ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir=<%= @directory %>/:/usr/share/php/:/tmp/\ndisable_functions=exec,shell_exec,system,passthru,popen"
+ ProxyFCGISetEnvIf "true" PHP_VALUE "upload_max_filesize=70M\npost_max_size=100M"
>
RewriteEngine on
@@ -50,35 +53,42 @@
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
+ RewriteRule ^readme\.html$ [F,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
+
Options -Indexes
+ AllowOverride AuthConfig
+
+ Require all granted
/wp-config.php>
- Order allow,deny
- Deny from all
+ Require all denied
/uploads>
AllowOverride None
AddType text/plain .html .htm .shtml
- php_admin_flag engine off
+
+ SetHandler None
+
- Order allow,deny
- Deny from all
+ Require all denied
- Order allow,deny
- Deny from all
+ Require all denied
+
+ Require all denied
+
+
- Order allow,deny
- Deny from all
+ Require all denied