X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/85c89c0b9e5b66b5cc1ab2df52d614c27bc065a6..8ccf941a82940d016e9c68bdf0c29e190953c7f7:/cookbooks/forum/templates/default/apache.erb
diff --git a/cookbooks/forum/templates/default/apache.erb b/cookbooks/forum/templates/default/apache.erb
index 5d505363b..82942001b 100644
--- a/cookbooks/forum/templates/default/apache.erb
+++ b/cookbooks/forum/templates/default/apache.erb
@@ -8,6 +8,21 @@
CustomLog /var/log/apache2/forum.openstreetmap.org-access.log combined
ErrorLog /var/log/apache2/forum.openstreetmap.org-error.log
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+ RedirectPermanent / https://forum.openstreetmap.org/
+
+
+
+ ServerAlias forum.osm.org
+ ServerAdmin webmaster@openstreetmap.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/forum.openstreetmap.org.pem
+ SSLCertificateKeyFile /etc/ssl/private/forum.openstreetmap.org.key
+
+ CustomLog /var/log/apache2/forum.openstreetmap.org-access.log combined
+ ErrorLog /var/log/apache2/forum.openstreetmap.org-error.log
+
RedirectPermanent / https://forum.openstreetmap.org/
@@ -16,13 +31,29 @@
ServerAdmin webmaster@openstreetmap.org
SSLEngine on
- SSLProtocol all -SSLv2
- SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
- SSLCertificateFile /etc/ssl/certs/openstreetmap.pem
- SSLCertificateKeyFile /etc/ssl/private/openstreetmap.key
+ SSLCertificateFile /etc/ssl/certs/forum.openstreetmap.org.pem
+ SSLCertificateKeyFile /etc/ssl/private/forum.openstreetmap.org.key
CustomLog /var/log/apache2/forum.openstreetmap.org-access.log combined
ErrorLog /var/log/apache2/forum.openstreetmap.org-error.log
DocumentRoot /srv/forum.openstreetmap.org/html
+
+ ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir=/srv/forum.openstreetmap.org/html/:/usr/share/php/:/tmp/\ndisable_functions=exec,shell_exec,system,passthru,popen,proc_open"
+ ProxyFCGISetEnvIf "true" PHP_VALUE "upload_max_filesize=70M\npost_max_size=100M"
+
+
+ RewriteEngine on
+ RewriteRule ^config\.php$ - [F,L]
+
+ Options -Indexes
+
+ Require all granted
+
+
+
+
+ SetHandler None
+
+