X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/93088ecf5f09c8d7383fccd4aa06fcf44cb4691a..4a28b22933f02eb559f70e228e6de5086d62db68:/cookbooks/wordpress/templates/default/apache.erb?ds=inline diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb index 90adc23a2..34c25059d 100644 --- a/cookbooks/wordpress/templates/default/apache.erb +++ b/cookbooks/wordpress/templates/default/apache.erb @@ -11,30 +11,33 @@ CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ + -<% if @ssl_enabled -%> - RedirectPermanent / https://<%= @name %>/ - - - ServerName <%= @name %> - <% @aliases.each do |alias_name| -%> - ServerAlias <%= alias_name %> - <% end -%> + + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> - ServerAdmin webmaster@openstreetmap.org + ServerAdmin webmaster@openstreetmap.org - # - # Enable SSL - # - SSLEngine on + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log <% end -%> DocumentRoot <%= @directory %> <% @urls.each do |url,directory| -%> Alias <%= url %> <%= directory %> + > + AllowOverride None + php_admin_flag engine off + Require all granted + <% end -%> php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/ @@ -50,15 +53,19 @@ RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] + RewriteRule ^readme\.html$ [F,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] + Options -Indexes + AllowOverride AuthConfig + + Require all granted /wp-config.php> - Order allow,deny - Deny from all + Require all denied /uploads> @@ -68,17 +75,18 @@ - Order allow,deny - Deny from all + Require all denied - Order allow,deny - Deny from all + Require all denied + + Require all denied + + - Order allow,deny - Deny from all + Require all denied