X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/f1be9b31bb948deaf5b68e3a918fb4e24bb39895..11fdeeaa56975b200a46cc3ee7124e529621fba9:/cookbooks/wordpress/templates/default/apache.erb?ds=sidebyside diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb index 34c25059d..b15ec55d9 100644 --- a/cookbooks/wordpress/templates/default/apache.erb +++ b/cookbooks/wordpress/templates/default/apache.erb @@ -8,17 +8,19 @@ ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @name %>-access.log combined + CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended ErrorLog /var/log/apache2/<%= @name %>-error.log RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ RedirectPermanent / https://<%= @name %>/ +<% unless @aliases.empty? -%> - ServerName <%= @name %> -<% @aliases.each do |alias_name| -%> + ServerName <%= @aliases.first %> +<% @aliases.drop(1).each do |alias_name| -%> ServerAlias <%= alias_name %> +<% end -%> ServerAdmin webmaster@openstreetmap.org @@ -26,25 +28,37 @@ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - CustomLog /var/log/apache2/<%= @name %>-access.log combined + CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended ErrorLog /var/log/apache2/<%= @name %>-error.log + + RedirectPermanent / https://<%= @name %>/ + <% end -%> + + ServerName <%= @name %> + + ServerAdmin webmaster@openstreetmap.org + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended + ErrorLog /var/log/apache2/<%= @name %>-error.log + DocumentRoot <%= @directory %> <% @urls.each do |url,directory| -%> Alias <%= url %> <%= directory %> > AllowOverride None - php_admin_flag engine off Require all granted + + SetHandler None + <% end -%> - php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/ - php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open" - php_value upload_max_filesize 70M - php_value post_max_size 100M - > RewriteEngine on @@ -54,6 +68,7 @@ RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] RewriteRule ^readme\.html$ [F,L] + RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] @@ -62,6 +77,13 @@ AllowOverride AuthConfig Require all granted + + # https://www.wp-pay.org/http-authorization-header-missing/ + CGIPassAuth on + + + SetHandler "proxy:unix:/run/php/php-<%= @name %>-fpm.sock|fcgi://127.0.0.1" + /wp-config.php> @@ -71,7 +93,9 @@ /uploads> AllowOverride None AddType text/plain .html .htm .shtml - php_admin_flag engine off + + SetHandler None + @@ -82,11 +106,15 @@ Require all denied - + Require all denied Require all denied + + + Require all denied +